3

I have the basic clearance setup - 

rails generate clearance:install

and

rails generate clearance:views

In my admin_controller, I have

before_filter :authorize

This makes sure the user is logged in. How would I setup 'admin' privileges on my users and make sure the user has the privlege before allowing them into the admin controller?

Is there a better solution for this?

Thanks!

Andrew

andrewpthorp
  • 4,998
  • 8
  • 35
  • 56

2 Answers2

6

i had the same question, but cancan seems too much for me (small project)

Actually the source code of authorize is quite simple, so my approach here:

open the Clearance::Authorization module in initializer, and add custom methods there:

# config/initializers/clearance_authorization.rb

module Clearance
  module Authorization
    extend ActiveSupport::Concern

    def authorize_admin
      unless(signed_in? && current_user.admin?)
        deny_access
      end
    end
  end
end

don't forget to restart the server :)

Gecko-Gecko
  • 401
  • 7
  • 11
2

Mix it with CanCan

https://github.com/ryanb/cancan

http://railscasts.com/episodes/192-authorization-with-cancan

John H
  • 2,488
  • 1
  • 21
  • 35
  • As mentioned, cancan is your friend here. Follow [this](https://github.com/ryanb/cancan/wiki/Role-Based-Authorization) tutorial to sort it out. – stephenmurdoch May 22 '11 at 02:48