Topic: Controller lockdown [SOLVED]

i just want to let admin to a particular part of the site and in my controller i am doing

class XxxController < ApplicationController
  before_filter :authenticate_user!
  def index
    unless current_user.user_type == "admin"
      redirect_to root_path
    end
  end

  def show
    unless current_user.user_type == "admin"
      redirect_to root_path
    end
  end

  def new
    unless current_user.user_type == "admin"
      redirect_to root_path
    end
   ...
end 

if i don't do this anyone that is logged in can hit those pages

Last edited by moiseszaragoza (2012-07-09 22:33:53)

Re: Controller lockdown [SOLVED]

you can do

  before_filter do |c|
    def custom_filter
       unless current_user.user_type == "admin"
          flash[:success] = t(:permission_error)
          redirect_to root_path
       end
    end
  end

  before_filter :custom_filter