I haven't gone through this video, but I'm assuming that they're using devise with it.
The easiest, and probably the best is to do it globally throughout the system ( if everything needs to be authenticated ). Sometimes i'll have open routes and authenticated routes, in which case i'll have my main application_controller being open, then i'll have another application_controller elsewhere, that inherits from the main, and includes the code below.
Such as in your
application_controller.rb like so:
class ApplicationController < ActionController::Base
protect_from_forgery with: exception
redirect_to root_path, alert: "you must be logged in to do that"
but, don't forget your spec for it, because tests are important!