I want to be able to edit and delete resources myself, but not allow users of the application to do so.
Is there an easy way of doing this in Rails?
An incomplete solution would be just to remove the "delete" and "edit" buttons from the index view, but that doesn't disable their ability to do so via direct HTTP requests.
Running Rails 2.2.2 and ruby 1.8.7
Add a before_filter in your controller as shown below:
class PostsController < ApplicationController
before_filter :require_god, :only => [:edit, :update, :destroy]
private
def require_god
unless current_user.id == (@@god ||= User.find_by_login("phleet")).id
flash[:notice] = "You don't have access to this page"
redirect_to root_path
return false
end
end
end
Take a look at active_scaffold, admin_data and typus (all available on github). They're all plugins that make it trivially easy to build the admin side of things in such a way that you can easily keep administration stuff seperate from user facing stuff. Personally I like typus, but it requires you to have a typus_users table which is seperate from any other users tables, which may not be to everyone's tastes.
On the other hand, if you don't want anything complicated or you'd rather build it yourself from scratch a simple before_filter should do the trick...