1

Here is the full error:

Can't verify CSRF token authenticity
  User Load (0.3ms)  SELECT  `users`.* FROM `users`  WHERE `users`.`id` = 5  ORDER BY `users`.`id` ASC LIMIT 1
   (0.1ms)  BEGIN
   (0.2ms)  COMMIT
Completed 500 Internal Server Error in 22ms

NoMethodError - undefined method `has_role?' for nil:NilClass:
  app/controllers/application_controller.rb:8:in `authenticate_admin_user!'

I can verify that I was logged in at the time with an admin user.

Here is the controller that is triggering the error:

class ApplicationController < ActionController::Base
  def authenticate_admin_user!
    unless current_user.has_role? :admin
      flash[:alert] = "This area is restricted to administrators only."
      redirect_to main_app.root_path 
    end
  end
Abram
  • 39,950
  • 26
  • 134
  • 184
  • What request did you send to your app and how? It does look like you've missed a CSRF token. – D-side Oct 06 '14 at 07:20

2 Answers2

1

Add this line in your application controller so that the current_user method will be defined

before_action :authenticate_user!
Alaa Othman
  • 1,109
  • 12
  • 16
  • Yes, that fixed that issue.. but unfortunately now I am seeing Can't verify CSRF token authenticity – Abram Oct 06 '14 at 03:41
  • Sorry, but i didn't face this issue before, you can check this [question](http://stackoverflow.com/questions/19861402/devise-user-sign-in-gives-authentication-error-for-csrf-token-authenticity-token) it might help. – Alaa Othman Oct 06 '14 at 03:50
0

Change
unless current_user.has_role? :admin

To this:
unless current_user.try(:has_role?, :admin)

What that does it it'll try calling the :has_role? method (with the :admin parameter, but instead of raising an exception it'll return nil.

knrz
  • 1,801
  • 1
  • 12
  • 15
  • But the problem is that current_user should be defined – Abram Oct 06 '14 at 03:08
  • sorry, but i didn't face this issue before, see this [question](http://stackoverflow.com/questions/19861402/devise-user-sign-in-gives-authentication-error-for-csrf-token-authenticity-token), it might help – Alaa Othman Oct 06 '14 at 03:46