Dmytro Vasin
Reputation: 823
Rails before_filter
help me fix the problem:
i have two devise model (User and Admin)
and i have some post model and controller with routes:
/posts
/posts/80
/posts/80/edit
and i want that: admin has all access user has access to:
/post
and
/post/80 ( if he is creator of this post )
I done this:
class PostsController < ApplicationController
before_filter :check_guest_logged_in!, :except => [:index, :show]
.
.
.
private
def check_guest_logged_in!
if user_signed_in?
authenticate_user!
elsif admin_signed_in?
authenticate_admin!
else
redirect_to root_path
end
end
but in this case if user is authorize he can put in browser
/posts/80/edit
and he get access ( even if he is not the creator of this post )
how can i fix this ?
i want something like that private
def check_guest_logged_in!
if user_signed_in?
authenticate_user!
if ( current_user.id == @post.user.id )
else
return false;
end
elsif admin_signed_in?
authenticate_admin!
else
redirect_to root_path
end
end
but its not work
Upvotes: 0
Views: 268
Answers (1)
Joey Hoang
Reputation: 406
My suggestion would be to use the CanCan gem
https://github.com/ryanb/cancan
Here's an excellent railscast on it
http://railscasts.com/episodes/192-authorization-with-cancan
With cancan you can do something like this
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
can :read, :all
end
end
end
Upvotes: 3
Related Questions
- before_filter with parameters
- Devise before_filter on the whole controller except results
- Rails before_filter for specific actions in controller
- How can I use two Devise's before_filters in one rails controller?
- after_filter in devise
- Global before_filter in rails
- rails 3 devise before filter
- before_filter with devise
- before_filter with another controller
- ruby on rails 3 question about before_filter