Rails filters are methods that run before or after a controller's action method is executed. They are helpful when you want to ensure that a given block of code runs with whatever action method is called.
Rails support three types of filter methods:
Rails before filters are executed before the code in action controller is executed. The before filters are defined at the top of a controller class that calls them. To set it up, you need to call before_filter method.
In this example, method verify_password is applied as a before filter. Before any action method will be called, verify_password method is called.
Rails after filters are executed after the code in action controller is executed. Just like before filters, after filters are also defined at the top of a controller class that calls them. To set it up, you need to call after_filter method.
In this example, method resize_photo is applied as an after filter.
Rails around filters contain codes that are executed both before and after controller's code is executed. They are generally used when you need both before and after filter. Its implementation is little bit different and more complex than other two filters. It is generally defined by a common class which contains both before and after methods.
In the ActionLogger class, before method captures time an action is started and after method captures time an action completes, the elapsed time.
Let us see how ActionLogger class works as an around filter. In your controller class, simply add around_filter method and pass an instance of ActionLogger as a parameter.
Protecting Filter Methods
Any method in your controller class can be routed from a browser. It is done through its ability to protect methods within a class. All Ruby methods have one of these protection levels.
By default, methods are always public. Means any external class or method can access them. To define protection level, you can declare methods by putting a protected or private keyword before the methods that you want to protect.
Note: Protected and private methods are not routable from the browser.
In the above example, there is one protected method and two private methods. In the User class, the user_identity method is made a private method. Only other methods within User class can call it. The sign_in method can be called only by methods within User class or classes that are inherited from User class.