I built a web app in Rails where i have articles about different subjects like a blog basically. Now I want to add a group model on my users so that I can show some articles for only those that belong to a certain group. I use devise to handle my users today. They have email and a password as login.
I've been looking everywhere for a gem that i could use and i have searched google and stackoverflow but i haven't found anything except Groupify that resemble what I'm looking for and that is poorly documented :(
So first of all.. are there any gems out there that could help me with this? If not, does anyone has a good way to sort this?
I'm using Rails 4 for my app and Postgres as my database. I use the latest Devise.
I want to point out that I'm pretty new at Rails.
Maybe the cancan gem can help you:
https://github.com/ryanb/cancan
and
http://railscasts.com/episodes?utf8=%E2%9C%93&search=cancan
It sounds like the "groups" you are describing could be thought of as roles the users can have and you'd like to restrict authorization based on which roles they have.
If that's the case, you can take a look at the rolify gem: https://github.com/EppO/rolify
If that's not the case or that's overkill for what you are doing, I would probably not worry too much about finding a gem and instead just make a Group model that does what you want.
Related
I was wondering if there is any gem that implements an active admin control list in ActiveAdmin?
If none, what's the best way or approach to simply do this?
Reading up on pundit and still active admin whether or not I should really write one from scratch.
Thanks!
Edit:
I currently worked on this yesterday and have my access control list together with my group model. the form looks roughly something like this:
its rendered partial in my activeadmin group.rb
So yeah I guess the correct word is managing permissions on my activeadmin. I'm reading up if there is any way I can integrate activeadmin roles in my current setup. I'm kinda seeing this kind of setup is tedious?
I made it like this because eventually if there needs to be a lot of different roles, they don't have to ask the devs to code it everytime.
I think you might be looking for ActiveAdminRole
From what I understand of Pundit so far, it is geared more toward allowing the current user to perform certain actions on certain controllers, but how is it possible to extend this to cover if the user is part of a team or group that that would allow them certain actions? Or for one user to allow another user certain actions on, say, a post they created?
I like the idea of Pundit being "plain old ruby object" but I am open to working with another gem that may simplify how to do what I'm looking for. I have found a gem, Groupify (https://github.com/dwbutler/groupify), that seems to have gone cold for the past several months. I do have a requirement that anything I implement must be actively maintained so that one is disqualified. Does anything similar come to mind?
use cancancan gem. This is the great solution for permission.
I am beginner in Rails world, so hoping I will be able to find an answer here.
The project that I am working on, has to have User Authorization with roles, for simple users and for admins. With admin privileges I want to be able reset password for simple users or to add roles for them.
I was trying to apply Devise with cancancan gems, but unfortunately, couldn't make it work and I am not sure if that is even possible. So my question is which gems would you recommend to have such behavior. Or it's simpler to start from scratch?
Thank you for your answers.
It sounds like you would benefit from the Rolify Gem: https://github.com/RolifyCommunity/rolify. I'm pretty sure CanCan is for access control based on roles. I'm guessing you have seen this RailsCast: http://railscasts.com/episodes/192-authorization-with-cancan but it seems like the piece you are missing is Rolify. It's a great gem and extremely easy to use.
I have used Pundit with Devise
This is the repo to the application
add the gem and bundle. run rails g pundit:install
It will generate a policies folder with application_policy.rb file. There you can define conditions to actions. Say you want to make sure the user's role is admin to see application index
def index?
user.role == "admin"
end
If you want to create a policy for a different resource say Posts. You have to create a post_policy.rb file in the policies folder
I'm looking for a rails gem that allows my users (and or groups) the ability to create "pages".
I want it similar (if not nearly exactly) like pages.github.com, which I believe uses a library called Jekyll.
I've looked into this briefly, but I haven't been able to find any more... complete solutions.
Does anyone know of a solution that does what I'm looking for? I'd like to configure it for my models Group and User.
Thanks!
I don't about Jekyll, but his website says "is a blog-aware, static site generator in Ruby", and I don't think that's the case.
A solution is to store the pages created by the users to the Database, you can use Textile and/or RedCloth (instead of pure HTML).
There is a nice railscast how to create semi-static pages, I am sure you can get some good ideas:
http://railscasts.com/episodes/117-semi-static-pages
I hope this help you.
You should get the listed Gems
Devise + CanCan + Rolify
Use Devies to authenticate your users.
Use CanCan to authorize your users Roles.
Use Rolify to create the roles on your users that cancan checks.
Then just make a generic page model where the ability checks the roles to see if a user can read, update, create or destroy.
Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.