Adds is_admin to the User model and ensures only admin users can add new resource

author: Matthew Lemon <y@yulqen.org> 2024-11-11 21:09:06 +0000
committer: Matthew Lemon <y@yulqen.org> 2024-11-11 21:09:06 +0000
commit: 634cf4ee06a4820eaa2431a272b9a223118cf884 (patch)
tree: 2e49854aa28062c9c68fdbe0e554459469098d61 /app/controllers
parent: b4acbcadc7b4f73efe0580be2dd3cf1dbe342682 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/pdfresources_controller.rb b/app/controllers/pdfresources_controller.rb
index 068b61a..1f8a6af 100644
--- a/app/controllers/pdfresources_controller.rb
+++ b/app/controllers/pdfresources_controller.rb
@@ -1,5 +1,6 @@
 class PdfresourcesController < ApplicationController
   before_action :set_pdfresource, only: %i[ show edit update destroy ]
+  before_action :require_admin, only: %i[ new create update destroy ]
 
   # GET /pdfresources or /pdfresources.json
   def index
@@ -67,4 +68,11 @@ class PdfresourcesController < ApplicationController
     def pdfresource_params
       params.expect(pdfresource: [ :name, :stripe_product_id, :price, :age_range, :curriculum, :feature_slot, :description, :card_description, pdfs: [], thumbnails: [] ])
     end
+
+    #must be admin!
+    def require_admin
+      unless Current.session.user&.is_admin
+        redirect_to root_path, notice: "You must be an admin to perform this action."
+      end
+    end
 end
author	Matthew Lemon <y@yulqen.org>	2024-11-11 21:09:06 +0000
committer	Matthew Lemon <y@yulqen.org>	2024-11-11 21:09:06 +0000
commit	634cf4ee06a4820eaa2431a272b9a223118cf884 (patch)
tree	2e49854aa28062c9c68fdbe0e554459469098d61 /app/controllers
parent	b4acbcadc7b4f73efe0580be2dd3cf1dbe342682 (diff)