I am relatively new to Ruby on Rails and activeadmin. I wonder how I can make active_admin as a user control dashboard. User loged into admin dashboard, only seeing their own records, i.e posts and account info and etc. Also, I already have CanCAn role based user authorization
https://github.com/gregbell/active_admin/wiki/How-to-work-with-cancan
Based on the article pasted above, it is possible to create user only access their own records.
Related
I have a functioning rails app with devise Admins and Users, and I want to create a secure way that will only allow users with specific IDs to become authorized to become admins. Currently, I have a static link that is not very secure that will make the current user an admin(website.com/make_admin), but I want to find the most secure method to turn specific users into administrators (I am open to all options that could accomplish this). What would be the best way for me to do this?
I'd recommend adding an admin field to the user form to select if they're an admin user, but do a check in the update/create actions on your users controller to check if the current_user (if using Devise) is another admin user (or whatever role type they need to be to update other admin permissions).
You would also probably want to do a check to make sure they can't set themselves as admin=false, otherwise you could end up with no admin users left on the site and no-one with permission to change this. That said, depending on the app you could always just manually manage admin users - my company will do this depending on the client and their needs.
You can use Rolify to give roles to the user's and CanCanCan for access control.
You can assign roles to user either from rails console or you can generate a view for it, and restrict it to admin and assign roles to each individual user.
You could add an admin boolean to your user model, and update it through the rails console
rails g migration add_admin_to_users admin:boolean
Let's say I have Blog app built with Rails and on a post created by a user(Author) I have a "Request a chat" button.
I want to build a small function on that post page that when User A presses that button, the page will redirect to or open a chatbox that connect User A with user Author?
Author is a devise registered user and User A is not.
How would I build something like that? Thanks
I think it's weird having a devise registered user and a non devise user unless you mean User A is just an unregistered guest. Either way, it's not a big deal and it can be done.
The way you would put together that system is as follows:
OpenChat # your new data model
OpenChatsController # your new controller
"Request a chat" would create a new OpenChat object, with author and guest A foreign keys. If User A is a guest, you can store a cookie "password" in their browser but generally it's only advisable if the conversation is brief and security isn't a big deal.
Then you would be able to check if there is an open chat between the two users and display it in any page you want, and display messages appropriately.
You will need to look up how to setup a basic chat system (there are a million answers out there that will take you step by step) as that's beyond the scope of this question.
If you are new to Rails, I also recommend Michael Hartl's Ruby on Rails tutorial:
https://www.railstutorial.org/
I am new to Ruby on Rails development. Currently, I am creating a web app where users can log in, create, and manipulate their own "campaigns" (database objects) that are then displayed on a dashboard. I am using the devise gem, but at best it filters the database objects without actually using any permissions. I need to make sure that the database objects that appear on the dashboard are specific to only the current user that is logged in. What would be a good solution for displaying the campaigns of only the logged in user on the dashboard, and making sure that the user can't access/see anyone else's objects on the dashboard.
It sound like you need a before_filter on your controller. I don't use devise, but just google "devise before action" and you will find many links like this one that might be helpful. On another note, here is an excellent tutorial that shows how to create your own authentication system. I recommend doing it twice. The rails guides are also great.
Update:
Try this in your contoller
def index
#user = User.find(params[:id])
#campaigns = #user.campaigns.all
end
I am new to ruby on rails
I want a rails application it contain login form, registration form, order page and admin form,user order a product it update on admin page.
example: user have 3 products 1.laptop 2. phone 3.speakers, if user ordered phone, it must display on admin page like x user order phone.
please help me, I am beginner, please help me
Below is just a small brief .I can't write complete code over here.
You can use Devise gem for login & registration.
For adding roles to the particular user , use cancan gem.
Then , create scaffold for Product.
Create the view for corresponding pages.
Insert the products.
Create Order model & controller , create association with product & so on...
I need :project_owners to invite new :project_participants to a project.
Much like in Basecamp, the :project_owner needs to be able to assign the new :project_participant to projects prior to them completing their full profile (their profile will show "invited" status until they complete their profile).
Once the :project_participant has created a profile their project/index should automatically include any projects they were assigned to prior to finalising their profile.
Authlogic is used for authentication. You should use 'declarative_authorization' or 'CanCan' for authorization.
Authentication gems are used to check whether a user's record exist in database or not and authorization gems are used to check their privileges. You should check out railscasts for more information.
This on is for declarative_authorization and this one is for CanCan.
Once you set privilages you can create method to let you project_owner invite other users and you can assign them temporary status in your database. I this CanCan is best suitable for your needs.