Filters enable controllers to run shared pre and post processing code for its actions. These
filters can be used to do authentication, caching, or auditing before the intended action
is performed. Filter declarations are macro style class methods, that is, they appear at
the top of your controller method, inside the class context, before method definitions.
We also leave off the parentheses around the method arguments, to emphasize their
declarative nature, like this:
As with many other macro-style methods in Rails, you can pass as many symbols as you
want to the filter method:
before_filter :security_scan, :audit, :compress
Or you can break them out into separate lines, like this:
In contrast to the somewhat similar callback methods of Active Record, you can’t im-
plement a filter method on a controller by adding a method named before_filter or
You should make your filter methods protected or private; otherwise, they might
be callable as public actions on your controller (via the default route).
Importantly, filters have access to request, response, and all the instance variables
set by other filters in the chain or by the action (in the case of after filters). Filters can
set instance variables to be used by the requested action, and often do so.