I have an existing rails app with Mongo DB.Currently the app can be accessed by anyone that is every method in Portfolio controller and customer controller. Now I want that Portfolio controller should only be accessed by sign in user. How can I do that. I tried using active_admin but was unsuccessful.
You're looking for User Authentication. Try any authentication plugin like Devise or Clearance to sign in and distinguish individual users (more options here) or, even better at first, try building your own authentication solution alongside some of these excellent RailsCasts on User authentication (the paid episodes are totally worth it!). You'll learn how the different moving parts fit together real quick.
You might also want to consider using the Sorcery (https://github.com/NoamB/sorcery) gem as another option. It has links to the railscasts on the github repo there which helped a lot, and myself as a beginner found the wiki to be incredibly in-depth. Super easy to use.
Related
I'm trying to build a very simple Rails app where people can log in and then see a list of their Run Keeper Fitness Activities
I opted to use Devise and OmniAuth to handle the logins (complete with omniauth-runkeeper). All was working well, having followed Ryan Bates brilliant Railscast on the topic.
I was then keen to use the HealthGraph gem to connect to the RunKeeper API. To do so, it needs an access token. I opted to pull this at point of authorising the app, and record it in the user model (as outlined in this Gist) but I'm not sure this approach is quite right. Should I be recording this access token permanently in the database? I can easily create a new connection through the API now by using the following, but I'm concerned that this isn't the securest approach.
#user = HealthGraph::User.new(current_user.run_token)
Any advice or tips on a different approach would be greatly appreciated.
Ian
Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.
I've been using rails for a while and have used restful_authentication for user logins for the past few years. However this doesnt seem to be getting maintained any more, so was thiking it is time to move to another plugin.
Does anyone have any suggestiosn on what I should be using / is the most popular these days.
Only requirments I have are
It needs to work with rails 3
It needs to work with a model called Client instead of the standard User model.
Thanks,
Jon
Checkout Devise, it's still maintained and there are a lot of support resources out there. It also has extendable plugins, so you can authenticate with Twitter, Facebook, or really any OAuth2 solution
Here are a few:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
http://www.kiwiluv.com/techblog/?p=397
Have a look at Devise:
http://github.com/plataformatec/devise
Jon,
If you decide to go with Devise, note that you can manually override the default user class during installation. (The default is "User".) IMHO you're correct in that Devise seems to generally be maintained more, especially compared to restful_authentication. If you're torn between the two for your Rails 3 app, I'd recommend giving Devise a shot first.
First, my obligatory "I'm new to rails" statement: I'm new to rails.
Sorry for the following long-winded expository stuff, but I want to make sure I'm asking my question clearly. I'm building a sample manager for a small analytical lab. So far I have built the core user stuff using devise to manage sessions (Basically so I can use all of Devise's nice helper methods throughout my app). The users don't need to be securely separated, so there is no sign in form, it just automatically signs them in for whatever action the user wishes to do.
I would like to put a front door on the website for macro-security that signs in to either the user version of the site (described above) or the admin version. I understand how to implement this using Devise, however, I am unsure as to whether Rails allows this sort of double-session where there's a macro-security session on constantly while a bunch of internal sessions are created and destroyed. Again, sorry for the long-windedness and thanks for your time and help!
Decided to just give it a shot and it turns out it worked. I have to test to see if there are any kinks in the functionality, but as it stands it works well as a front-door while allowing the internal transient sessions.
Im learning Rails by building apps.
I want to make my first authenticated app: users signup, login, do some changes in models they have access to and logout.
I did the Google search but it is quite confusing: many plugins, many tutorials. Don't know where to start.
Is there a state-of-the-art authentication method for Rails? What do you use in Production to authenticate your users?
Any help in this will be helpful. Thanks
I've used authlogic in the past and have been quite happy with it. Ryan has a railscast (video tutorial) for authlogic here.
+1 to Jason, -1 to NSD and sparky. Authentication system is not the thing you want to build yourself, at least if you're aiming for production use. It's like inventing your own encryption algorithm - it's a lot more safe to use something extensively tested and well-developed.
I've also been using authlogic, but there are some alternatives over there - like the good old restful authentication, and devise, which I guess is more modern so to speak. BTW the two latest railscasts are devoted to devise.
If your application is simple and just want a simple and secure user login page you might want to look into the Restful Authentication plugin. Its very easy to use and if you don't have much authentication requirements this should do fine.
script/plugin install git://github.com/technoweenie/restful-authentication.git
script/generate authenticated user sessions
rake db:migrate
You can find out more by checking out this excellent railscast.
As A beginner I would recommend Restful Authentication as its simple to set up and will get you up and running with no time
following is a step by step guid
http://avnetlabs.com/rails/restful-authentication-with-rails-2
and authlogic - (http://github.com/binarylogic/authlogic) is another great plug in which is more flexible but requires some work to implement user registration and stuff
cheers,
sameera
One man's state-of-the-art authentication system is another man's worthless pile of garbage. You're almost always better off rolling your own in the long run. O'Reilly's Ruby Cookbook has some extremely basic examples that will set you off in the right general direction, then you can decide whether or not other people's solutions are right for you.
I would agree with NSD. Figuring out the plugins & how they should mesh with your application to me longer than creating an auth system in my latest application.
My tips - create a user_sessions controller and use normal CRUD methods to handle creating/destroying (ie logging in & out). Create another model for the user - it can handle create accounts & updating (ie changing passwords). Stick a :before_filter on each controller which needs protection.