CODEWITHSUNDEEP
ruby-on-rails
zsljulius
zsljulius

Reputation: 4113

Rails before_filter doesn't hit database

In my application, I want to only allow user with admin privilege to access this model. So I set up and before_filter to check if the user is an Admin. The problem with this approach is that, after the admin user passes the filter, s/he won't be able to get redirect to the action. Instead, only the views are rendered, which leads to the undefined method each' for nil:NilClass error. What am I doing wrong here?

class TidbitsController < ApplicationController
     before_filter :is_admin?
     layout "tidbits"
      # GET /tidbits
      # GET /tidbits.json
      protected    
      def is_admin?
        unless current_user.admin?
         flash[:error] = "You are not authorized!"
         redirect_to "/" and return
        end
      end

      def index
        @tidbits = Tidbit.all

        respond_to do |format|
          format.html # index.html.erb
          format.json { render json: @tidbits }
        end
      end

      # GET /tidbits/1
      # GET /tidbits/1.json
      def show
        @tidbit = Tidbit.find(params[:id])

        respond_to do |format|
          format.html # show.html.erb
          format.json { render json: @tidbit }
        end
      end

      # GET /tidbits/new
      # GET /tidbits/new.json
      def new
        @tidbit = Tidbit.new

        respond_to do |format|
          format.html # new.html.erb
          format.json { render json: @tidbit }
        end
      end

      # GET /tidbits/1/edit
      def edit
        @tidbit = Tidbit.find(params[:id])
      end

      # POST /tidbits
      # POST /tidbits.json
      def create
        @tidbit = Tidbit.new(params[:tidbit])

        respond_to do |format|
          if @tidbit.save
            format.html { redirect_to @tidbit, notice: 'Tidbit was successfully created.' }
            format.json { render json: @tidbit, status: :created, location: @tidbit }
          else
            format.html { render action: "new" }
            format.json { render json: @tidbit.errors, status: :unprocessable_entity }
          end
        end
      end

      # PUT /tidbits/1
      # PUT /tidbits/1.json
      def update
        @tidbit = Tidbit.find(params[:id])

        respond_to do |format|
          if @tidbit.update_attributes(params[:tidbit])
            format.html { redirect_to @tidbit, notice: 'Tidbit was successfully updated.' }
            format.json { head :no_content }
          else
            format.html { render action: "edit" }
            format.json { render json: @tidbit.errors, status: :unprocessable_entity }
          end
        end
      end

      # DELETE /tidbits/1
      # DELETE /tidbits/1.json
      def destroy
        @tidbit = Tidbit.find(params[:id])
        @tidbit.destroy

        respond_to do |format|
          format.html { redirect_to tidbits_url }
          format.json { head :no_content }
        end
      end

    end

Upvotes: 0

Views: 117

Answers (2)

Azzurrio
Azzurrio

Reputation: 1330

I think you forgot to add the devise required callback filter

before_filter :authenticate_user!
before_filter :is_admin?

Upvotes: 0

Radek Paviensky
Radek Paviensky

Reputation: 8496

in your example all your action methods are protected so maybe that's the problem?

Upvotes: 2

Related Questions