before_filter :authenticate_user!, except: [:index] / Rails 4

Question

I Have a Listings Controller (Devise User System) and in Rails 3 i just used

before_filter :authenticate_user!, except: [:index] 

to check if a user was signed in before viewing a specific listing.

My Homepage (Index) shows at the bottom a view Listings, the User is able to see them, but as soon as he clicks on one to view it he is redirected to the Login Page.

That's why in my controller i had instead of

Listing.new -> current_user.listings.new 

In Rails 4 things seems to have changed and i cant find the right way to do it.

I searched a little bit and found that the command was changed to

before_action :authenticate_user!, :except => [:index] 

A Guest can view now the Index but if he clicks on a Listing, he is not redirected to the login page, instead i get this error.

NoMethodError in ListingsController#show undefined method `listings' for nil:NilClass  # Use callbacks to share common setup or constraints between actions. def set_listing         @listing = current_user.listings.find(params[:id]) end  # Never trust parameters from the scary internet, only allow the white list through. 

My Listings Controller

class ListingsController < ApplicationController   before_action :set_listing, only: [:show, :edit, :update, :destroy]     before_action :authenticate_user!, :except => [:index]    # GET /listings   # GET /listings.json   def index     @listings = Listing.order("created_at desc")   end    # GET /listings/1   # GET /listings/1.json   def show   end    # GET /listings/new   def new         @listing = current_user.listings.build   end    # GET /listings/1/edit   def edit   end    # POST /listings   # POST /listings.json   def create         @listing = current_user.listings.build(listing_params)      respond_to do |format|       if @listing.save         format.html { redirect_to @listing, notice: 'Listing was successfully created.' }         format.json { render action: 'show', status: :created, location: @listing }       else         format.html { render action: 'new' }         format.json { render json: @listing.errors, status: :unprocessable_entity }       end     end   end    # PATCH/PUT /listings/1   # PATCH/PUT /listings/1.json   def update     respond_to do |format|       if @listing.update(listing_params)         format.html { redirect_to @listing, notice: 'Listing was successfully updated.' }         format.json { head :no_content }       else         format.html { render action: 'edit' }         format.json { render json: @listing.errors, status: :unprocessable_entity }       end     end   end    # DELETE /listings/1   # DELETE /listings/1.json   def destroy     @listing.destroy     respond_to do |format|       format.html { redirect_to listings_url }       format.json { head :no_content }     end   end    private     # Use callbacks to share common setup or constraints between actions.     def set_listing             @listing = current_user.listings.find(params[:id])     end      # Never trust parameters from the scary internet, only allow the white list through.     def listing_params       params.require(:listing).permit(:title, :description, :image)     end end 

EDIT: PROBLEM 2

If another Logged in User tries to view a listing which another User created im getting this ->

and the log

Answer 1

Call authenticate_user before set_listing, so that current_user is not nil

before_action :authenticate_user!, :except => [:index] before_action :set_listing, only: [:show, :edit, :update, :destroy]