having users and admins in rails devise app(only allowing access to certain views to admins)

Question

I am new to rails

I have users sign up and log-in to rails app. However I want to restrict a couple of views to just a few users that are designated admins.

Is there a way to do this with devise easily?

What would be the best way to do this?

Should I just add an is_admin row to the Users table and create a before filter or is there better way?

THanks

Answer 1

Without using any gems, you really have two simple solutions.

The first is to add a boolean attribute to your User model of admin then set it to true or false to grant certain users access to different pages in your app.

The second is to create two separate Devise models for User and Admin.

Answer 2

The before filter checking on the User attribute will work. For more complex issues you can look at some authorization gems

CanCanCan which is a continuation or Ryan B.'s cancan.

or

The Role, which takes a slightly different approach.

I've used both and had no objections to either. Hope that helps!

Answer 3

If you are just wanting to limit a couple pages to admins your best bet is to just do the before filter in the controller to check if the user is admin. Also make sure in other areas of your app that you are permitting params properly for admin vs regular users.

If you need something more complex, look at the gem pundit.