Build something that works
All you need to do is restrict the uploading of product listings to admins only. You'll be able to do this at the top of your controller files, where you can set the actions that are available to each type of user (e.g. unauthenticated users, signed-in users, admins, etc).
How far off am I?
class ListingsController < ApplicationController
<% if user_signed_in? && current_user.admin? %>
before_action :set_listing, only: [:show, :edit, :update, :destroy]<% end %>
before_filter :authenticate_user!, only: [:seller, :new, :create, :edit, :update, :destroy]
before_filter :check_user, only: [:edit, :update, :destroy]
Close. It would be right if this were the view page. View pages (.html.erb) allow for both HTML and ERB code, which is why we have to use the <% %> tags to distinguish between them. On the other hand, controller files (.rb) are Ruby files, so all the code is Ruby. No need to use the <% %> tags anymore.
Let's say that you already have an 'admin' column in your User database. Every user either has a true or false in their admin field. Then in your controller, you'd add a new line at the top:
before_action :check_admin, except: [:show, :index]
You'll then need to create the check_admin function at the bottom of the file. Use 'check_user' as an example.