How to make blog only can be published by admin?

I have created a blog model with migration t.boolean :published, :default =>false

and now I don't know how to make this blog post to be unpublish by default and only admin can publish it. The authorization part can be done with cancan, how about the model and controller?

This is my current code: models/blog.rb

class Blog < ActiveRecord::Base
  attr_accessible :title, :content, :user_id, :published
  has_many :comments, :as => :commentable

  def published?
     published
  end
  def published!
     self.published = true
  end
  def unpublished!
     self.published = false
  end
end

controll开发者_Python百科er/blog_controller.rb #I'm using make_resourceful plugin to handle nested and polymorphic

class BlogsController < ApplicationController
   make_resourceful do
   actions :all
response_for :create do
   flash[:notice] = "Successfully created article."
      redirect_to blogs_url
    end
response_for :update do
      flash[:notice] = "Successfully updated article."
      redirect_to blogs_url
    end
response_for :destroy do
      flash[:notice] = "Successfully destroyed article."
      redirect_to blogs_url
   end
 end
end

Any idea guys?? or maybe a useful link? Thanks!

I'm not sure I'm following what you want, if you're using CanCan, then your authorizations.rb file should contain what the admin users can do, and what regular users can do.

See https://github.com/ryanb/cancan/wiki/Defining-Abilities

Depending on what you're using for authentication, but if it's something like Devise with built in helpers you can also use before_filter :authenticate_admin!, :only => [:edit, :update] to test and make sure the current user is an admin. (I'd recommend whitelisting with :except instead of :only).