Access Control List in ActiveAdmin? - ruby-on-rails

I was wondering if there is any gem that implements an active admin control list in ActiveAdmin?
If none, what's the best way or approach to simply do this?
Reading up on pundit and still active admin whether or not I should really write one from scratch.
Thanks!
Edit:
I currently worked on this yesterday and have my access control list together with my group model. the form looks roughly something like this:
its rendered partial in my activeadmin group.rb
So yeah I guess the correct word is managing permissions on my activeadmin. I'm reading up if there is any way I can integrate activeadmin roles in my current setup. I'm kinda seeing this kind of setup is tedious?
I made it like this because eventually if there needs to be a lot of different roles, they don't have to ask the devs to code it everytime.

I think you might be looking for ActiveAdminRole

Related

Create a group model for users in rails

I built a web app in Rails where i have articles about different subjects like a blog basically. Now I want to add a group model on my users so that I can show some articles for only those that belong to a certain group. I use devise to handle my users today. They have email and a password as login.
I've been looking everywhere for a gem that i could use and i have searched google and stackoverflow but i haven't found anything except Groupify that resemble what I'm looking for and that is poorly documented :(
So first of all.. are there any gems out there that could help me with this? If not, does anyone has a good way to sort this?
I'm using Rails 4 for my app and Postgres as my database. I use the latest Devise.
I want to point out that I'm pretty new at Rails.
Maybe the cancan gem can help you:
https://github.com/ryanb/cancan
and
http://railscasts.com/episodes?utf8=%E2%9C%93&search=cancan
It sounds like the "groups" you are describing could be thought of as roles the users can have and you'd like to restrict authorization based on which roles they have.
If that's the case, you can take a look at the rolify gem: https://github.com/EppO/rolify
If that's not the case or that's overkill for what you are doing, I would probably not worry too much about finding a gem and instead just make a Group model that does what you want.

Preventing Certain Users from Deleting Records in Rails Admin

I have Rails Admin installed which is working great. However I have a problem. Only admins can sign into Rails Admin and there are two types of admins. The first type of admin can have access to everything, delete anything they want, etc. The second type should only have access to certain tables.
I don't see any configuration with Rails Admin to get what I want so I was thinking of using a callback in my models. But then I would have to somehow pass through the user's credentials to verify what type of admin they are, and even then there would have to be a lot of hacking. My question is, can this be done, and if so, whats the best way to do this?
I have used CanCan in the past to accomplish exactly what you're looking for. It worked well with Rails Admin.
https://github.com/sferik/rails_admin/wiki/CanCan
As an aside: I would recommend using a single role per user as that seems to make things easier.

Rails application with multiple roles

I have a rails application with 2 roles, say admin and user. But the thing is, The admin doesn't use a backend like ActiveAdmin for example. I want both Admin and User to see the same views, but depending on the role, I restrict what they can see. I'm using Cancan, but since for example both admin and user can see the product page, I end up with many conditions inside the view and controller actions stating for example if this is an admin show that, if not then show that instead.
So I don't really think that this is the "Rails way". I end up with many repeated code, and code inside the views which doesn't really support the idea of keeping the logic away from the views.
So my question is, What's the best way to implement such a scenario with many roles but the same views.
Thank you.
I'm thinking of two options currently, but I don't like either. One is to redirect the admin to another view, but this way most of the view is the same hence it's not DRY at all.
Option 2 is to use the exact same view, but add many conditions in the view, so I end up with a huge complex view with code. I'm trying to find a way that keeps things DRY yet simple, and keeps the views code free.
You can have the admin module under seperate namespace and users as the default namespace. You can extract the common code under partials and use the same in both admin and user module.
This way you can separate the code for user and admin, and if sometime in future if you decide to go for a different views for admin and user. It won;t be much of a task.
Have controllers as
app/controllers/admin/articles ------ for admin users
app/controllers/articles ---- for normal users
and
views
app/views/admin/articles
app/views/articles
app/views/shared
There are different possible approaches. A variation of the 'decorator' pattern would come to mind as described here
It's some time I last read it, but I think the basic idea is to put the logic in the model or helpers. As soon as a user logs in and you can see if he is an admin or normal user you have methods that return the necessary html or text.
A more simple approach would be to just have two partials for everything. Either as Ross says in a separate admin namespace or even simpler (but more work if you later need to change that) just like _user_view_something.html.erb and _admin_view_something.html.erb.
Somewhat similar thoughts go into the DCI pattern. This Blog gives some nice overview how this could play into Rails. The article is more about permissions, but again the basic idea is to supplement the user object with the necessary functions.
So you have the basic "do_something" method which renders something or places some information in the view and replace it with the one that fits to the role the actual user has.

Rails Active_Admin VS. my own backend

I've been thinking of writing my own backend, because I feel active_admin might not support all the requirements.
I wanted to ask if Active_Admin supports any of these just to be sure:
I have a has_and_belongs_to_many relationship between my ad model
and tag model. In the new ad page I would like to have the form for
the ads, as well as all available tags so the admin can choose which
tags to associate with the ad. I was able to do that normally in my
application, but can I do that with active_admin?
Can I add custom buttons.. Like one to convert to PDF for example,
or one to send an e-mail..
Could I add some sort of before_filter, so the admin can only view a
model, but not edit or delete it for example?
Thank you.
All of those things can be done via Active Admin, but as it was pointed out, it can be quite a nightmare actually implementing certain things depending on the amount of flexibility you need it to have. For that exact reason, I decided to start rolling my own administration panels.
I have tried an implemented almost all robust gems for admin panels. I have also sweated over several hand-made ones.
Active-Admin is very usability centred, but it is not configuration centred.
As you rightly aniticipated, some of the more complex modifications can be tedious.
In my experience, rails_admin is the best middle ground I could find.
Take a look at it, it is highly functional, completely modular (made as a Rails 3 Engine) and simpler to modify.
If you can live without some details when customizing this is definitely the way to go. However, if you need to have everything just right, then there is not substitute for hand-made.

Rails configurable authorization per-role/crud action

I'm working with a Rails 2.3 app that is already using declarative_authorization to handle user permissions. Each user belongs to one group (no fancy roles) with permissions on certain models, mostly the regular CRUD actions, but with a few special ones. This all works fine with declarative_authorization in it's usual out of the box mode.
We now want to allow admins to set permissions on particular groups of users with regards to model types. For example, we create a new group Foo, assign some users to it, and then decide with checkboxes if users in group Foo can c/r/u/d objects of model Bar.
I've used acl9 before, and I think I see how I could make that work. I've been a fan of CanCan lately, but I don't see how do it easily with that. If declarative_authorization can do this, I'll stick with it, but I'm prepared to bite the bullet and switch.
What plugin would be the best way to accomplish this? Is there a way to get declarative_authorization to do the job? An elegant way to use CanCan? Are there any gotchas I should watch for, e.g. database performance?
I could be convinced to upgrade the app to Rails 3.1, but I'd prefer to find a 2.3-compatible solution.
I've seen some similar questions, but no satisfactory answers
Rails Dynamic Role-Based Authorization plugin?
and this, for cancan
https://github.com/ryanb/cancan/wiki/Role-Based-Authorization
I'm a fan of the StoneWall gem - authorization checks are in the form of a Ruby block, so in that block you could look up records and see if the user in question has authorization.
There's not a lot of documentation, but the idea is:
a_user_object.may_read?(object)
If object is a Todo instance, then Stonewall will look int the Todo model and execute the read block
# app/models/todo.rb
stonewall do |s|
s.action :read do |todo, user|
todo.owner == user # only the owner of a todo item may read the item
end
end
This approach makes two things easy:
read is just a Ruby block, so whatever you want to happen can happen
actions can be given arbitrary names, so if you want to check to see if a user has permission to comment on a todo item (for example), just create a s.action :comment and access it with a_user_object.may_comment?(object)

Resources