diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/pdfresources_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/pdfresources_controller.rb b/app/controllers/pdfresources_controller.rb index 068b61a..1f8a6af 100644 --- a/app/controllers/pdfresources_controller.rb +++ b/app/controllers/pdfresources_controller.rb @@ -1,5 +1,6 @@ class PdfresourcesController < ApplicationController before_action :set_pdfresource, only: %i[ show edit update destroy ] + before_action :require_admin, only: %i[ new create update destroy ] # GET /pdfresources or /pdfresources.json def index @@ -67,4 +68,11 @@ class PdfresourcesController < ApplicationController def pdfresource_params params.expect(pdfresource: [ :name, :stripe_product_id, :price, :age_range, :curriculum, :feature_slot, :description, :card_description, pdfs: [], thumbnails: [] ]) end + + #must be admin! + def require_admin + unless Current.session.user&.is_admin + redirect_to root_path, notice: "You must be an admin to perform this action." + end + end end |