I have created a ‘admin’ controller and all the necessary definitions
and templates to delete, update and edit records and this is working OK,
but how do I effectively restrict access to these defs’ from all but the
admin user (called admin)?
Currently I am just using if statements within the defs’ to check if it
is the admin user logged in e.g;
if (@session[:user].login == ‘admin’)
but this produces horrible error messages if accidentally navigated to.
Is there a cleaner way of doing this?
Thanks in advance. Alex.