Restricting Edit and Delete

I want to be able to edit and delete resources myself, but not allow users of the application to do so.

Is there an easy way of doing this in Rails?

An incomplete solution would be just to remove the "delete" and "edit" buttons from the index view,开发者_运维技巧 but that doesn't disable their ability to do so via direct HTTP requests.

Running Rails 2.2.2 and ruby 1.8.7

Add a before_filter in your controller as shown below:

class PostsController < ApplicationController

  before_filter :require_god, :only => [:edit, :update, :destroy]

private  
  def require_god
    unless current_user.id == (@@god ||= User.find_by_login("phleet")).id
      flash[:notice] = "You don't have access to this page"
      redirect_to root_path
      return false
    end
  end

end

I would recommend CanCan. It is really simple, you only need ability.rb to define what user is not allowed to do.

Take a look at active_scaffold, admin_data and typus (all available on github). They're all plugins that make it trivially easy to build the admin side of things in such a way that you can easily keep administration stuff seperate from user facing stuff. Personally I like typus, but it requires you to have a typus_users table which is seperate from any other users tables, which may not be to everyone's tastes.

On the other hand, if you don't want anything complicated or you'd rather build it yourself from scratch a simple before_filter should do the trick...