0

I just wanted to reinitiate that question. I had the same problem with a similar controller:

    class CategoriesController < ApplicationController

  before_action :require_admin, except: [:index, :show]

  def index
    @categories = Category.paginate(page: params[:page], per_page: 5)
  end

  def new
    @category = Category.new
  end

  def create
    @category = Category.new(category_params)
    if @category.save
      flash[:success] = "La nueva categoria se creĆ³ correctamente"
      redirect_to categories_path
    else 
      render 'new'
    end
  end

  def index
     @categories = Category.paginate(page: params[:page], per_page: 5)
  end

  def show
  end

  private

  def category_params
    params.require(:category).permit(:name)
  end

  def require_admin
    if !logged_in? || logged_in? and !current_user.admin?
      flash[:danger] = "Solamente el admin puede acceder a esta seccion"
    redirect_to categories_path
    end
  end


end

And for some reason that yielded on the error undefined method 'admin?' for nil:NilClass When I have the exact same code for another portion that works just fine:

    Class ArticlesController < ApplicationController

  before_action :set_article, only: [:edit, :update, :show, :destroy]
  before_action :require_user, only: [:new, :create, :update, :edit, :destroy]
  before_action :require_same_user, only: [:update, :edit, :destroy]

  def index
    @articles = Article.paginate(page: params[:page], per_page: 5)
  end

  def new
    @article = Article.new
  end

  def create
    @article = Article.new(article_params)
    @article.user = current_user
    if @article.save
      flash[:success] = "El articulo fue correctamente creado!"
      redirect_to article_path(@article)
    else
      render 'new'
    end
  end

  def edit
  end

  def update
    if @article.update(article_params)
      flash[:success] = "El articulo fue correctamente actualizado!"
      redirect_to article_path(@article)
    else
      render 'edit'
    end
  end

  def show
  end

  def destroy
    @article.destroy
    flash[:success] = "El articulo fue correctamente borrado!"
    redirect_to articles_path
  end

  private
    def set_article
      @article = Article.find(params[:id])
    end

    def article_params
      params.require(:article).permit(:title, :description)
    end

    def require_same_user
      if current_user != @article.user and !current_user.admin?
        flash[:danger] = "Solamente puede editar y borrar sus propios articulos"
        redirect_to root_path
      end
    end

end anyhow, I have switched to Drew's solution and it works now but I was wondering what was the problem in the first place? Why does it work in another portion of my code and in this particular one it doesn't?

Thanks in advance!

Martin Carre
  • 1,157
  • 4
  • 20
  • 42

1 Answers1

3

if !logged_in? || logged_in? and !current_user.admin?

it will evaluate !logged_in? || logged_in? first (always true) and then !current_user.admin?, so it will always check !current_user.admin?, but current_user will be nil when the user is not logged in...

I think you want if !logged_in? || (logged_in? and !current_user.admin?)

but you could rewrite it with unless instead of if (more readable I think?)

unless current_user && current_user.admin?

gabrielhilal
  • 10,660
  • 6
  • 54
  • 81