Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Devise authenticate_user

help my in that question:

i have 2 models ( admin and user ) -> created with devise, and i have post_controller:

and the question arises:

if i have one model ( user.rb ) -> in my controller i put that:

before_filter :authenticate_user!, :except => [:show, :index]  

but i have 2 models and i want to User have access to 'show' and 'index' action of post controller and Admin have access to all actions.

and i do something like that:

   before_filter :logged_in
.
.
.
    private
        def logged_in
          if admin_signed_in?

          else 
            authenticate_user!
          end   
        end

but i want change my string:

authenticate_user!

to something like that:

:authenticate_user!, :except => [:show, :index]
but except refers to before_filter

how can I do it ( without 'cancan' gem )

like image 960
Dmytro Vasin Avatar asked Sep 05 '12 09:09

Dmytro Vasin


People also ask

What does devise Authenticate_user do?

Devise also comes with some very useful helper functions: before_action :authenticate_user! — Add to any controller to limit access to an action unless a user is logged in.

How does devise Current_user work?

current_user works by storing id of current user in the application session. Most commonly session is stored in cookies. Whether or not the cookies survive browser restart depends on client's browser settings.

Does devise work with Rails 7?

Our out-of-the box Devise setup is now working with Rails 7. Once again, if you'd like to refer to any of the code for this setup, or use the template wholesale for a new app, the code is available on GitHub, and you may also use it as a template repo to kick off your own Rails 7 devise projects.

What is devise warden?

The devise gem is basically based on a warden gem, which gives an opportunity to build authorization direct on a Ruby Rack Stack. This gem is pretty straightforward and well documented. Warden fetches a request data and checks if the request includes valid credentials, according to a defined strategy.


1 Answers

Try using two before filters - one for admin only actions, and another for admin or user actions.

# ensure admin for other actions
before_filter :check_admin_logged_in!, :except => [:show, :index]

# ensure user or admin logged in for these actions (:only option is optional)
before_filter :check_user_logged_in!, :only => [:show, :index]

private
    def check_admin_logged_in! # admin must be logged in
        authenticate_admin!
    end
    def check_user_logged_in! # if admin is not logged in, user must be logged in
      if !admin_signed_in?
        authenticate_user!
      end   
    end
like image 106
ronalchn Avatar answered Nov 12 '22 03:11

ronalchn