Ganesh Ranganathan wrote in post #1138798:
> You can use a before_action filter in the controller to check both the
> current user's permissions and the user he is about to delete.
>
> And if it is another admin user or himself, then redirect them to
> another
> page with a flash error message. More details at the filter link below
>
> http://guides.rubyonrails.org/action_controller_overview.html
>
> Thanks,
> Ganesh
Hi,
Thank you for your reply. I only have one admin on the website as shown
below (code taken from seeds.rb).
User.create(:name => "weds4u", :password => "w", :password_confirmation
=> "w", :role => 'admin')
User.create(:name => "Afsheen", :password => "a",
:password_confirmation => "a", :role => '')
I tried the following IF statement from another website but that doesn't
seem to work. Could you suggest some correction to the below code or do
I need to change where I am putting the code in the first place?
def destroy
@user = User.find(params[:id])
if not user.role = 'admin'
@user.destroy
else
respond_to do |format|
format.html { redirect_to users_path,
notice: "#{@user.name} is an admin. You do not have
permission to delete this user" }
format.json { head :no_content }
end
end
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/98274dcda77f83469cc63d75dd8c0e8d%40ruby-forum.com.
For more options, visit https://groups.google.com/groups/opt_out.
