With RESTful Rails resource controllers, it’s a fairly common pattern that creating and editing a resource is for admins only, but showing, indexing etc is for everyone.
admin_only before filter, add this
protected method to your
1 2 3 4 5
Now, you can just do
in your controller to protect the four actions around creation and editing. You can optionally pass additional methods to protect, like