Julius Dzidzevičius
Reputation: 11000
Rails, Devise. Disallow User actions unless AdminUser
I have User model created with Devise, with type:string attribute and a AdminUser model (AdminUser < User).
In application controller I defined the :require_admin method:
def require_admin
unless current_user == AdminUser
flash[:error] = "You are not an admin"
redirect_to store_index_path
end
end
On products controller I set
before_action :require_admin, except: :show
Now I create an AdminUser via console successfully (with AdminUser id) and when I log in the app, I still can not use those actions (create, edit etc.).
Any ideas?
Upvotes: 1
Views: 47
Answers (2)
Andrey Deineko
Reputation: 52357
With
current_user == AdminUser
you check whether current_user object is equal to the AdminUser class.
What you want instead is to check whether current_user's class is AdminUser:
current_user.class == AdminUser
# or
current_user.is_a?(AdminUser)
# or
current_user.kind_of?(AdminUser)
# or
current_user.instance_of?(AdminUser)
# or
AdminUser === current_user
Upvotes: 1
byakugie
Reputation: 653
I believe it should be current_user.is_a?(AdminUser)
Source : is_a? method documentation
Upvotes: 0
Related Questions
- How to restrict access to rails_admin admin panel?
- Allow only one user to be an admin with devise
- Devise: Allow only admin to sign in
- Only allow admin to create new admin
- configuring devise to be read only for users but full CRUD for Admin in Rails 4.2.4
- Override Devise controller -- only user with admin role to log in?
- Rails+Devise: How to make some actions available only for users?
- Trying to prevent non admins from signing up for admin
- Devise/Rails - How to allow only admin to create account for others?
- Devise: Restricting Actions to Administrators