Menu
I have an admin controller and I want that only users that are defined as admin would have access to that controller.
my ability class:
class Ability
include CanCan::Ability
def initialize(user)
if user.admin?
can :manage, :all
else
can :read, :all
end
end
end
my admin controller:
class AdminController < ApplicationController
load_and_authorize_resource
def index
end
def users_list
end
end
when i try to access /admin/users_list (either with an admin user or without) i get the following error: uninitialized constant Admin
What am I doing wrong? Is that the right way to restrict access to a controller?
443
You can put authorization in your controller
authorize_resource :class => false
or
authorize_resource :class => :controller
Then change your app/models/Ability.rb file
can :manage, :controller_name
See this
93
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
