How do you implement authentication with the rails_admin gem when you are not using devise e.g. you have rolled your own authentication?
In config/initializers/rails_admin.rb include a config.authenticate_with block and place your authentication logic there. It should raise an exception if the user is not authorised to use rails_admin. Here is a simple example:
RailsAdmin.config do |config|
config.authenticate_with do
raise 'You must be admin' unless signed_in? && current_user.admin?
end
end
If you want to follow the rails_admin instructions for the cancancan gem then also add the following config line:
config.current_user_method(&:current_user)
Related
I’m using Rails 4.2.1 and Devise and rails_admin and I’m quite new to Rails.
I have a user model in the project and a login module for the users. But I need to add Rails Admin authentication. I added a new model Admin for the purpose. I have already set up basic authentication for the Rails Admin login. But now I need to remove basic authentication and add a login page for Rails Admin. What changes do I have to do?
As for my code, I am currently using this for basic authentication:
RailsAdmin.config do |config|
config.authenticate_with do
authenticate_or_request_with_http_basic('Site Message') do |username, password|
authenticate_admin username, password
end
end
end
I have added a method authenticate_admin in application_controller that I want to use for authentication instead.
As you are using devise with rails admin, you can use devise for the authentication.
In your rails_admin.rb add the following code:
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
I use pundit gem to authorization.
In my file config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authorize_with :pundit
config.current_user_method(&:current_user)
......
end
I follow the instructions in https://github.com/sudosu/rails_admin_pundit
But in when run code, error :
protected method `policy' called for #<Rails_Admin::MainController
I use rails_admin 0.8.1
Please guide me use pundit in rails_admin ( tutorial, examle, ...)
You can try to use this gem or just make default authorization.
Add this to config/initializers/rails_admin.rb file:
config.authorize_with do
redirect_to main_app.root_path, error: 'You are not authorized to perform this action.' unless current_user.admin?
end
I was setting up authorization using the code below and got an error. I'm using devise
undefined method `is_admin?' for #<User:0x007f803734ba48>
I've already setup the admin user in the console but I'm having issues testing out users trying to log in.
RailsAdmin.config do |config|
config.authorize_with do
redirect_to main_app.root_path unless warden.user.is_admin?
end
end
https://github.com/sferik/rails_admin/wiki/Authorization
This worked for me:
Include a boolean field in your users table and name it admin
Then use this:
RailsAdmin.config do |config|
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
config.authorize_with do
redirect_to main_app.root_path unless current_user.admin == true
end
end
Are you using Warden? On the same page I've found some custom authorization. Have you tried that?
I have two devise models, user and admin, When user and admin login through login form, then will redirect to /admin
I have read the rails_admin wiki, but it seems just about configuration about single devise model, Can I define multi warden scope like following:
RailsAdmin.config do |config|
config.authenticate_with do
warden.authenticate! scope: [:user,:admin]
end
config.current_user_method(&:current_user)
config.current_admin_method(&:current_admin)
end
You can add more than one devise model. Here is an example (with a checksum authentication):
# initilizer/devise.rb
Devise.setup do |config|
config.warden do |manager|
manager.strategies.add :admin, Admin::ChecksumAuthenticatable
end
end
You class Admin::ChecksumAuthenticatable (for example) needs to inherit from ::Devise::Strategies::Base. Then define all methods you want and overwrite authenticate! method:
def authenticate!
admin = Admin.from_checksum_for_auth!(checksum)
# from_checksum_for_auth! is defined on Admin model and check checksum validity
success! admin
end
I'm trying to install the Rails Admin Gem using Sorcery for authentication instead of Devise.
Rails admin does provide a hook that you can use to attach your own authentication method. Here is the example they provide in their docs (using warden):
config.authenticate_with do
warden.authenticate! :scope => :admin
end
config.current_user_method { current_admin }
I'm guessing that inside the block I need to reference the before_filter that Sorcery uses to authenticate users, which would be require_login.
However, when I try that and I try to visit /admin when logged out, I get a routing error:
No route matches {:action=>"new", :controller=>"sessions"}
This probably happens because I am being redirected within the engine rather than in the main app.
How can I set this up correctly?
# config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authenticate_with do
# Use sorcery's before filter to auth users
require_login
end
end
# app/controllers/application_controller.rb
class ApplicationController
# Overwrite the method sorcery calls when it
# detects a non-authenticated request.
def not_authenticated
# Make sure that we reference the route from the main app.
redirect_to main_app.login_path
end
end
#config/initializers/rails_admin.rb
RailsAdmin.config do |config|
...
config.parent_controller = 'ApplicationController'
end
If you use Sorcery with Cancancan gem, you should also add config.current_user_method(&:current_user) in your config/initializers/rails_admin.rb file, or you'll get the error: You are not authorized.