I was setting up authorization using the code below and got an error. I'm using devise
undefined method `is_admin?' for #<User:0x007f803734ba48>
I've already setup the admin user in the console but I'm having issues testing out users trying to log in.
RailsAdmin.config do |config|
config.authorize_with do
redirect_to main_app.root_path unless warden.user.is_admin?
end
end
https://github.com/sferik/rails_admin/wiki/Authorization
This worked for me:
Include a boolean field in your users table and name it admin
Then use this:
RailsAdmin.config do |config|
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
config.authorize_with do
redirect_to main_app.root_path unless current_user.admin == true
end
end
Are you using Warden? On the same page I've found some custom authorization. Have you tried that?
Related
I'm using Rails 5, rails_admin and devise with the standard devise user model setup:
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
I would like a single user to be able to access the /admin area. Without having to create a new "isAdmin" attribute in the User model, is it possible to simply tell rails_admin that user.id=1 is the only user that can access the /admin area?
This worked for me. In rails_admin.rb, I removed the devise configuration and simply checked for current_user.id to equal 1.
config.authorize_with do
if user_signed_in?
redirect_to main_app.root_path unless current_user.id == 1
else
redirect_to main_app.root_path
end
end
This is simple and does not give away there is an /admin area unless you are the current signed in user and your id == 1
Currently I'm using devise and rails_admin on Rails 5.0.0.1, when I open admin panel this error is showing up.
After I added below lines in rails_admin.rb file for authorization, above error arises
config.authorize_with do
redirect_to main_app.root_path unless current_user.is_admin?
end
The error states that is_admin? method is not defined for a user instance. I assume you have an admin attribute in your model. You can either define the method in the model like
class User < ActiveRecord::Base
def is_admin?
self.admin #returns a boolean
end
...
end
Or replace the block with
config.authorize_with do
redirect_to main_app.root_path unless current_user.admin
end
current_user.admin will return a boolean value based on the field admin in the users table.
Hope this helps!
I was experiencing the same issue and was able to find a solution.
Add this to rails_admin.rb:
config.authorize_with do
redirect_to main_app.root_path unless current_user.admin?
end
if you are working with devise add it underneath the devise section like so:
RailsAdmin.config do |config|
### Popular gems integration
## == Devise ==
config.authenticate_with do
warden.authenticate! scope: :user
end
config.current_user_method(&:current_user)
config.authorize_with do
redirect_to main_app.root_path unless current_user.admin?
end
How do you implement authentication with the rails_admin gem when you are not using devise e.g. you have rolled your own authentication?
In config/initializers/rails_admin.rb include a config.authenticate_with block and place your authentication logic there. It should raise an exception if the user is not authorised to use rails_admin. Here is a simple example:
RailsAdmin.config do |config|
config.authenticate_with do
raise 'You must be admin' unless signed_in? && current_user.admin?
end
end
If you want to follow the rails_admin instructions for the cancancan gem then also add the following config line:
config.current_user_method(&:current_user)
I want to be able to just let the users that have an admin attribute set to true to access rails_admin. So, if a user has the is_admin attribute to true, they can access the rails_admin interface.
I have checked their documentation and all I can find about authentication is here: https://github.com/sferik/rails_admin/wiki/Authentication
Please, could you help me to do so?
Thanks
From https://github.com/sferik/rails_admin/wiki/Authorization
config.authorize_with do
redirect_to main_app.root_path unless current_user.is_admin?
end
The documentation already explains, what you have to do:
In your rails_admin.rb initializer:
config.authenticate_with do
warden.authenticate! :scope => :admin
end
config.current_user_method { current_admin } # hook to your 'current_user' method
And in your User Model you generate the current_admin method:
def current_admin
current_user && current_user.is_admin
end
I think this should work.
I'm trying to install the Rails Admin Gem using Sorcery for authentication instead of Devise.
Rails admin does provide a hook that you can use to attach your own authentication method. Here is the example they provide in their docs (using warden):
config.authenticate_with do
warden.authenticate! :scope => :admin
end
config.current_user_method { current_admin }
I'm guessing that inside the block I need to reference the before_filter that Sorcery uses to authenticate users, which would be require_login.
However, when I try that and I try to visit /admin when logged out, I get a routing error:
No route matches {:action=>"new", :controller=>"sessions"}
This probably happens because I am being redirected within the engine rather than in the main app.
How can I set this up correctly?
# config/initializers/rails_admin.rb
RailsAdmin.config do |config|
config.authenticate_with do
# Use sorcery's before filter to auth users
require_login
end
end
# app/controllers/application_controller.rb
class ApplicationController
# Overwrite the method sorcery calls when it
# detects a non-authenticated request.
def not_authenticated
# Make sure that we reference the route from the main app.
redirect_to main_app.login_path
end
end
#config/initializers/rails_admin.rb
RailsAdmin.config do |config|
...
config.parent_controller = 'ApplicationController'
end
If you use Sorcery with Cancancan gem, you should also add config.current_user_method(&:current_user) in your config/initializers/rails_admin.rb file, or you'll get the error: You are not authorized.