Add required authorization to all pages

[cs356-p2-videostore.git] / app / controllers / login_controller.rb

diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb
index 9352437..f557c3e 100644 (file)
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@@ -2,7 +2,10 @@ class LoginController < ApplicationController
   layout "admin"
 
   # Make sure that a user logs in before doing any action here
-  before_filter :authorize, :except => :login
+  before_filter :authorize, :only => :index
+
+  # Only managers can do the following actions
+  before_filter :manager, :only => [:add_user, :delete_user, :list_users]
 
   def add_user
     @user = User.new(params[:user])
@@ -51,4 +54,5 @@ class LoginController < ApplicationController
   def list_users
     @all_users = User.find(:all)
   end
+
 end