Hello everyone,
I want to add authorization to my Rails app. As I am using devise for
authentication, so I add an admin field to User model.
class User
…
field :admin, :type => Boolean, :default => false
…
end
In the controller, I add a method like this:
class ApplicationController < ActionController::Base
…
private
def authenticate_admin
if current_user
return current_user.admin?
end
end
end
In the admin namespace controller:
class Admin::HomeController < ApplicationController
before_filter :authenticate_admin
…
end
But it didn’t work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?
Thanks!
On May 25, 3:32pm, Tomato [email protected] wrote:
class Admin::HomeController < ApplicationController
before_filter :authenticate_admin
…
end
But it didn’t work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?
Not familiar with devise, but your before filter isn’t actually doing
anything. If the user isn’t an admin then you probably want to
redirect them to a login page or show an ‘access denied’ template
Fred
Thank you very much! It works!
On May 25, 11:07am, Frederick C. [email protected]
You may also use a specific Admin model and authentication scheme with
Devise, I found it easier to manage specific admin tasks not related
to web site pages for users
devise_for :users, :controllers => { :sessions => "users/
sessions", :passwords => “users/passwords”, :registrations => “users/
registrations”, :confirmations => “users/confirmations”, :unlocks =>
“users/unlocks” } do
…t
end
devise_for :admins, :controllers => { :sessions => “admins/
sessions”, :passwords => “admins/passwords”, :registrations => “admins/
registrations” }
and you need in your controllers :
before_filter :authenticate_admin!
I have both and I use Cancan ( abilities based on roles in each
area)
I have considered both ways you mentioned, but it seems not necessary
to use such methods as it is just a little app.
Maybe I will use cancan in the future when necessary.
Thank you anyway!