Filters in Rails

Filters enable controllers to run shared pre and post processing code for its actions. These
filters can be used to do authentication, caching, or auditing before the intended action
is performed. Filter declarations are macro style class methods, that is, they appear at
the top of your controller method, inside the class context, before method definitions.
We also leave off the parentheses around the method arguments, to emphasize their
declarative nature, like this:

before_filter :require_authentication

As with many other macro-style methods in Rails, you can pass as many symbols as you
want to the filter method:

before_filter :security_scan, :audit, :compress

 

Or you can break them out into separate lines, like this:

before_filter :security_scan
before_filter :audit
before_filter :compress

In contrast to the somewhat similar callback methods of Active Record, you can’t im-
plement a filter method on a controller by adding a method named before_filter or
after_filter.
You should make your filter methods protected or private; otherwise, they might
be callable as public actions on your controller (via the default route).

Importantly, filters have access to request, response, and all the instance variables
set by other filters in the chain or by the action (in the case of after filters). Filters can
set instance variables to be used by the requested action, and often do so.