Authorization problem

Hello everyone,

I want to add authorization to my Rails app. As I am using devise for
authentication, so I add an admin field to User model.

class User

field :admin, :type => Boolean, :default => false

end

In the controller, I add a method like this:

class ApplicationController < ActionController::Base

private
def authenticate_admin
if current_user
return current_user.admin?
end
end
end

In the admin namespace controller:

class Admin::HomeController < ApplicationController
before_filter :authenticate_admin

end

But it didn’t work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?

Thanks!

On May 25, 3:32pm, Tomato [email protected] wrote:

class Admin::HomeController < ApplicationController
before_filter :authenticate_admin

end

But it didn’t work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?

Not familiar with devise, but your before filter isn’t actually doing
anything. If the user isn’t an admin then you probably want to
redirect them to a login page or show an ‘access denied’ template

Fred

Thank you very much! It works!

On May 25, 11:07am, Frederick C. [email protected]

You may also use a specific Admin model and authentication scheme with
Devise, I found it easier to manage specific admin tasks not related
to web site pages for users

devise_for :users, :controllers => { :sessions => "users/

sessions", :passwords => “users/passwords”, :registrations => “users/
registrations”, :confirmations => “users/confirmations”, :unlocks =>
“users/unlocks” } do
…t
end
devise_for :admins, :controllers => { :sessions => “admins/
sessions”, :passwords => “admins/passwords”, :registrations => “admins/
registrations” }

and you need in your controllers :

before_filter :authenticate_admin!

I have both and I use Cancan ( abilities based on roles in each
area)

I have considered both ways you mentioned, but it seems not necessary
to use such methods as it is just a little app.

Maybe I will use cancan in the future when necessary.

Thank you anyway!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs