Home/ Questions/Q 8510001
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T03:35:13+00:00

In my application, I want to only allow user with admin privilege to access

  • 0

In my application, I want to only allow user with admin privilege to access this model. So I set up and before_filter to check if the user is an Admin. The problem with this approach is that, after the admin user passes the filter, s/he won’t be able to get redirect to the action. Instead, only the views are rendered, which leads to the undefined method each' for nil:NilClass error. What am I doing wrong here?

class TidbitsController < ApplicationController
     before_filter :is_admin?
     layout "tidbits"
      # GET /tidbits
      # GET /tidbits.json
      protected    
      def is_admin?
        unless current_user.admin?
         flash[:error] = "You are not authorized!"
         redirect_to "/" and return
        end
      end

      def index
        @tidbits = Tidbit.all

        respond_to do |format|
          format.html # index.html.erb
          format.json { render json: @tidbits }
        end
      end

      # GET /tidbits/1
      # GET /tidbits/1.json
      def show
        @tidbit = Tidbit.find(params[:id])

        respond_to do |format|
          format.html # show.html.erb
          format.json { render json: @tidbit }
        end
      end

      # GET /tidbits/new
      # GET /tidbits/new.json
      def new
        @tidbit = Tidbit.new

        respond_to do |format|
          format.html # new.html.erb
          format.json { render json: @tidbit }
        end
      end

      # GET /tidbits/1/edit
      def edit
        @tidbit = Tidbit.find(params[:id])
      end

      # POST /tidbits
      # POST /tidbits.json
      def create
        @tidbit = Tidbit.new(params[:tidbit])

        respond_to do |format|
          if @tidbit.save
            format.html { redirect_to @tidbit, notice: 'Tidbit was successfully created.' }
            format.json { render json: @tidbit, status: :created, location: @tidbit }
          else
            format.html { render action: "new" }
            format.json { render json: @tidbit.errors, status: :unprocessable_entity }
          end
        end
      end

      # PUT /tidbits/1
      # PUT /tidbits/1.json
      def update
        @tidbit = Tidbit.find(params[:id])

        respond_to do |format|
          if @tidbit.update_attributes(params[:tidbit])
            format.html { redirect_to @tidbit, notice: 'Tidbit was successfully updated.' }
            format.json { head :no_content }
          else
            format.html { render action: "edit" }
            format.json { render json: @tidbit.errors, status: :unprocessable_entity }
          end
        end
      end

      # DELETE /tidbits/1
      # DELETE /tidbits/1.json
      def destroy
        @tidbit = Tidbit.find(params[:id])
        @tidbit.destroy

        respond_to do |format|
          format.html { redirect_to tidbits_url }
          format.json { head :no_content }
        end
      end

    end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    in your example all your action methods are protected so maybe that’s the problem?

    • 0