Authorization problem

Hello everyone,

I want to add authorization to my Rails app. As I am using devise for
authentication, so I add an admin field to User model.

class User
  ...
  field :admin, :type => Boolean, :default => false
  ...
end

In the controller, I add a method like this:

class ApplicationController < ActionController::Base
  ...
  private
    def authenticate_admin
      if current_user
        return current_user.admin?
      end
    end
end

In the admin namespace controller:

class Admin::HomeController < ApplicationController
  before_filter :authenticate_admin
  ...
end

But it didn't work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?

Thanks!

private
def authenticate_admin
if current_user
return current_user.admin?
end
end
end

In the admin namespace controller:

class Admin::HomeController < ApplicationController
before_filter :authenticate_admin
...
end

But it didn't work here, I mean, I can still access backend with a
user account even if the admin field of the account is false.
Can somebody tell me why?

Not familiar with devise, but your before filter isn't actually doing
anything. If the user isn't an admin then you probably want to
redirect them to a login page or show an 'access denied' template

Fred

Thank you very much! It works!

You may also use a specific Admin model and authentication scheme with
Devise, I found it easier to manage specific admin tasks not related
to web site pages for users

    devise_for :users, :controllers => { :sessions => "users/
sessions", :passwords => "users/passwords", :registrations => "users/
registrations", :confirmations => "users/confirmations", :unlocks =>
"users/unlocks" } do
......t
    end
    devise_for :admins, :controllers => { :sessions => "admins/
sessions", :passwords => "admins/passwords", :registrations => "admins/
registrations" }

and you need in your controllers :

before_filter :authenticate_admin!

I have both and I use Cancan ( abilities based on roles in each
area)

I have considered both ways you mentioned, but it seems not necessary
to use such methods as it is just a little app.

Maybe I will use cancan in the future when necessary.

Thank you anyway!