Is there a way to lock down the site other than via basic auth? I’m using it for a project with a private company and we want to keep all access within the company.

Thanks Jamie

The authentication comes from Beast. I don’t know that Beast allows no public view of the data. Options would be basic auth, or a intranet with something like VPN access.

It probably wouldn’t be hard to add a pre-filter to ApplicationController that always requires authentication for all content.

In the short term I just setup digest auth with the same username passwords that the users have for svn access. That’ll probably be fine for our purposes.

This is pretty simple – i went through and used the :login_required filter on the controllers and restricted access so that all content requires login (which is what i wanted)

I also removed the signup option as i don’t want just anybody signing up – longer term i’ll come up with an admin side function for me to add users, at the moment i create them through the console.

I also hide some functionality so that only the admins can see it (such as changes) – this is done using the admin? function and :admin_required filter.