Make /admin and /moderation only accesible to Admins & Moderators

app/controllers/application_controller.rb

@@ -11,6 +11,13 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 
+  rescue_from CanCan::AccessDenied do |exception|
+    respond_to do |format|
+      format.json { render nothing: true, status: :forbidden }
+      format.html { redirect_to main_app.root_url, :alert => exception.message }
+    end
+  end
+
   private
 
   def set_locale