Learn
Authorization
Editor Role II

We created a method named editor? that checks whether a user’s role is “editor”, and returns true or false. The method uses self to refer to the current instance of a User object.

Now that we can determine whether a user has an editor role on the site, let’s add a few methods to the Application controller (app/controllers/application_controller.rb) to make sure that users with the editor role can access specific parts of the site.

Instructions

1.

In the Application controller (app/controllers/application_controller.rb), below require_user, add another method named require_editor

def require_editor redirect_to '/' unless current_user.editor? end
2.

Next, in the Recipes controller, use another before action that uses require_editor to permit only users with an editor role to access the show and edit actions

before_action :require_editor, only: [:show, :edit]
3.

Then in app/views/recipes/show.html, use the editor? method to display an edit link only if a user is an editor

<% if current_user && current_user.editor? %> <p class="recipe-edit"> <%= link_to "Edit Recipe", edit_recipe_path(@recipe.id) %> </p> <% end %>
4.

Try it out - first log in to the app as a user without a role. Looking at db/seeds.rb, Julian doesn’t have an editor role, so use his email [email protected] and password Julian1 to log in. Then visit http://localhost:8000/recipes/1. You shouldn’t see the Edit link on this page.

5.

Log out of the app, and then log back in as an editor. Looking at db/seeds.rb, Mateo has an editor role, so use his email [email protected] and password Mateo1 to log in to the app. Then visit http://localhost:8000/recipes/1. You should see the Edit link.

Folder Icon

Sign up to start coding

Already have an account?