[Rails] Re: Making sure the Admin of a website is not deleted

Ruby on Rails Tuesday, March 4, 2014



On Tuesday, March 4, 2014 2:54:38 PM UTC-5, Ruby-Forum.com User wrote:
Hi,

Thank you for your reply. I only have one admin on the website as shown
below (code taken from seeds.rb).

User.create(:name => "weds4u", :password => "w", :password_confirmation
=> "w", :role => 'admin')
User.create(:name => "Afsheen",  :password => "a",
:password_confirmation => "a", :role => '')

I tried the following IF statement from another website but that doesn't
seem to work. Could you suggest some correction to the below code or do
I need to change where I am putting the code in the first place?


def destroy
    @user = User.find(params[:id])
  if not user.role = 'admin'
    @user.destroy
else
    respond_to do |format|
        format.html { redirect_to users_path,
                notice: "#{@user.name} is an admin. You do not have
permission to delete this user" }
      format.json { head :no_content }
    end
  end

--
Posted via http://www.ruby-forum.com/.

IMO, this isn't good code.  I recommend you look at railstutorial.org which has an online book.  Chapters 6-9 give a very good tutorial on building user login functionality, how to insure only admins can delete users, and how to insure an admin can't delete themselves.  As Ganesh posted above, generally before_actions are used in the controller instead of the language you have above to insure only admins can delete users.

I believe this tutorial is good because it builds authentication from the ground up (roll your own) and you learn the concepts.  In practice, I don't usually do that because there are gems that are easier to use such as devise.  

Good Luck.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/2f3eab85-7788-4a8c-b91d-df6e249df511%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Posted by Ruby on Rails at 12:48 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)