how can i restrict access for particular MountableEngine inside my rails application in routes

Asked Oct 31 '12 at 20:10

Active Dec 21 '12 at 19:15

Viewed 342 times

i want to grant access to /samurai (mountable engine) only for users that have admin as role:

how can i do that?

my routes

authenticate do
   mount Resque::Server.new, :at => "/resque"
   mount Samurai::Engine => "/samurai"



 scope "/admin" do
  resources :customers, :images,:categories, :groups,:redirects, :projects, :specs, :indices,:glossaries, :invoices, :users, :products

  resources :comments do
    member do
      post 'approve'
      post 'moderate'
      post 'disapprove'
    end
  end
end

P.S = im using CanCan and Devise

Updated

i'm really new in Ruby, i've solved my problem this way!

1) creating a file at config/initializers;

2) in that file i 've put that code below;

Samurai::ApplicationController.class_eval do
  before_filter :restrict_access

  private

  def restrict_access
    user = current_user
    head :unauthorized unless user.role_id == 1
  end

end

how bad its that?

edited Dec 21 '12 at 19:15

asked Oct 31 '12 at 20:10

Nando

Hi Fernando --- please go back to your older questions and mark the correct answer as accepted. – Jesse Wolgamott Oct 31 '12 at 20:14
I think [this question](http://stackoverflow.com/questions/7283728/resque-devise-and-admin-authentication) should help – Derek Hill Dec 20 '12 at 09:13

how can i restrict access for particular MountableEngine inside my rails application in routes

0 Answers0