< Return to Blog

Resque, Devise and Admin Authentication

If you're already using Devise and want to 'secure' the web UI for admin access only, add the following to your routes.rb file

  resque_constraint = lambda do |request|
    request.env['warden'].authenticate? and request.env['warden'].user.admin?

  constraints resque_constraint do
    mount Resque::Server, :at => "/admin/resque"

You will only need to define an admin? predicate method in your User model for the above to work. Users who aren't admins and who have not authenticated themselves will be accessing a route that does not exist — therefore ensure your app has very good 404 handling.

Using CanCan? See this blog post for details