Reputation: 683
Redirect User to Root if not admin
I'm currently trying to make it so that if a user is not an admin they cannot get onto the 'create & edit' pages and also cannot destroy entries.
I have this method within my controllers
def must_be_admin
unless current_user && current_user.admin?
redirect_to root_path, notice: "Admin Needed."
end
end
and I call it like so:
before_filter :must_be_admin, only: [:edit, :destroy, :create]
This seems to let unlogged in users on the create page, but doesn't let them do the actual create action. Is there anyway to NOT allow users on the actual pages as well?
Essentially don't allow any users that aren't admin to create/edit/destroy (as well as not let them on the actual pages) and just reroute them back to index.
Upvotes: 0
Views: 525
Answers (1)
Reputation: 4561
Yes if you restrict the new and edit actions as well they will not be able to see any of the pages. If you have a standard CRUD controller just eliminate the "only" option in your before_action and all non-admins will be blocked.
You have to remember that while blocking the create action you are not blocking the "new" actions page displaying everything. Blocking the 'new' action as well will stop them from even seeing the page.
Upvotes: 1
Related Questions
- Getting error: Peer authentication failed for user "postgres", when trying to get pgsql working with rails
- Rails/Devise/Pundit : Redirect after login if next action not authorized
- Rails: Hide "Edit" and "Destroy" unless logged in as Admin
- Rails Dot in Url with two routes for one controller
- Multiple Polymorphic Attributes on one Model
- Devise + CanCan: Admin manages Users
- Authlogic Current User Question - hiding admin links
- declerative_authorization on User problem