Just added an Admin model to Devise. I am on Rails 4.
I would like to give the Admin privileges to destroy and update articles that other users have created.
Having trouble finding documentation on how to do so.
Right now I have this on my index page, which allows the current creator to destroy/edit:
<% if current_user == article.user %>
<p>
<%= link_to 'Edit', edit_article_path(article) %>
<%= link_to 'Destroy', article, method: :delete, data: { confirm: 'Are you sure?' } %>
</p>
<%end%>
Would I add something here to let admins be able to do this as well?
Also here is my destroy action in articles_controller:
def destroy
@article = current_user.articles.find(params[:id])
@article.destroy
respond_to do |format|
format.html { redirect_to articles_url, notice: 'Article was successfully destroyed.' }
format.json { head :no_content }
end
end
I am still a Rails beginner. Tons to learn. If this is already documented somewhere could you please point me in that direction.
Here you go. Quite an extensive documentation:
https://github.com/plataformatec/devise/blob/master/README.md
Very first steps are to simply add
before_action :authenticate_user!
to your controllers.
If you also need authorization have a look at cancan:
https://github.com/ryanb/cancan
Or rather https://github.com/elabs/pundit since CanCan is no longer maintained.