Written February 6, 2008. Tagged Ruby, Ruby on Rails.
With RESTful Rails resource controllers, it's a fairly common pattern that creating and editing a resource is for admins only, but showing, indexing etc is for everyone.
admin_only before filter, add this
protected method to your
actions = [:new, :create, :edit, :update]
actions += Array(options[:and])
before_filter :admin_only, :only => actions
Now, you can just do
in your controller to protect the four actions around creation and editing. You can optionally pass additional methods to protect, like
admins_create_and_edit :and => :destroy
admins_create_and_edit :and => [:destroy, :invert]