I've got my app setup and authentication running with authlogic. I
followed the guide on asciicasts - very good. Basically it's a site with
a database of teachers and the fields required for authentication are
included in the Teacher model. This is a fine a teacher can register and
then login, logout and manage their profile.
Anyway, I now need an admin user. I also want to secure the app so it's
secure by default. I have a couple of scaffolded controllers used for
maintaining peripheral app data and these must be protected so that only
an admin can access them. Other controllers e.g. the welcome controller
should be globally accesable.
The admin user/teacher should be all powerful and able to update any
teachers profile/access all the scaffolded controllers and generally be
able to do everything.
Teachers themselves are only allowed to update their own profile (this
I figure I need to maybe add a boolean field to Teacher such as (admin)
and then do some filtering in the app. I could just have a single
particular Teacher setup as an admin for this to work (I could set the
boolean flag manually).
Is my approach ok, how do I achieve this with filters? - can I protect
the whole app in application.rb and then selectively turn off the filter
for particular controllers / actions?
Be grateful for insight...