Reputation: 3
How can I prevent user access?
I have a view that to access you must log in ,my users table I have a field called kind. I am using gem devise
enum kind: {
admin: 0,
customer: 1
}
add this in application_controller
def user_can_access(resource)
if current_user
if resource.is_admin?
root_path
else
sign_out current_user
new_user_session_path
end
end
end
user.rb
def is_admin?
self.admin?
end
That is my attempt to solve it, but it is wrong since I want the user that I do not want to access the view to not login. In my method, the user who does not have access logs in but then I log him out, which I think is wrong How can I prevent client access?
note:I will only have a page for the administrator, the other users will not have a view to access.
Upvotes: 0
Views: 58
Answers (1)
Reputation: 180
You can check the cancancan gem for authorization features or you can write yours then include a before action to check if the current_user is authorized before rendering the view.
e.g
class MyPage < ApplicationController
before_action :is_authorized?
def show_my_page
@foo == bar
end
private
def is_authorized?
return true if current_user.kind == admin
redirect_to root_path, notice: "You are not allowed to access this page"
end
end
Upvotes: 1
Related Questions
- How to redirect from inertia post call to laravel back to inertia with new data
- How to manipulate browser url in Inertia.js?
- On Form Submit Inertia is not redirecting to particular page
- Redirect route with data in Laravel Vue Inertia stack
- Laravel Inertia (Vue) - Authenticate without Redirect
- Laravel + Inertia + Vue.js Duplicates App_URL into url
- Watching route change with Laravel Inertia
- Redirect in inertia js and jetstream in javascript code
- Unable to pass the required parameters into the URL - Laravel Inertia Vue
- New Inertia Route in laravel returns 404