Rails - devise_token_auth - Accessing current user in constraint

Question

I'm using this gem , in my rails-api project.

I'm trying to restrict some routes base on user roles. So I create a constraint

  class BackendConstraint
    def self.matches?(request)
      current_user = request.env['warden'].user
      return false if current_user.blank?
      current_user.role?(:admin)
    end
  end

But request.env['warden'].user is always null. Am I'm missing something?

Thanks

Answer 1

I had the same problem with flipper's suggested filter, but found devise has a one liner solution: https://github.com/plataformatec/devise/wiki/How-To:-Define-resource-actions-that-require-authentication-using-routes.rb

eg

authenticate :user do
  resources :fjords, only: [:new, :create, :edit, :update, :destroy]
end
resources :fjords, only: [:index, :show]