nachime
Reputation: 1856
accessing user edit pages when you are admin
currently, my edit action in my users controller is like so:
def edit
@user = User.find(params[:id])
end
This works if I want to access my own user profile. However, if I want to access someone else's user profile, this wouldn't work. How should I change this?
Upvotes: 0
Views: 26
Answers (1)
Arun Kumar Mohan
Reputation: 11905
Add a before action check_right_user which checks whether the current user is trying to access his own profile.
before_action :check_admin, only: [:edit, :update, :destroy]
def check_admin
unless current_user.admin?
redirect_to root_path, alert: "You're not authorized"
end
end
I assume you have a current_user method defined in your application_controller or users_controller and an admin field in your user model.
Upvotes: 1
Related Questions
- Manage the edit users in rails 4
- how to view the page through the admin panel?
- Rails editing users as an admin on one page
- rails 3 admin edit another user
- How to allow only Admin (or some user) to edit the pages in Rails?
- URL to Active Admin edit pages
- How does one use a rails admin account outside of rails admin to edit user data?
- Preventing other signed-in users from accessing 'edit' page
- Admin views page as user
- Admin section in rails