Double render or redirect when overwritting authenticate_inviter!

[paul-mesnilgrente]

Hi there,

I'm using the latest devise and devise_invitable. I have a fresh User model with a role attribute to know if the user is a regular user or an admin. Only admins should be able to invite people.

So I've put this code in the application_controller.rb:

  def authenticate_inviter!
    authenticate_admin!
  end

  def authenticate_admin!
    return if current_user.admin?

    redirect_back(fallback_location: root_path, alert: 'You are not authorized to access this page')
  end

But I get this error:

Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".

Line: redirect_back(fallback_location: root_path, alert: 'You are not authorized to access this page')

I see in the README that authenticate_inviter! makes a call to the devise authenticate_admin!(force: true). How different is it from what I'm doing? I'm just doing a redirect if the user isn't an admin which feels like one of the standard ways to handle nonauthorized pages.