We use the exception_logger gem (https://github.com/QuBiT/exception_logger) for capturing exceptions, cancan (https://github.com/ryanb/cancan) for authorization and devise (https://github.com/plataformatec/devise) for authentication.
So how do you secure your logged_exceptions page ?
1. In your production.rb add the following lines
config.after_initialize do
LoggedExceptionsController.class_eval do
# include authentication and authorization before access
before_filter :authenticate_user!
load_and_authorize_resource
self.application_name = "Jqt"
end
end
2. Ensure your ability filed has the following entry for the role that can manage logged_exceptions
can [:manage], LoggedException
3. Restart your server
The Unemployed Scoundrel 