small medium large xlarge

31 May 2011, 18:49
Christopher Berry (2 posts)

I have been following the book diligently with no issues. I am now totally stuck. I implemented the before_filter :authorize and doing so is not allowing me to delete users from the users/index.html.erb view.

Without the :authorize before_filter users can be deleted just fine.

Instead upon clicking “destroy” i am first asked “are you sure” and then redirected to the login page (the user is not deleted).

I have gone so far as to copy exactly the code for the following files: application_controller.rb, users_controller.rb, sessions_controller.rb, views/users/index.html.erb, etc…

Is this something others are having troubles with? Any help is greatly appreciated.

31 May 2011, 20:56
Christopher Berry (2 posts)

I do note by adding to users_controller.rb

skip_before_filter :authorize

that I can delete users… but this defeats the purpose of authorize as it opens up the users controller to non-admin.

You must be logged in to comment