Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Resque, Devise and Admin Authentication

If you're already using Devise and want to 'secure' the web UI for admin access only, add the following to your routes.rb file

  resque_constraint = lambda do |request|
    request.env['warden'].authenticate? and request.env['warden'].user.admin?
  end

  constraints resque_constraint do
    mount Resque::Server, :at => "/admin/resque"
  end

You will only need to define an admin? predicate method in your User model for the above to work. Users who aren't admins and who have not authenticated themselves will be accessing a route that does not exist — therefore ensure your app has very good 404 handling.

Using CanCan? See this blog post for details

comments powered by Disqus