I use pundit gem to authorization.
In my file config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authorize_with :pundit
config.current_user_method(&:current_user)
......
end
I follow the instructions in https://github.com/sudosu/rails_admin_pundit
But in when run code, error :
protected method `policy' called for #<Rails_Admin::MainController
I use rails_admin 0.8.1
Please guide me use pundit in rails_admin ( tutorial, examle, ...)
You can try to use this gem or just make default authorization.
Add this to config/initializers/rails_admin.rb file:
config.authorize_with do
redirect_to main_app.root_path, error: 'You are not authorized to perform this action.' unless current_user.admin?
end
Related
I am new to ruby-on-rails and i am looking for a way to have my rails_admin dashboard accessible only by superadmin users. I discovered that the rails_admin gem is fully compatible with another gem: cancancan, used for managing authorizations.
I followed this guide: https://github.com/sferik/rails_admin/wiki/Cancancan to configure rails_admin properly, and this is the result:
config/initializers/rails_admin.rb:
RailsAdmin.config do |config|
# == Devise ==
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
# == CancanCan ==
config.authorize_with :cancancan
config.actions do
dashboard # mandatory
index # mandatory
new
export
bulk_delete
show
edit
delete
show_in_app
end
end
app/models/ability.rb:
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can :read, :all
if user.superadmin_role?
can :access, :rails_admin
can :read, :dashboard
can :manage, :all
elsif user.admin_role?
can :manage, :all
end
end
end
When i created the project, i skipped active-records.
For now, the only scaffold i made was for a class called Product.
I keep getting this error when navigating to localhost:3000/admin:
NoMethodError in RailsAdmin::MainController#dashboard
undefined method `accessible_by' for Product:Class
I cannot figure out where and how to define this "accessible_by" method. Moreover, i found that on this link https://github.com/CanCanCommunity/cancancan/wiki/Fetching-Records, is told that NOT using active records requires a model adapter.
I'm using on MacOS 11.15.6 and:
Rails 6.0.2
Rails_admin 2.0.2
Cancancan 3.0.2
Mongoid 7.0.5
Can someone help me understanding what am i doing wrong?
Thanks :)
Ok, i got it!
I solved the problem with these steps:
FIRST OF ALL: STOP rails server IF CURRENTLY RUNNING
Install the cancancan-mongoid gem. Simply type gem 'cancancan-mongoid' in your Gemfile, UNDER the existing declaration of the cancancan gem. Then run bundle install.
I referred to this page: https://github.com/CanCanCommunity/cancancan-mongoid
Check that the order of the gems in your Gemfile looks like this:
mongoid
cancancan
cancancan-mongoid
rails_admin
The first three steps should solve the problem, but if it persists, proceed with this last step:
Create a new file called cancan_mongoid.rb and place it in your config/initializers folder, then paste the full code shown here: https://gist.github.com/bowsersenior/561639
This worked for me! :)
I would like to secure the rails_admin pages using the sorcery gem. According to this SO answer, the way to do this is as follows:
# config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authenticate_with do
# Use sorcery's before filter to auth users
require_login
end
end
# app/controllers/application_controller.rb
class ApplicationController
# Overwrite the method sorcery calls when it
# detects a non-authenticated request.
def not_authenticated
# Make sure that we reference the route from the main app.
redirect_to main_app.login_path
end
end
This overrides sorcery's default method for handling no login. The overriding does work in my app, but when I visit the rails_admin pages, I get the following error:
undefined local variable or method `root_path' for #<RailsAdmin::MainController.
so the overriding is not working in the rails_admin code. I am mounting rails_admin at the bottom of my routes file with
# config/routes.rb
...
mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
How do I fix this?
It is because the rails_admin controller is not inheriting from my application controller. There is a rails_admin configuration setting that sets this inheritance, i.e.
#config/initializers/rails_admin.rb
RailsAdmin.config do |config|
...
config.parent_controller = 'ApplicationController'
end
How do you implement authentication with the rails_admin gem when you are not using devise e.g. you have rolled your own authentication?
In config/initializers/rails_admin.rb include a config.authenticate_with block and place your authentication logic there. It should raise an exception if the user is not authorised to use rails_admin. Here is a simple example:
RailsAdmin.config do |config|
config.authenticate_with do
raise 'You must be admin' unless signed_in? && current_user.admin?
end
end
If you want to follow the rails_admin instructions for the cancancan gem then also add the following config line:
config.current_user_method(&:current_user)
I was setting up authorization using the code below and got an error. I'm using devise
undefined method `is_admin?' for #<User:0x007f803734ba48>
I've already setup the admin user in the console but I'm having issues testing out users trying to log in.
RailsAdmin.config do |config|
config.authorize_with do
redirect_to main_app.root_path unless warden.user.is_admin?
end
end
https://github.com/sferik/rails_admin/wiki/Authorization
This worked for me:
Include a boolean field in your users table and name it admin
Then use this:
RailsAdmin.config do |config|
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
config.authorize_with do
redirect_to main_app.root_path unless current_user.admin == true
end
end
Are you using Warden? On the same page I've found some custom authorization. Have you tried that?
I'm trying to install the Rails Admin Gem using Sorcery for authentication instead of Devise.
Rails admin does provide a hook that you can use to attach your own authentication method. Here is the example they provide in their docs (using warden):
config.authenticate_with do
warden.authenticate! :scope => :admin
end
config.current_user_method { current_admin }
I'm guessing that inside the block I need to reference the before_filter that Sorcery uses to authenticate users, which would be require_login.
However, when I try that and I try to visit /admin when logged out, I get a routing error:
No route matches {:action=>"new", :controller=>"sessions"}
This probably happens because I am being redirected within the engine rather than in the main app.
How can I set this up correctly?
# config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authenticate_with do
# Use sorcery's before filter to auth users
require_login
end
end
# app/controllers/application_controller.rb
class ApplicationController
# Overwrite the method sorcery calls when it
# detects a non-authenticated request.
def not_authenticated
# Make sure that we reference the route from the main app.
redirect_to main_app.login_path
end
end
#config/initializers/rails_admin.rb
RailsAdmin.config do |config|
...
config.parent_controller = 'ApplicationController'
end
If you use Sorcery with Cancancan gem, you should also add config.current_user_method(&:current_user) in your config/initializers/rails_admin.rb file, or you'll get the error: You are not authorized.