Forum: Ruby on Rails two different areas, one password

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
A11b23a986b042fc05fff4d4060eeaf3?d=identicon&s=25 ceicke (Guest)
on 2007-02-08 14:24
(Received via mailing list)

I have created an application with two different types of people that
may login: students and administrators. I have created a login that
redirects users that have logged in depending on their role (student
or administrator) to certain pages. How could I now disallow students
to simply change the URL and get to the administrator pages?
The only way that I could imagine now is to check in every action if
session[:me].role == "Administrator" and destroy the session in the
other case. Yet again I don't know that much about Ruby on Rails yet
to know about a better way.

Thanks for thinking about it!
A11b23a986b042fc05fff4d4060eeaf3?d=identicon&s=25 ceicke (Guest)
on 2007-02-08 14:29
(Received via mailing list)
Would this be something I can accomplish with "before_filter"?
D7c511ce5025d37b8c6bd9134e0f2bd9?d=identicon&s=25 Thorsten L (Guest)
on 2007-02-08 14:43
(Received via mailing list)
On 8 Feb., 14:28, "ceicke" <> wrote:
> Would this be something I can accomplish with "before_filter"?
> Christoph

exactly.  add a before_filter to all controllers/actions only admins
should be able to access.

class Admin < ActionController

before_filter :check_authorization

(... you actions and stuff)

def check_authorization
  reditect_to(:controller => "Errors" :action => "not_authorized")
unless session[:me].role = "Administrator"

of course you would have to create an Errors Controller and a
not_authorized action with a corresponding view. but maybe you have
another action to point to already, for general errors or whatever....
This topic is locked and can not be replied to.