-
Notifications
You must be signed in to change notification settings - Fork 10
https: www.tyetechnologies.com
TYETECHNOLOGIES edited this page Sep 20, 2017
·
1 revision
Security
In a production application you'll likely want to protect access to this information. You can use the constraints feature of routing to accomplish this:
Checks a User model instance that responds to admin?
constraint = lambda { |request| request.env["warden"].authenticate? and request.env['warden'].user.admin? }
constraints constraint do
match 'rubyception' => 'rubyception/application#index
end# lib/admin_constraint.rb
class AdminConstraint
def matches?(request)
return false unless request.cookies['user_credentials'].present?
user = User.find_by_persistence_token(request.cookies['user_credentials'].split(':')[0])
user && user.admin?
end
end
# config/routes.rb
require "admin_constraint"
match 'rubyception' => 'rubyception/application#index, :constraints => AdminConstraint.newChecks a User model instance that responds to admin?
# lib/admin_constraint.rb
class AdminConstraint
def matches?(request)
return false unless request.session[:user_id]
user = User.find request.session[:user_id]
user && user.admin?
end
end
# config/routes.rb
require "admin_constraint"
match 'rubyception' => 'rubyception/application#index, :constraints => AdminConstraint.new