Admin Authorization with CanCan

Question

A have a bunch of controllers with the Admin namespace. I want to restrict access to these unless the user is an admin. Is there a way to do this using CanCan without having to call unauthorized! in every method of every controller?

Answer 1

Add an application controller to your namespace and a before filter to it.

class ApplicationController < ActionController::Base
end

class Admin::ApplicationController < ApplicationController 
  # these goes in your namespace admin folder
  before_filter :check_authorized

  def check_authorized
    redirect_to root_path unless can? :admin, :all
  end
end

class SomeadminController < Admin::ApplicationController
   def some_action
     # do_stuff
   end
end

Answer 2

The Admin Namespaces wiki page for CanCan lists out several solutions to this problem.

• As @mark suggested, have a base controller for admins which checks authorization for every action.
  • You may not need to use CanCan at all for this if all you require is to check that users have an admin flag.
• For handling admins differently from each other (as opposed to differently from regular users only), consider a separate AdminAbility class (this is a little off-topic, but could prove relevant).