Skip to content

Double render or redirect when overwritting authenticate_inviter! #893

New issue
New issue
Open
Open
Double render or redirect when overwritting authenticate_inviter!#893
@paul-mesnilgrente

Description

@paul-mesnilgrente
paul-mesnilgrente
opened on Jun 6, 2023

Hi there,

I'm using the latest devise and devise_invitable. I have a fresh User model with a role attribute to know if the user is a regular user or an admin. Only admins should be able to invite people.

So I've put this code in the application_controller.rb:

  def authenticate_inviter!
    authenticate_admin!
  end

  def authenticate_admin!
    return if current_user.admin?

    redirect_back(fallback_location: root_path, alert: 'You are not authorized to access this page')
  end

But I get this error:

Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".

Line: redirect_back(fallback_location: root_path, alert: 'You are not authorized to access this page')

I see in the README that authenticate_inviter! makes a call to the devise authenticate_admin!(force: true). How different is it from what I'm doing? I'm just doing a redirect if the user isn't an admin which feels like one of the standard ways to handle nonauthorized pages.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions