Skip to content

Commit be0d421

Browse files
committed
fix: show descriptive message when non-admin accesses admin UI
1 parent 37e487e commit be0d421

2 files changed

Lines changed: 10 additions & 2 deletions

File tree

app/controllers/application_controller.rb

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,14 @@ def after_sign_in_path_for(resource)
1212
current_user.admin_access? ? admin_root_path : dashboard_root_path
1313
end
1414

15+
def admin_unauthorized
16+
if user_signed_in?
17+
redirect_to dashboard_root_path, alert: "You don't have permission to access that page."
18+
else
19+
redirect_to new_user_session_path
20+
end
21+
end
22+
1523
private
1624

1725
def user_not_authorized

config/routes.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -201,8 +201,8 @@
201201
end
202202

203203
# Fallback if AdminConstraint fails
204-
get "admin", to: redirect("/users/sign_in")
205-
get "admin/*path", to: redirect("/users/sign_in")
204+
get "admin", to: "application#admin_unauthorized"
205+
get "admin/*path", to: "application#admin_unauthorized"
206206

207207
get "unauthorized", to: "errors#unauthorized"
208208
get "404", to: "errors#not_found"

0 commit comments

Comments
 (0)