I prefer to raise a 404 error if someone is trying to access a page they do not have permission to be viewing.
def require_admin!
raise ActiveRecord::RecordNotFound unless authenticate_user! && current_user.is_admin?
end
The above assumes you have an authenticate_user! method which you will have if you are using devise. If you aren't using devise, I'd create one similar to the require admin I showed above with a unless current_user condition.
Add the is_admin? method to your user/admin class
All controllers inherit from application controller so you should not need to make it a helper method.