I have the rails admin gem to see the user-friendly DB of my app. In this DB I have a lot of libraries, and I was wondering if there was a way that only certain admins could access certain libraries.
For example, admin user with email library123#admin.com can only see the details from library 123 in the rails admin DB, so this admin will only be able to access the URL
https://my-app.com/admin/library/35 and not https://my-app.com/admin/library or
https://my-app.com/admin.
I use devise for authentication to the rails admin and I do not use any gem for authorization.
I was thinking of adding a column to users with relation to the library to know which library each user belongs to, however, I am stuck thinking how would I say to the rails admin only permit to see the library this user belongs to.
assuming you have #admin? (or similar) implemented in the user model:
authenticate :user, ->(user) { user.admin? } do
# mount your restricted routes
end
Related
I want to create a webpage using rails 6.0.0, which has two types of users(model) without devise gem.
Admin
User/viewer
But the problems is that I want to authenticate (sign up /sign in) for both users with facebook or google_oauth2 with same callbacks address without devise gem:
/auth/:provider/callback
On internet, github and youtube I have found articles and videos only for authenticate single model. But I want to authenticate (sign up /sign in) for two models.
Can anyone help?
Please give an idea to authenticate both model with some example without devise gem that an beginner can understand.
Generally it is not advised to authenticate two models. Only in really rare cases this is needed. (Think of Uber which has drivers and clients booking the rides).
If you want to have an admin and a normal user, the way to do it is to add a column in the user model called admin which is a boolean. This way you only have one user model - most of the times the admin can do at leat what the user can do.
If your user is an admin, you just set the admin boolean to true :)
I have the requirement in one of the application to use active admin as the admin panel and I have used devise for the authentication purpose.
Now we have three types of users, super_admin admin and normal users. Super admin and admin will have the different functionality and we should use the same active admin interface.
The problem over here is as the devise will not allow two models like
devise_for :admins, ActiveAdmin::Devise.config
devise_for :super_admins, ActiveAdmin::Devise.config
we cant use both in routes to differntiate user type from routes and we can't scope the user type in the active admin as we are not using the role management systems(like cancan), but using the type field in user.
So can any one please help me to find the way to use active admin with two types of admin(super admin and admin). By using type and not using the role managements.
Thanks.
While it might be possible you're really just making a huge mess by pushing down authorization into the authentication layer.
It would make your Devise setup truly cringeworthy and you also need to setup a authorization layer if your own such as:
(current_super_admin || current_admin).is_a?(SuperAdmin) # yuck
You end up with a greatly overcomplicated authentication layer and a crappy homerolled authorization system. Both are a recipe for disaster.
Its also less than desirable if you need to be able to grant/revoke privileges since you need to transfer the user data from one table to another and also any relations that user might have.
If you want to do roles on the cheap you can simply use a enum column:
rails g migration add_role_to_user role:integer:index
class User
enum role: [:peasant, :admin, :super_admin]
end
We'd like all users to be able to access ActiveAdmin, however, we would like to limit the creation of new users to specified administrators. The ideal outcome would be that only administrators see the users resource.
Currently, any user can go on to users.rb and create a new user. How do I limit this so that only specified administrators can create users? How do I stop users from seeing this resource unless they are specified as an administrator?
Do I need to add an admin attribute to the users model? From there what do I do?
Using Rails 4 with Devise.
I only have a users.rb model, no adminusers model.
When installing ActiveAdmin I used:
rails g active_admin:install User # creates / edits the class for use with Devise
Thanks very much for your help!
I think you need some ability managment:
https://github.com/CanCanCommunity/cancancan
https://github.com/activeadmin/activeadmin/blob/master/docs/13-authorization-adapter.md#using-the-cancan-adapter
This might be a very simple questions as I am just getting started with RoR and been doing as much learning through resources as possible. Basically I am using Active Admin to handle the admin portion of my application. What I am wondering about is creating a user model. I know Active Admin uses Devise for its autherzation so if run rails generate active_admin:resource Userit should create the user model the same way as if I ran it with Devise correct?
The end goal is to have the main front end page be a login for users that are created by the admin on Active Admin (no sign up from the front end) that will lead them to the secure information like Profile, orders, what ever.
What you're looking to do (assuming that you want to separate out the idea of Admin Users versus regular users) is first generate the new devise model as you normally would:
rails generate devise user
Then create a resource to manage them within active admin
rails generate active_admin:resource User
The rest is a standard devise integration assuming the pages are outside the scope of Active Admin.
for a university project i have to create a small ruby on rails application, in Netbeans, which allows staff of the university to maintain their absence records.
The sample logins available in books have been regarding a singular user table. My application will require 3 types of users staff (who are assigned to a manager), manager and admin (to create/edit/delete all employees). Thus the login will have to bring up a particular users home page, in steps my confusion.
My table structure at the moment has the field user_id in both the manager and staff table which has a 'has_one' relationship with ID of the users table which simply contains the fields user_id, user_name password and user_type.
I can't get any adapted sample code for logins to work with this multi user application, any insights or ideas on tutorials available similar to this?
Cheers.
P.S. I have the full spec available if any other further information is required.
I couldn't tell from your question if you already have authentication working.
But, I've set up similar systems using the devise and cancan gems.
With devise, you just need to specify the root path in config/routes.rb and your user will be redirected there upon signin. For example you could have a route like this:
namespace :user do
match 'dashboard' => 'dashboard#index', :as => :root
end
Then, in dashboard#index, you could provide profile-specific actions. Also, a good way to manage user roles would be to put a role column on the users table and use the cancan gem.
Check out this railscast on the subject http://railscasts.com/episodes/192-authorization-with-cancan... So you could assign someone to the admin role, and using cancan's simple DSL they could create/edit/delete all employees.