Make /admin and /moderation only accesible to Admins & Moderators

app/controllers/admin/base_controller.rb

@@ -0,0 +1,11 @@
+class Admin::BaseController < ApplicationController
+
+  before_filter :verify_administrator
+
+  private
+
+  def verify_administrator
+    raise CanCan::AccessDenied unless current_user.try(:administrator?)
+  end
+
+end

app/controllers/admin/dashboard_controller.rb

@@ -1,4 +1,4 @@
-class Admin::DashboardController < ApplicationController
+class Admin::DashboardController < Admin::BaseController
 
   def index
   end

app/controllers/application_controller.rb

@@ -11,6 +11,13 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 
+  rescue_from CanCan::AccessDenied do |exception|
+    respond_to do |format|
+      format.json { render nothing: true, status: :forbidden }
+      format.html { redirect_to main_app.root_url, :alert => exception.message }
+    end
+  end
+
   private
 
   def set_locale

app/controllers/moderation/base_controller.rb

@@ -0,0 +1,11 @@
+class Moderation::BaseController < ApplicationController
+
+  before_filter :verify_moderator
+
+  private
+
+  def verify_moderator
+    raise CanCan::AccessDenied unless current_user.try(:moderator?)
+  end
+
+end

app/controllers/moderation/dashboard_controller.rb

@@ -1,4 +1,4 @@
-class Moderation::DashboardController < ApplicationController
+class Moderation::DashboardController < Moderation::BaseController
 
   def index
   end

spec/features/admin_spec.rb

@@ -0,0 +1,34 @@
+require 'rails_helper'
+
+feature 'Admin' do
+  let(:user) { create(:user) }
+
+  scenario 'Access as regular user is not authorized' do
+    login_as(user)
+    visit admin_root_path
+
+    expect(current_path).to eq(root_path)
+    expect(page).to have_content "not authorized"
+  end
+
+  scenario 'Access as a moderator is not authorized' do
+    create(:moderator, user: user)
+
+    login_as(user)
+    visit admin_root_path
+
+    expect(current_path).to eq(root_path)
+    expect(page).to have_content "not authorized"
+  end
+
+  scenario 'Access as an administrator is authorized' do
+    create(:administrator, user: user)
+
+    login_as(user)
+    visit admin_root_path
+
+    expect(current_path).to eq(admin_root_path)
+    expect(page).to_not have_content "not authorized"
+  end
+
+end

spec/features/moderation_spec.rb

@@ -0,0 +1,34 @@
+require 'rails_helper'
+
+feature 'Admin' do
+  let(:user) { create(:user) }
+
+  scenario 'Access as regular user is not authorized' do
+    login_as(user)
+    visit moderation_root_path
+
+    expect(current_path).to eq(root_path)
+    expect(page).to have_content "not authorized"
+  end
+
+  scenario 'Access as a moderator is authorized' do
+    create(:moderator, user: user)
+
+    login_as(user)
+    visit moderation_root_path
+
+    expect(current_path).to eq(moderation_root_path)
+    expect(page).to_not have_content "not authorized"
+  end
+
+  scenario 'Access as an administrator is authorized' do
+    create(:administrator, user: user)
+
+    login_as(user)
+    visit moderation_root_path
+
+    expect(current_path).to eq(moderation_root_path)
+    expect(page).to_not have_content "not authorized"
+  end
+
+end