Devise: restricting page access using user attributes

Question

Relatively new to rails, I've got a simple web app using Devise for user authentication. One attribute is an :admin boolean, set nil for most users, and I will change to true manually in the console for the few users who will need to have administrative access.

My question is: How should I restrict access to a particular page to those who have admin access marked as true?

I've attempted some of that logic in my pages_controller, but it doesn't seem to redirect me as desired (referring to the user_list section):

  class PagesController < ApplicationController
        before_action :authenticate_user!, :except => [:welcome]

  def welcome
     #code removed for brevity's sake
  end

  def dashboard
    #ditto
  end

  def user_list
    unless 
     current_user.admin == true
        redirect_to pages_dashboard_path
    else    
      @users = Users.all
    end

  end
end

Any suggestions on my goal of redirecting or otherwise restricting access to my user_list page would be greatly appreciated.

Answer 1

In your user_list method, model name should be singular.

def user_list
 unless 
   current_user.admin == true
    redirect_to pages_dashboard_path
 else    
   @users = User.all
 end
end

Answer 2

in your controller you can do something like this

class PagesController < ApplicationController
  ...
  def user_list
    if current_user.admin == true
      @users = Users.all
    else
      render :not_an_admin 
    end
  end
end

You can not send them to the same page that they dont have access

You can choose to render a new view