I have two before_filters for a few of my controllers. They are running
my own methods authorize and admin_authorize. authorize is called on
just about every action to make sure that a user is logged in.
admin_authorize is called on about 80% of the actions and is used to
make sure that a user is an administrator. If a user tries to access an
admin_authorize protected action without being logged in then both
authorize and admin_authorize trigger and both have redirects in them.
This if course makes rails complain about two renders when only one is
allowed. Is there a way that I can make authorize skip
admin_authorize? Or will I have to go through and pick only one method
to be before_filtered for each action?
def authorize #inspired by rails recipes
flash[:notice] = “Please log in”
session[:intended_action] = action_name
session[:intended_controller] = controller_name
session[:intended_id] = params[:id] || nil
redirect_to(:controller => “account”, :action => “login”)
unless session[:user] && User.find(session[:user]).admin?
redirect_to :controller=> “groups”, :action => “index”