To explain it in a sentence, I am asking if it is possible to use the ActiveAdmin gem to create admin pages specific to admin users, i.e. each admin user only gets to see models and associating models specific to him. If so, how would I implement this?
To further explain my situation, I have a model called Sponsor(who would essentially be the admin users), and they put up different offers(another model that belongs to Sponsor) for users to redeem. So what I am trying to do is create an admin page where each sponsor gets his own admin credentials, and the admin page only shows the information that relates to this sponsor, i.e. the information regarding the offers this sponsor put up, and all relating models and its details. Is this possible to implement using the ActiveAdmin gem or any other gems for that matter?
I would rather not implement this from scratch if there are gems out there that I could use. Any suggestions?
I haven't tried this myself but it should be easily achievable in ActiveAdmin
either by changing the default scope on per controller basis or by using AuthorizationAdapter.
Related
I'm building a website, where vendors can have their own separate website on. There is vendors and normal users.
The goal is to have a closed profile page w. login for both, where a vendor can edit his website, check out stats and more. A normal user is also able to login to mark different vendor's websites as favourites and check out newest post on the forum. So what is important here is: They booth need to be on my Discourse forum, but I'd like to avoid a Vendor to have a login both for vendor and for a user (Signing up twice).
http://www.discourse.org/ has SSO ability for devise, but im not sure if it allows for two different devise models.
Should I:
Create one devise-model for both, called Users? (And have a boolean or integer if User is a vendor/has vendor-access?)
Or:
Separate them: One for Users and one for Vendors?
I haven't tested out if Discourse allows for two devise-models, since Discourse is the easiest to set up in production-mode. But I need your advice: Can I use Single sign-on for devise with two different devise models? Is it the preferable way? Or is there other ways than this I haven't noticed? Like adding a user to a vendor, or something?
Using rails 5
We can achieve this by managing role field. We can make entry on the time of sign_up in role field that user is normal user or vendor. After create this we check user_role can in after_sign_up_path and redirect to path accordingly.
for this refer gem rolify
please correct me if getting any thing wrong.
We are trying to create different groups of users with restricted database
functionality using the railsAdmin plugin in Rails. Specifically, there is a
table in the database that indexes all personnel. We want to create two
levels of user accounts. "Admins" have access to all personnel. "Moderators"
have access to a subset of personnel only. Further, moderators should be
able to add personnel to the database, but they should be visible only to
that moderator and the admins. As an example, if user A is a moderator and
adds a person named "Dave,", we don't want Dave to be visible in the
dashboard for other moderators (e.g., B, C, etc). Similarly, if moderator B
adds a person, s/he should be visible only to moderator B. We are having
difficulty determining where in the code this type of functionality should
be added. Any pointers would be appreciated. Thank you.
Have you considered using CanCan with rails_admin?
There is a pretty good guide on authorisation using CanCan with rails_admin on their wiki:
https://github.com/sferik/rails_admin/wiki/Cancan
p.s. you might prefer to use CanCanCan which is more actively maintained
I want add to my rails application admin module, but I don't know which chose. I saw that most popular is activeadmin and rails_admin. I need some admin in which I can create my pages with other handlers. Can this admin modules help me create admin panel or not? Maybe I can use something else?
Both, active_admin and rails_admin provide convenient ways to access and manage your database from a GUI interface. How you present that data is totally upto you. If by admin panel, you mean an admin dashboard like this, neither of them does that:
Admin dashboards are very application specific and depends on what type of data you want to display. active_admin and rails_admin will help you get data from your application but it's then upto you to display that data in whatever format/interface you want.
I really like how devise offers an easy to use registration system out of the box but I'm having trouble extending it to do what I need. I need to create a public user profile for each user that shows their information like name, email, bio, and more info. I've done this in the past before with a users/show function but since devise doesn't provide any easily editable controllers, I'm having trouble figuring out how to do this. I've already run rails generate devise:views to copy the devise views to my app but I don't know where to go from here. Any help would be much appreciated.
Sounds like you want users to update their profile at the same time they create their account? If so, you can setup an associated Profile model with the User model. Using accepts_nested_attributes_for you can then create a record for the nested model on devise user registration submit/creation.
Here's a great screencast covering nested models and I also suggest you search other devise relate SO posts as this question has been discussed before.
There is an alternative approach, that is simpler to implement — only allow registered users edit/update their profile. This way you don't have to alter the Devise views and you can setup the various CRUD actions via a separate non-devise controller.
Throw in an Access Control List (ACL) solution such as CanCan (there are other alternatives too!) and you can even allow other users view profiles but deny access to edit/destroy etc.
A lot of the rails authorization gems in rails is based on the idea of roles. We have a website that does not have "roles" but rather many users. Each user needs access to changed/update information on a single page rather than on lots of pages in a role of author. The page that they are editing is public accessible (view) but only editable by that user or the admin. No other user can edit that page.
Creating a role per user for this is silly.
Are there any rails gems already available that will allow this sort of mapping to users that do not have a particular grouping in a role?
Am I looking at the problem incorrectly?
Thanks.
You can use CanCan, and limit the queries / actions per user. Check it here https://github.com/ryanb/cancan . And there's an example of how to do this in Railscast 192.
I have the idea that I've seen an example in which CanCan added a mixin active record to provide some out of the box authorization, but I can't find an example of that. It the code looked like (it the app would be a blog with comments) Comment.authorize.find(1) and that command validated that the user had created the comment.
Role based permission systems are old hat,
Mysql changed from a roles based system to
a permissions based system a long time ago.
I have a plugin that is very similar to cancan
but it differs in a few small ways.Fat Model Auth