W dniu 28.08.2010 20:03, Scorpio pisze: > I'm trying to setup permissions for the index action of the users > controller and I want it to be available only to an admin. I've tried > the permissions but then I cant signup. Any help? >
You probably want something like
def view_permitted?
return true if new_record? # To allow signup
return true if acting_user.administrator? # Admins can view users
return true if acting_user.id == id # Users can view themselves
false
end
in User model and
index_action :index do
redirect somewhere, show flash unless current_user.administrator?
hobo_index
end
in users controller (it would be cleaner to use filters in controller,
but doing it inside action is easier at the beginning).
Regards,
Joachim
signature.asc
Description: OpenPGP digital signature
