VieTH: Fix authorise admin

b2a7ec46 · Tran Hoang Viet · f8bcc373 · b2a7ec46 · b2a7ec46 · b2a7ec46
Commit b2a7ec46 authored Jul 29, 2015 by Tran Hoang Viet
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 3 deletions

app/controllers/admin/application_controller.rb
+9 -0

app/controllers/admin/orders_controller.rb
+1 -2

app/controllers/orders_controller.rb
+1 -1

No files found.
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
+class Admin::ApplicationController < ApplicationController
+  before_action :authenticate_admin!
+
+  private
+
+  def authenticate_admin!
+    redirect_to root_path, alert: 'You are not permission.' unless current_user.try(:admin?)
+  end
+end
--- a/app/controllers/admin/orders_controller.rb
+++ b/app/controllers/admin/orders_controller.rb
-class Admin::OrdersController < ApplicationController
+class Admin::OrdersController < Admin::ApplicationController
  before_action :set_order, only: [:show, :update]
-  before_action -> { authorize(@order) }, only: [:show, :update]

  def index
    @orders = Order.all.includes(:user).order(created_at: :desc).page(params[:page])

--- a/app/controllers/orders_controller.rb
+++ b/app/controllers/orders_controller.rb
 class OrdersController < ApplicationController
  before_action :authenticate_user!
  before_action :set_order, only: [:show, :update]
-  before_action -> { authorize(@order) }, only: [:show, :update]
+  before_action -> { authorize(@order) }, only: [:show]

  def index
    @orders = current_user.orders.includes(:user).order(created_at: :desc).page(params[:page])