Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Home

notesolution edited this page · 2 revisions
Clone this wiki locally

Security

In a production application you'll likely want to protect access to this information. You can use the constraints feature of routing to accomplish this:

Devise

Checks a User model instance that responds to admin?

constraint = lambda { |request| request.env["warden"].authenticate? and request.env['warden'].user.admin? }
constraints constraint do
  match 'rubyception' => 'rubyception/application#index
end

Authlogic

# lib/admin_constraint.rb
class AdminConstraint
  def matches?(request)
    return false unless request.cookies['user_credentials'].present?
    user = User.find_by_persistence_token(request.cookies['user_credentials'].split(':')[0])
    user && user.admin?
  end
end

# config/routes.rb
require "admin_constraint"
match 'rubyception' => 'rubyception/application#index, :constraints => AdminConstraint.new

Restful Authenication

Checks a User model instance that responds to admin?

# lib/admin_constraint.rb
class AdminConstraint
  def matches?(request)
    return false unless request.session[:user_id]
    user = User.find request.session[:user_id]
    user && user.admin?
  end
end

# config/routes.rb
require "admin_constraint"
match 'rubyception' => 'rubyception/application#index, :constraints => AdminConstraint.new
Something went wrong with that request. Please try again.