Use of Admin using Devise gem over Cancan - ruby-on-rails

How to use admin role using devise gem.
Can we same controller for admin and users using devise gem.
In Cancan we can use same controller for all roles.
Which gem is good for admin releated aspects.
Anyone tell me example of admin aspects using devise gem.

I recommend using ActiveAdmin Or RailsAdmin. Both of them have nice ways to use cancan. If you confused about whether to use then decide by evaluating the following :
If you think you dont want to give that much effort and you need only CRUD staffs then use RailsAdmin.
Otherwise Use ActiveAdmin

Related

Ruby on Rails: Devise - Is it bad to have a Users Controller separate from devise?

So from the beginning of the project, I installed devise gem, did the migrations and everything. Would it be bad practice, if I created a new controller:
rails g controller Users
Along side with devise? Sorry for the n00b question. Is there like a secrete place that devise creates this controller already and I can just customize and modify?
I think that it depends what you're trying to accomplish. If you want to customize Devise, Devise provides some hooks that you can use to customize certain things such as after_sign_up_path etc, or you can subclass Devise built-in controllers, for example:
class MyRegistrationsController < Devise::RegistrationsController
end
If you want something that devise doesn't provide, eg a list of users, or a detail page for a user, you might want to just create your own users controller as you mentioned - not bad practice, and Devise doesn't have any secrets, you can poke around in the gem code on Devise to find out what it's providing and what you might want to add or customize.

Rails 4 Authentication model with roles

I am beginner in Rails world, so hoping I will be able to find an answer here.
The project that I am working on, has to have User Authorization with roles, for simple users and for admins. With admin privileges I want to be able reset password for simple users or to add roles for them.
I was trying to apply Devise with cancancan gems, but unfortunately, couldn't make it work and I am not sure if that is even possible. So my question is which gems would you recommend to have such behavior. Or it's simpler to start from scratch?
Thank you for your answers.
It sounds like you would benefit from the Rolify Gem: https://github.com/RolifyCommunity/rolify. I'm pretty sure CanCan is for access control based on roles. I'm guessing you have seen this RailsCast: http://railscasts.com/episodes/192-authorization-with-cancan but it seems like the piece you are missing is Rolify. It's a great gem and extremely easy to use.
I have used Pundit with Devise
This is the repo to the application
add the gem and bundle. run rails g pundit:install
It will generate a policies folder with application_policy.rb file. There you can define conditions to actions. Say you want to make sure the user's role is admin to see application index
def index?
user.role == "admin"
end
If you want to create a policy for a different resource say Posts. You have to create a post_policy.rb file in the policies folder

Devise and pundit - how to restrict access to devise original views/actions

I am using Rails(4.2.1), Devise(3.4.1) and Pundit(1.0.0) and want to restrict the access to devise views(such as /users/edit) by my users role(rolify, 4.0.0).
How my policy should be named or how do I specify which model is referring to ? to match devise's
I tried to copy the devise controllers with a script in the docs but can't make it work.
What should I do to make this work, couldn't find anything that explain how to do this in a simple way. Just to be sure I am trying to use devise default views
I can recommend this screencast for you: Authorization with Pundit
You can name your policies like your model. For example for the Post model it's PostPolicy.
It's always informative to look at the readme: Pundit Readme

Rails User or Group Pages Gem

I'm looking for a rails gem that allows my users (and or groups) the ability to create "pages".
I want it similar (if not nearly exactly) like pages.github.com, which I believe uses a library called Jekyll.
I've looked into this briefly, but I haven't been able to find any more... complete solutions.
Does anyone know of a solution that does what I'm looking for? I'd like to configure it for my models Group and User.
Thanks!
I don't about Jekyll, but his website says "is a blog-aware, static site generator in Ruby", and I don't think that's the case.
A solution is to store the pages created by the users to the Database, you can use Textile and/or RedCloth (instead of pure HTML).
There is a nice railscast how to create semi-static pages, I am sure you can get some good ideas:
http://railscasts.com/episodes/117-semi-static-pages
I hope this help you.
You should get the listed Gems
Devise + CanCan + Rolify
Use Devies to authenticate your users.
Use CanCan to authorize your users Roles.
Use Rolify to create the roles on your users that cancan checks.
Then just make a generic page model where the ability checks the roles to see if a user can read, update, create or destroy.

ActiveAdmin ACL

I'm new to Ruby on Rails and one of the things that I like is the admin generator bundles like RailsAdmin ActiveAdmin etc.
In my next project I'd like to use Ruby on Rails 3 and ActiveAdmin as backend. But I have no idea of how to achieve ACL in ActiveAdmin.
Can someone explain or point me in the right direction please?
Active Admin uses the Devise gem for authentication. The Devise team have a wiki on how to use cancan for authorization here https://github.com/plataformatec/devise/wiki/How-To:-Integrate-with-CanCan-for-roles-management
ActiveAdmin has rather poor support for authorization in my opinion. If you want integrated CanCan then I recommend going with RailsAdmin. It unfortunately is not as customizable as ActivAdmin though.

Resources