I'm using this gem , in my rails-api project.
I'm trying to restrict some routes base on user roles. So I create a constraint
class BackendConstraint
def self.matches?(request)
current_user = request.env['warden'].user
return false if current_user.blank?
current_user.role?(:admin)
end
end
But request.env['warden'].user
is always null. Am I'm missing something?
Thanks
I had the same problem with flipper's suggested filter, but found devise has a one liner solution: https://github.com/plataformatec/devise/wiki/How-To:-Define-resource-actions-that-require-authentication-using-routes.rb
eg
authenticate :user do
resources :fjords, only: [:new, :create, :edit, :update, :destroy]
end
resources :fjords, only: [:index, :show]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.