I have a super simple question. I have a page that lists all the products in my app. I just want to make that page view-able by admin only. But products/new I want everyone to be able to see clearly.
create_table "users", :force => true do |t|
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.boolean "admin", :default => false
class ProductsController < ApplicationController
before_filter :current_user, only: [:create, :destory]
before_filter :correct_user, only: :destory
@products = Product.all
@product = Product.new
@product = current_user.products.new(params[:product])
render "show", :notice => "Sale created!"
render "new", :notice => "Somehting went wrong!"
Put in your controller
before_filter :authorize_admin, only: :index
and in application_controller.rb
def authorize_admin redirect_to :back, status: 401 unless current_user.admin #redirects to previous page end