[refs #510] Resque sinatra app secure

app/models/ability.rb

@@ -27,6 +27,8 @@ class Ability
     else # Registered user rights
       if user.admin?
         can :manage, :all
+        # Resque authorize
+        can :manage, Resque
         # Protection
         cannot :approve, RegisterRequest, :approved => true
         cannot :reject, RegisterRequest, :rejected => true

config/initializers/admin.rb

@@ -0,0 +1,8 @@
+# config/initializers/admin.rb
+class CanAccessResque
+  def self.matches?(request)
+    current_user = request.env['warden'].user
+    return false if current_user.blank?
+    Ability.new(current_user).can? :manage, Resque
+  end
+end

config/routes.rb

@@ -1,5 +1,12 @@
 # -*- encoding : utf-8 -*-
 Rosa::Application.routes.draw do
+  require 'resque/server'
+  namespace :admin do
+    constraints CanAccessResque do
+      mount Resque::Server, at: 'resque'
+    end
+  end
+
   devise_scope :users do
     get '/users/auth/:provider' => 'users/omniauth_callbacks#passthru'
   end