Hello everyone,
I want to add authorization to my Rails app. As I am using devise for
authentication, so I add an admin field to User model.
class User
...
field :admin, :type => Boolean, :default => false
...
end
In the controller, I add a method like this:
class ApplicationController < ActionController::Base
...
private
def authenticate_admin
if current_user
return current_user.admin?
end
end
end
In the admin namespace controller:
class Admin::HomeController < ApplicationController
before_filter :authenticate_admin
...
end
But it didn't work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?
Thanks!
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
