Reputation: 3
deny acces namespace ability in ruby on rails
I was wondering how to deny access to a namespace on rails. For example, I have a user model, where no administrator and a user. I have localhost:3000 path, which is accessed by all users, and localhost:3000/admin, where they can only be accessed by administrators. in the first route everyone can log in, but when go to the path /admin, only administrators should have access. I have the user models, role. my routes.rb
namespace :admin do
resources :whatever
end
ability.rb
if user.role.name == 'admin'
can :access, :rails_admin
can :manage, :all
else
can :read, :all
end
I have my controllers of admin in a folder, it's other context. Can I deny access to /admin to a non-admin user? I'm using mongoid.
Upvotes: 0
Views: 134
Answers (1)
Reputation: 601
I think it's more common to do that in controllers.
In my case, I use before_action in the AdminBaseController, which all admin related controllers inherited from, to validate if user is logged in as an admin.
class AdminBaseController < ApplicationController
before_action :authenticate_admin_user!
def authenticate_admin_user!
# authentication related logic goes here
redirect_to root_url unless current_user.try(:admin?)
end
end
Upvotes: 1
Related Questions
- bypass attr_accessible/protected in rails
- How can I prevent user access?
- How can I namespace routes only in rails 7
- How to restrict access to admin namespace
- Restrict access to namespace in ECR
- declarative_authorization and namespaces
- How to prevent access to Admin namespace
- Restricting any access to a model in rails
- railstutorial chapter 9 limit user access
- Restrict New Relic for some namespaces