If you're already using Devise and want to 'secure' the web UI for admin access only, add the following to your
resque_constraint = lambda do |request| request.env['warden'].authenticate? and request.env['warden'].user.admin? end constraints resque_constraint do mount Resque::Server, :at => "/admin/resque" end
You will only need to define an
admin? predicate method in your
User model for the above to work. Users who aren't admins and who have not authenticated themselves will be accessing a route that does not exist — therefore ensure your app has very good 404 handling.
Using CanCan? See this blog post for details