On May 25, 3:32 pm, Tomato <[email protected]> wrote: > private > def authenticate_admin > if current_user > return current_user.admin? > end > end > end > > In the admin namespace controller: > > class Admin::HomeController < ApplicationController > before_filter :authenticate_admin > ... > end > > But it didn't work here, I mean, I can still access backend with a > user account even if the admin field of the account is false. > Can somebody tell me why?
Not familiar with devise, but your before filter isn't actually doing anything. If the user isn't an admin then you probably want to redirect them to a login page or show an 'access denied' template Fred > > Thanks! -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
