Devise: Restricting Actions to Administrators

ruby-on-rails authentication devise action
Trent Scott picture Trent Scott · Apr 26, 2011 · Viewed 8.6k times · Source

Following the guide here, I added a boolean attribute to my database using a migration:

rails generate migration add_admin_to_user admin:boolean

I've configured my account to be an admin (admin = 1) via Rails console. I have a controller that I want to restrict access to certain actions (new, edit, create, and destroy) for administrators only.

I'll also have normal users, I just want to restrict access to these actions for admins only in this controller. Currently, I'm using the code:

before_filter :authenticate_user!, :only => [:new, :edit, :create, :destroy]

Which restricts access to registered users -- how do I take this a step further and require admins?

Answer

Will Ayd picture Will Ayd · Apr 26, 2011

you can easily implement your own before_filter to allow access to only admin users by using the .admin? method associated with your user model. for instance:

before_filter :verify_is_admin

private

def verify_is_admin
  (current_user.nil?) ? redirect_to(root_path) : (redirect_to(root_path) unless current_user.admin?)
end

Related questions

Extending Devise SessionsController to authenticate using JSON

I am trying to build a rails API for an iphone app. Devise works fine for logins through the web interface but I need to be able to create and destroy sessions using REST API and I want to use …

Read More
RoR Devise: Sign in with username OR email

What's the best way to enable users to log in with their email address OR their username? I am using warden + devise for authentication. I think it probably won't be too hard to do it but i guess i need …

Read More
Rails, Devise authentication, CSRF issue

I'm doing a singe-page application using Rails. When signing in and out Devise controllers are invoked using ajax. The problem I'm getting is that when I 1) sign in 2) sign out then signing in again doesn't work. I think it's related …

Read More