Filters enable controllers to run shared pre- and post-processing code for its actions. These filters can be used to do authentication, caching, or auditing before the intended action is performed. Or to do localization or output compression after the action has been performed. Filters have access to the request, response, and all the instance variables set by other filters in the chain or by the action (in the case of after filters).

Filter inheritance

Controller inheritance hierarchies share filters downwards, but subclasses can also add or skip filters without affecting the superclass. For example:

  class BankController < ActionController::Base
    before_filter :audit

      def audit
        # record the action and parameters in an audit log

  class VaultController < BankController
    before_filter :verify_credentials

      def verify_credentials
        # make sure the user is allowed into the vault

Now any actions performed on the BankController will have the audit method called before. On the VaultController, first the audit method is called, then the verify_credentials method. If the audit method renders or redirects, then verify_credentials and the intended action are never called.

Filter types

A filter can take one of three forms: method reference (symbol), external class, or inline method (proc). The first is the most common and works by referencing a protected or private method somewhere in the inheritance hierarchy of the controller by use of a symbol. In the bank example above, both BankController and VaultController use this form.

Using an external class makes for more easily reused generic filters, such as output compression. External filter classes are implemented by having a static filter method on any class and then passing this class to the filter method. Example:

  class OutputCompressionFilter
    def self.filter(controller)
      controller.response.body = compress(controller.response.body)

  class NewspaperController < ActionController::Base
    after_filter OutputCompressionFilter

The filter method is passed the controller instance and is hence granted access to all aspects of the controller and can manipulate them as it sees fit.

The inline method (using a proc) can be used to quickly do something small that doesn’t require a lot of explanation. Or just as a quick test. It works like this:

  class WeblogController < ActionController::Base
    before_filter { |controller| head(400) if controller.params["stop_action"] }

As you can see, the block expects to be passed the controller after it has assigned the request to the internal variables. This means that the block has access to both the request and response objects complete with convenience methods for params, session, template, and assigns. Note: The inline method doesn’t strictly have to be a block; any object that responds to call and returns 1 or -1 on arity will do (such as a Proc or an Method object).

Please note that around_filters function a little differently than the normal before and after filters with regard to filter types. Please see the section dedicated to around_filters below.

Filter chain ordering

Using before_filter and after_filter appends the specified filters to the existing chain. That’s usually just fine, but some times you care more about the order in which the filters are executed. When that’s the case, you can use prepend_before_filter and prepend_after_filter. Filters added by these methods will be put at the beginning of their respective chain and executed before the rest. For example:

  class ShoppingController < ActionController::Base
    before_filter :verify_open_shop

  class CheckoutController < ShoppingController
    prepend_before_filter :ensure_items_in_cart, :ensure_items_in_stock

The filter chain for the CheckoutController is now :ensure_items_in_cart, :ensure_items_in_stock, :verify_open_shop. So if either of the ensure filters renders or redirects, we’ll never get around to see if the shop is open or not.

You may pass multiple filter arguments of each type as well as a filter block. If a block is given, it is treated as the last argument.

Around filters

Around filters wrap an action, executing code both before and after. They may be declared as method references, blocks, or objects responding to #filter or to both #before and #after.

To use a method as an around_filter, pass a symbol naming the Ruby method. Yield (or block.call) within the method to run the action.

  around_filter :catch_exceptions

    def catch_exceptions
    rescue => exception
      logger.debug "Caught exception! #{exception}"

To use a block as an around_filter, pass a block taking as args both the controller and the action block. You can’t call yield directly from an around_filter block; explicitly call the action block instead:

  around_filter do |controller, action|
    logger.debug "before #{controller.action_name}"
    logger.debug "after #{controller.action_name}"

To use a filter object with around_filter, pass an object responding to :filter or both :before and :after. With a filter method, yield to the block as above:

  around_filter BenchmarkingFilter

  class BenchmarkingFilter
    def self.filter(controller, &block)

With before and after methods:

  around_filter Authorizer.new

  class Authorizer
    # This will run before the action. Redirecting aborts the action.
    def before(controller)
      unless user.authorized?

    # This will run after the action if and only if before did not render or redirect.
    def after(controller)

If the filter has before and after methods, the before method will be called before the action. If before renders or redirects, the filter chain is halted and after will not be run. See <a href="/rails/ActionController/Filters/ClassMethods/Filter">Filter</a> Chain Halting below for an example.

Filter chain skipping

Declaring a filter on a base class conveniently applies to its subclasses, but sometimes a subclass should skip some of its superclass’ filters:

  class ApplicationController < ActionController::Base
    before_filter :authenticate
    around_filter :catch_exceptions

  class WeblogController < ApplicationController
    # Will run the :authenticate and :catch_exceptions filters.

  class SignupController < ApplicationController
    # Skip :authenticate, run :catch_exceptions.
    skip_before_filter :authenticate

  class ProjectsController < ApplicationController
    # Skip :catch_exceptions, run :authenticate.
    skip_filter :catch_exceptions

  class ClientsController < ApplicationController
    # Skip :catch_exceptions and :authenticate unless action is index.
    skip_filter :catch_exceptions, :authenticate, :except => :index

Filter conditions

Filters may be limited to specific actions by declaring the actions to include or exclude. Both options accept single actions (:only => :index) or arrays of actions (:except => [:foo, :bar]).

  class Journal < ActionController::Base
    # Require authentication for edit and delete.
    before_filter :authorize, :only => [:edit, :delete]

    # Passing options to a filter with a block.
    around_filter(:except => :index) do |controller, action_block|
      results = Profiler.run(&action_block)
      controller.response.sub! "</body>", "#{results}</body>"

      def authorize
        # Redirect to login unless authenticated.

<a href="/rails/ActionController/Filters/ClassMethods/Filter">Filter</a> Chain Halting

before_filter and around_filter may halt the request before a controller action is run. This is useful, for example, to deny access to unauthenticated users or to redirect from http to https. Simply call render or redirect. After filters will not be executed if the filter chain is halted.

Around filters halt the request unless the action block is called. Given these filters

  after_filter :after
  around_filter :around
  before_filter :before

The filter chain will look like:

  .      #   .  #around (code before yield)
  .  .       #   .  .  #before (actual filter code is run)
  .  .  .       #   .  .  .  execute controller action
  .  .  .  /
  .  .  ...
  .  .  /
  .  #around (code after yield)
  . /
  #after (actual filter code is run, unless the around filter does not yield)

If #around returns before yielding, #after will still not be run. The #before filter and controller action will not be run. If #before renders or redirects, the second half of #around and will still run but #after and the action will not. If #around fails to yield, #after will not be run.

Show files where this module is defined (1 file)
Register or log in to add new notes.