A have a bunch of controllers with the Admin namespace. I want to restrict access to these unless the user is an admin. Is there a way to do this using CanCan without having to call unauthorized! in every method of every controller?
Asked
Active
Viewed 3,298 times
3 Answers
8
Add an application controller to your namespace and a before filter to it.
class ApplicationController < ActionController::Base
end
class Admin::ApplicationController < ApplicationController
# these goes in your namespace admin folder
before_filter :check_authorized
def check_authorized
redirect_to root_path unless can? :admin, :all
end
end
class SomeadminController < Admin::ApplicationController
def some_action
# do_stuff
end
end
1
The Admin Namespaces wiki page for CanCan lists out several solutions to this problem.
- As @mark suggested, have a base controller for admins which checks authorization for every action.
- You may not need to use CanCan at all for this if all you require is to check that users have an
adminflag.
- You may not need to use CanCan at all for this if all you require is to check that users have an
- For handling admins differently from each other (as opposed to differently from regular users only),
consider a separate
AdminAbilityclass (this is a little off-topic, but could prove relevant).
Caleb Hearth
- 3,315
- 5
- 30
- 44
0
now rails_admin has full support with Cancan, you can find it in its official website, there is a wiki page for this topic:
Siwei
- 19,858
- 7
- 75
- 95
-
Did he mention rails_admin? – Daniel Bang Feb 16 '14 at 02:04
-
yes you are right, he didn't mention rails_admin. I don't suggest using rails_admin since it's no so good as I thought. – Siwei Feb 17 '14 at 00:29