Rails Filters

Rails filters are methods that run before or after a controller's action method is executed. They are helpful when you want to ensure that a given block of code runs with whatever action method is called.

Rails support three types of filter methods:

  • Before filters
  • After filters
  • Around filters

Before Filters

Rails before filters are executed before the code in action controller is executed. The before filters are defined at the top of a controller class that calls them. To set it up, you need to call before_filter method.

Example:

In this example, method verify_password is applied as a before filter. Before any action method will be called, verify_password method is called.


After Filters

Rails after filters are executed after the code in action controller is executed. Just like before filters, after filters are also defined at the top of a controller class that calls them. To set it up, you need to call after_filter method.

Example:

In this example, method resize_photo is applied as an after filter.


Around Filters

Rails around filters contain codes that are executed both before and after controller's code is executed. They are generally used when you need both before and after filter. Its implementation is little bit different and more complex than other two filters. It is generally defined by a common class which contains both before and after methods.

Example:

In the ActionLogger class, before method captures time an action is started and after method captures time an action completes, the elapsed time.

Let us see how ActionLogger class works as an around filter. In your controller class, simply add around_filter method and pass an instance of ActionLogger as a parameter.


Protecting Filter Methods

Any method in your controller class can be routed from a browser. It is done through its ability to protect methods within a class. All Ruby methods have one of these protection levels.

  • Public: These methods are accessible from any external class or method that uses the same class in which they are defined.
  • Protected: These methods are accessible only within the class in which they are defined and in the classes that inherit from the class in which they are defined.
  • Private: These methods are only accessible within the class in which they are defined.

By default, methods are always public. Means any external class or method can access them. To define protection level, you can declare methods by putting a protected or private keyword before the methods that you want to protect.

Note: Protected and private methods are not routable from the browser.

Exmaple:

In the above example, there is one protected method and two private methods. In the User class, the user_identity method is made a private method. Only other methods within User class can call it. The sign_in method can be called only by methods within User class or classes that are inherited from User class.