[Rails] Re: Making sure the Admin of a website is not deleted

Tue, 04 Mar 2014 12:48:43 -0800 


On Tuesday, March 4, 2014 2:54:38 PM UTC-5, Ruby-Forum.com User wrote:
>
> Hi, 
>
> Thank you for your reply. I only have one admin on the website as shown 
> below (code taken from seeds.rb). 
>
> User.create(:name => "weds4u", :password => "w", :password_confirmation 
> => "w", :role => 'admin') 
> User.create(:name => "Afsheen",  :password => "a", 
> :password_confirmation => "a", :role => '') 
>
> I tried the following IF statement from another website but that doesn't 
> seem to work. Could you suggest some correction to the below code or do 
> I need to change where I am putting the code in the first place? 
>
>
> def destroy 
>     @user = User.find(params[:id]) 
>   if not user.role = 'admin' 
>     @user.destroy 
> else 
>     respond_to do |format| 
>         format.html { redirect_to users_path, 
>                 notice: "#{@user.name} is an admin. You do not have 
> permission to delete this user" } 
>       format.json { head :no_content } 
>     end 
>   end 
>
> -- 
> Posted via http://www.ruby-forum.com/. 
>

IMO, this isn't good code.  I recommend you look at railstutorial.org which 
has an online book.  Chapters 6-9 give a very good tutorial on building 
user login functionality, how to insure only admins can delete users, and 
how to insure an admin can't delete themselves.  As Ganesh posted above, 
generally before_actions are used in the controller instead of the language 
you have above to insure only admins can delete users.

I believe this tutorial is good because it builds authentication from the 
ground up (roll your own) and you learn the concepts.  In practice, I don't 
usually do that because there are gems that are easier to use such as 
devise.  

Good Luck.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/rubyonrails-talk/2f3eab85-7788-4a8c-b91d-df6e249df511%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to