Rails, Devise. Disallow User actions unless AdminUser -
i have user model created devise, type:string attribute , adminuser model (adminuser < user).
in application controller defined :require_admin method:
def require_admin unless current_user == adminuser flash[:error] = "you not admin" redirect_to store_index_path end end on products controller set
before_action :require_admin, except: :show now create adminuser via console (with adminuser id) , when log in app, still can not use actions (create, edit etc.).
any ideas?
with
current_user == adminuser you check whether current_user object is equal adminuser class.
what want instead check whether current_user's class adminuser:
current_user.class == adminuser # or current_user.is_a?(adminuser) # or current_user.kind_of?(adminuser) # or current_user.instance_of?(adminuser) # or adminuser === current_user
Comments
Post a Comment