I have created an application with two different types of people that
may login: students and administrators. I have created a login that
redirects users that have logged in depending on their role (student
or administrator) to certain pages. How could I now disallow students
to simply change the URL and get to the administrator pages?
The only way that I could imagine now is to check in every action if
session[:me].role == “Administrator” and destroy the session in the
other case. Yet again I don’t know that much about Ruby on Rails yet
to know about a better way.
Thanks for thinking about it!