You may also use a specific Admin model and authentication scheme with
Devise, I found it easier to manage specific admin tasks not related
to web site pages for users
devise_for :users, :controllers => { :sessions => "users/
sessions", :passwords => "users/passwords", :registrations => "users/
registrations", :confirmations => "users/confirmations", :unlocks =>
"users/unlocks" } do
......t
end
devise_for :admins, :controllers => { :sessions => "admins/
sessions", :passwords => "admins/passwords", :registrations => "admins/
registrations" }
and you need in your controllers :
before_filter :authenticate_admin!
I have both and I use Cancan ( abilities based on roles in each
area)
On 25 mai, 17:16, Tomato <[email protected]> wrote:
> Thank you very much! It works!
>
> On May 25, 11:07 am, Frederick Cheung <[email protected]>
> wrote:
>
>
>
> > On May 25, 3:32 pm, Tomato <[email protected]> wrote:
>
> > > private
> > > def authenticate_admin
> > > if current_user
> > > return current_user.admin?
> > > end
> > > end
> > > end
>
> > > In the admin namespace controller:
>
> > > class Admin::HomeController < ApplicationController
> > > before_filter :authenticate_admin
> > > ...
> > > end
>
> > > But it didn't work here, I mean, I can still access backend with a
> > > user account even if the admin field of the account is false.
> > > Can somebody tell me why?
>
> > Not familiar with devise, but your before filter isn't actually doing
> > anything. If the user isn't an admin then you probably want to
> > redirect them to a login page or show an 'access denied' template
>
> > Fred
>
> > > Thanks!
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
