12

I added an admin role to Devise by adding a admin attribute.

Could you tell me if this is the right way to create a before_filter that requires an admin user to be signed:

in any controller:

before_filter :authenticate_admin!

in application_controller

protected
  unless current_user.try(:admin?)      
    redirect_to :new_user_session_path      
  end
Martin Petrov
  • 2,633
  • 4
  • 30
  • 44

2 Answers2

25

Go with this approach

  before_filter :authenticate_user!
  before_filter do 
    redirect_to new_user_session_path unless current_user && current_user.admin?
  end

This also ensures any guests are forced to sign in as well. You don't need to modify the default method to force authentication just to access the instance method admin?

def admin?
  self.admin == true
end

My approach is to create a role attribute and check its string value against a set of intended roles - it's far more flexible this way rather than having to create many boolean attributes.

Michael De Silva
  • 3,808
  • 1
  • 20
  • 24
  • 2
    No need to define admin?, if the admin column is already a Boolean then you can just call user.admin? and it will automatically return true or false without having a admin? method in user. – n0denine Apr 24 '13 at 04:00
  • Correct, however, for most of my apps I tend to store these as strings. Combine this with an authorisation layer, i.e. CanCan, and it's easy to define levels of 'admin' prowess. For a `boolean` column in the DB, you do not need to redefine the predicate method as I have shown above. – Michael De Silva Apr 28 '13 at 20:18
1

Looking at the answer above (by Michael De Silva), I had an issue with the code he used. He wrote the path as a symbol (:new_user_session_path), but I needed it to be a regular path helper (new_user_session_path). Until I changed this, I was getting errors, saying the path was invalid. (I am running Rails 5.)

Hope this is helpful to others!

Micah Bales
  • 181
  • 8
  • 16