Limiting access so only I (or superadmin) has access to create/edit/update/destroy Categories

After creating the Etsy Demo, I added categories to my site so that all listings now filter by category name using a dropdown. Currently though, any user who is signed in can access /categories/new just by typing in the url. I don't want anyone but myself to be able to create/edit/update/destroy Categories. Can you suggest the best solution for this? Thanks!

Posted almost 5 years ago by Amy Peterson
Posted almost 5 years ago by Alex Yang

The best solution is to add some code to your controller file that checks if the user has the right permissions. There's a good example of how to do this in the 'Set User Permissions' video of the Etsydemo course. In particular, you should pay attention to how we create the 'check_user' method which redirects the user to the homepage if they don't have the right permissions. Setting up a similar method will prevent your users from accessing the /categories/new URL. Let me know if this makes sense.