Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authenticate using Devise and Rails Admin for particular routes

I use Rails Admin and Devise for admin and user model. I have added one column "admin" to the user model to indicate its identity.

In the config/routes.rb, I mount /admin for RailsAdmin:Engine

I want to only allow current_user.admin users to access /admin, otherwise, redirect user to home page.

How can I implement this in the cleanest code?

like image 649
bobzsj87 Avatar asked Mar 04 '13 09:03

bobzsj87


1 Answers

on your admin controllers:

class MyAdminController < ApplicationController
  before_filter :authenticate_user!
  before_filter :require_admin
end

on your application controller:

class ApplicationController < ActionController::Base


  def require_admin
    unless current_user && current_user.role == 'admin'
      flash[:error] = "You are not an admin"
      redirect_to root_path
    end        
  end
end

Sorry, didn't notice it was with rails admin, you can do:

# in config/initializer/rails_admin.rb

RailsAdmin.config do |config|
  config.authorize_with do |controller|
    unless current_user.try(:admin?)
      flash[:error] = "You are not an admin"
      redirect_to main_app.root_path
    end
  end
end
like image 84
rorra Avatar answered Nov 14 '22 23:11

rorra