Add access control and :forbidden error handling

2023-04-24 23:08:55 +02:00
parent 461f0bb812
commit 634ba7e901
5 changed files with 41 additions and 23 deletions
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -34,7 +34,10 @@
    <div class="nav-menu">
      <% if user_signed_in? %>
        <div class="right">
-          <%= image_link_to t('.users'), "account-multiple-outline", users_path, current: :active %>
+          <% if current_user_at_least(:admin) %>
+            <%= image_link_to t('.users'), "account-multiple-outline", users_path,
+                  current: :active %>
+        <% end %>
        </div>
      <% end %>
    </div>