railstutorial.org - Update Authorization (Ruby on Rails Tutorial) -

mike hart's tutorial on adding authorization presented below code (link original code listing) . why method update make call sign_in @user. seems redundant me before_filter :correct_user should guarantee client signed in because of current_user?(@user) in method correct_user.

class userscontroller < applicationcontroller   before_filter :signed_in_user, only: [:edit, :update]   before_filter :correct_user,   only: [:edit, :update]   .   .   .   def edit   end    def update     if @user.update_attributes(params[:user])       flash[:success] = "profile updated"       sign_in @user       redirect_to @user     else       render 'edit'     end   end   .   .   .   private      def signed_in_user       redirect_to signin_url, notice: "please sign in." unless signed_in?     end      def correct_user       @user = user.find(params[:id])       redirect_to(root_path) unless current_user?(@user)     end end 

because user forced update password when updating attributes, render current login invalid.