I'm building an app which have two user models: user and user_admin, user_admin is provided with activeadmin via devise and user was created with devise too. I created main page, some resources, and admin page, now I want to restrict access to any admin page via cancan. So to summarize:
User is on main page, then go to same other page, devise redirect him to sign_in
after sign in user can browse pages, but if he will want to go on /admin cancan should be give him 404 or give access to admin pages
only if he has admin role, then he must sign in with another
user_admin account.
So how I can describe in ability restriction to admin pages, some problems are:
I don't know where is Admin::DashboardController#index thus I can't check here role and make redirect to 404
Also Active admin is generating dynamically routes so I can't use that either.
How can I make it working?
Related
I have an asp.net mvc application. I have administration page to manage users. Have a scenario where admin adds new users and those uses have its own logins. Say admin creates a user 'testuser' and the testuser logs in to the application. Meanwhile admin deletes 'testuser'. The every next click of 'testuser' must redirect to login page. How can this be done? Is this managed through web.config, or whether this can be managed using the Base Controller(All controllers inherit from Base Controller).
I'd create an overload of the AuthorizeAttribute class where you'll check the database for every request wheither the user is still allowed to be logged in in the administration page.
I don't know what your requirements are with regards to the amount of users that will use the administration section, but this can become heavy on the database to have an extra database call on every authorized action.
my requirement is to create user accounts through admin login. I have installed cancan,devise and rollify but problem is i'm unable to trace how to do. Please help me out.I have to register users by admin login.
All the information you need is at this link:
Adding an Admin Role
When you deploy your application, you can then use the console to create your first Admin, who can in turn create Users via the GUI as per normal in a CRUD Rails application. Make sure that in your Users controller you have a before_filter that checks for admin_signed_in? on the create action (assuming that you have called your Admin role 'Admin' when creating it using rails generate devise Admin on the command line) - this will make sure that only Admins can access the create action in the Users controller. You could also wall off the edit and destroy actions in the same way, but I'm guessing you'd want to allow a User access to those.
I have developed two rails applications app1 and app2, they have their own user controller and model and own ability.rb file and own devise gem. I want all of them share a common user controller and user model and ability.rb file so that anyone irrespective of the application goes through the same authentication system.
In this context I have read the post Rails: Devise Authentication from an ActiveResource call and How to add authentication before filter to a rails 3 apps with devise for user sign up and sign in?. But I am sorry, I could not figure out how to modify their individual routes.rb file so that all the authentication requests redirected to it and I would like to know if I have to make another application for only management of user for that purpose.
You might use omniauth gem to provide one application to manage its users through the second one (like a Facebook connect, for example). This app's sign in action would just be a redirect to the second one's sign in page.
In this case, however, you would have 2 different user tables, which might need synchronization, but for just a simple authentication that could work.
I am using Devise gem in my application and it work fine.
I use omniauth to authenticate Twitter users, and when user types in http://www.mydomain.com/addtwitter user will be redirected to Twitter authentication page.
In devise gem, by default when user loads the page /auth/twitter it takes user to authorization page. So to customize this i added below code in my routes.rb file.
match "/addtwitter" => redirect("/auth/twitter")
But i would like to make the /addtwitter functionality only to the logged in user.
How do i achieve this without actually creating a controller/action in rails?
is this even possible?
In devise, you can specify routes that only apply to logged in users.
authenticated :user do
match "/addtwitter" => redirect("/auth/twitter")
end
I have a grails 2.0 app with the spring-security-core 1.2.6 plugin. I have different pages that have a #Secured annotation with different roles (ROLE_USER and ROLE_ADMIN). This works but when I try to access either a user or admin secure page I get redirected to the same login page. I would prefer to tailor this login page to the roles that was requested.
For example, if a unauthenticated user tries to access a ROLE_USER page, I would include a link to the user signup page, but if they tried to access a ROLE_ADMIN page, it should not.
Is there a way to access the requested roles in the login page, or alternatively a method for getting a list of roles for a given URL?
To use two different login pages you must create a custom AuthenticationEntryPoint. Here is an example already on SO: Different login controllers in Grails project with Spring security.
To send the user to a different location based on the roles that they have, create your own custom SuccessHandler and based on what role the user has send them to a different page.
Here's a link to a blog post I found.
Hope that helps.