Rails 3: How to restrict access to the web interface for adding oauth authorized applications using Doorkeeper gem

Question

I have a Rails Application Which uses Device + doorkeeper.I am also using cancan for Role Management.In my application i uses http://localhost:3000/oauth/applications/new for registering my application for getting Client and Secret id. Currently any user can register application through web interface for getting client and secret id ,i need to restrict access so that only admin can register Application.

I saw some code in doorkeeper.rb file

# If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
  # admin_authenticator do
  #   # Put your admin authentication logic here.
  #   # Example implementation:
  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
  # end

I tried like below ,but not working...

admin_authenticator do
  if(current_user)
    current_user.role? :admin
  else
    redirect_to(new_user_session_url)
  end
end

Thanks in advance......

Answer 1

The code I used and works great is

admin_authenticator do
  redirect_to new_user_session_url unless current_user && current_user.admin?
end

Answer 2

Well, your logic is incorrect. Basically you are letting everyone who is a current_user have access. You really want something like:

admin_authenticator do
  if(current_user && current_user.role?(:admin))
    #do nothing
  else
    redirect_to(new_user_session_url)
  end
end

You could also do

admin_authenticator do
  if(current_user)
    redirect_to(not_authorized_url) unless current_user.role?(:admin)
  else
    redirect_to(new_user_session_url)
  end
end

Which would let you send the user to the correct error page