Reputation: 1458
Devise giving admin privileges to destroy
Just added an Admin model to Devise. I am on Rails 4.
I would like to give the Admin privileges to destroy and update articles that other users have created.
Having trouble finding documentation on how to do so.
Right now I have this on my index page, which allows the current creator to destroy/edit:
<% if current_user == article.user %>
<p>
<%= link_to 'Edit', edit_article_path(article) %>
<%= link_to 'Destroy', article, method: :delete, data: { confirm: 'Are you sure?' } %>
</p>
<%end%>
Would I add something here to let admins be able to do this as well?
Also here is my destroy action in articles_controller:
def destroy
@article = current_user.articles.find(params[:id])
@article.destroy
respond_to do |format|
format.html { redirect_to articles_url, notice: 'Article was successfully destroyed.' }
format.json { head :no_content }
end
end
I am still a Rails beginner. Tons to learn. If this is already documented somewhere could you please point me in that direction.
Upvotes: 0
Views: 167
Answers (1)
Reputation: 1840
Here you go. Quite an extensive documentation:
https://github.com/plataformatec/devise/blob/master/README.md
Very first steps are to simply add
before_action :authenticate_user!
to your controllers.
If you also need authorization have a look at cancan:
https://github.com/ryanb/cancan
Or rather https://github.com/elabs/pundit since CanCan is no longer maintained.
Upvotes: 0
Related Questions
- Does devise controller doesn't have access to database?
- Rails Devise and rails_admin authentication
- NoMethodError: undefined method `devise' for Admin
- Devise allow admins to delete users
- Rails_admin with devise
- Getting unauthorized with Devise & Rails Admin
- How to maintain both admin and user with devise gem?(Rails 4)
- User.admin with Devise ( Rails 3)
- Rails_Admin user control
- Destroying users as an admin in Devise