How can I split actions between two devise accounts ? so that each account can view only specific set of actions on the same controller ?
Is there an easy way to redirect the wrong account to a specific view ?
Here is my scenario:
I have created two accounts types:
- Instructor
- Student
There is a controller which both accounts types can visit specific actions on it:
class CoursesController < ApplicationController
# instructors are allowed to view all action's views, except :browse_courses, :register_course
before_filter :authenticate_instructor!,
:except => [:browse_courses, :register_course]
# students are allowed to view only :browse_courses, :register_course
before_filter :authenticate_student!,
:only => [:browse_courses, :register_course]
…
but, strangely, some times, when I visit the edit action at the controller above using instructor account, devise will ask for student authentication, and the edit view won’t be rendered, although instructor is able to view the edit
Notice that before_filter :authenticate_student! states that :only => [:browse_courses, :register_course] shall be authenticated for student account, so, why edit action gets authenticated too for student ? ( it will show student sign in view )
Is the code above the right way ? or there is a better approach for this problem ?
Devise is an authentication tool. Don’t try to implement authorization with it.
Let Devise identify your users, and use something else to handle their privileges. I, personally, like CanCan by Ryan Bates.
With it, your controller would look like this:
CanCan has pretty easy and powerful way of defining who can do what. Read this: Defining Abilities.