Is there a non-trivial example / tutorial that implements Devise + CanCan in an Ember.js + Ember-data + Rails app?
There is not. FWIW a simple approach for ember/rails apps is to use rails primarily as API and assume user has been authenticated externally. So you can use standard rails/devise login/signup pages, then send authenticated users to ember app. Then ember app calls api in context of an authenticated user and your api uses CanCan to determine role and return appropriate data. Make sense?
I used this site which has been pointed out by a few people working with ember as a reasonable way of doing things. It is more or less what #Michael Grassotti is explaining above.
There are a lot of blogs about all kind of changes you have to make on Devise before it would work, but they are quite old, I had Devise working nicely very quick, without any changes. Be sure to make a User serializer (active_record_serializers) which is skipped in the link above.
The proper answer to this question is still "no", but there are some decent resources from which you may be able to construct your own:
The in depth and up to date tutorial for heartsentwined's ember-auth-rails-demo, which uses devise with his ember-auth-rails gem and ember-auth library.
Richard Livsey's fantastic blog post about adding a #can helper to ember.
Delwyn's stackoverflow sample code for serializing CanCan abilities so you can reference them on the client side. Still up to you to get them there and use them though.
Related
I have an existing rails app with Mongo DB.Currently the app can be accessed by anyone that is every method in Portfolio controller and customer controller. Now I want that Portfolio controller should only be accessed by sign in user. How can I do that. I tried using active_admin but was unsuccessful.
You're looking for User Authentication. Try any authentication plugin like Devise or Clearance to sign in and distinguish individual users (more options here) or, even better at first, try building your own authentication solution alongside some of these excellent RailsCasts on User authentication (the paid episodes are totally worth it!). You'll learn how the different moving parts fit together real quick.
You might also want to consider using the Sorcery (https://github.com/NoamB/sorcery) gem as another option. It has links to the railscasts on the github repo there which helped a lot, and myself as a beginner found the wiki to be incredibly in-depth. Super easy to use.
I use ember js + rails. I wanna to make user authorisation like Devise + Cancan in Rails. All i need is 2 roles : user and admin and i want to implement role and authentication controlling in ember js. All manuals that i found where very old. Mb you can give me some examples of app where such things are done?
Thanks for help.
Check out this blog post. It goes over how to use devise and emberjs. Not sure how the cancan would work on the client side, you'd have to come up with your own logic to do that.
Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.
I've been using rails for a while and have used restful_authentication for user logins for the past few years. However this doesnt seem to be getting maintained any more, so was thiking it is time to move to another plugin.
Does anyone have any suggestiosn on what I should be using / is the most popular these days.
Only requirments I have are
It needs to work with rails 3
It needs to work with a model called Client instead of the standard User model.
Thanks,
Jon
Checkout Devise, it's still maintained and there are a lot of support resources out there. It also has extendable plugins, so you can authenticate with Twitter, Facebook, or really any OAuth2 solution
Here are a few:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
http://www.kiwiluv.com/techblog/?p=397
Have a look at Devise:
http://github.com/plataformatec/devise
Jon,
If you decide to go with Devise, note that you can manually override the default user class during installation. (The default is "User".) IMHO you're correct in that Devise seems to generally be maintained more, especially compared to restful_authentication. If you're torn between the two for your Rails 3 app, I'd recommend giving Devise a shot first.
I poked around StackOverflow and Google, but couldn't find anyone who has put together a comparison of authentication gems or plugins for Rails (I'm looking for something for Rails 3). What authentication solutions are available for Rails 3, which are most popular, and what are the differences between them?
Ruby toolbox has a list of the most popular ones: http://ruby-toolbox.com/categories/rails_authentication.html
You can see that Devise and Authlogic are definitely the most popular.
Personally I use Devise. It works well with Rails 3, is easily customizable, and makes it very easy to integrate Twitter and Facebook based auth.
For a Rails3 App definitely Devise ;).
Devise is the only authentication system which provides security on all the 3 stack layers of rails: - In 'M', 'v', and 'C' and hence the best to go with. But you got to learn more on how to customize devise to custom fit your application's need. You can find help on customizing in this page https://github.com/plataformatec/devise/wiki/_pages
In Rails authentication from scratch is dead simple to do.
Ryan Bates covers this here http://railscasts.com/episodes/270-authentication-in-rails-3-1
devise, devise, devise
I am surprised OminAuth did not get a mention in any of the answers. (Agreed OmniAuth is more recent than this question is, but there are answers that came after)
Undoubtedly, this is the most exhaustive authentication solution available currently for rails applications.
Under the hood, OmniAuth uses OAuth2, which is evolving as the de-facto standard for authentication in web applications across platforms and frameworks. Almost all major internet players support OAuth2 - Github, Google, Facebook, Twitter, LinkedIn are just a few to name.
Of course, Devise works very well with OmniAuth so It should not be a major headache for those already using Devise
I'm a big proponent of rolling your own. Depending on your requirements its fairly straight-forward and reduced dependency on a key component. Rails 3.1 makes it even easier.
Kinda late to the party, but I wrote something up for it here:
http://zergsoft.blogspot.jp/2012/08/rails-3-authentication-compared-warden.html
I cover Warden, Devise and home grown.
The tutorial by Michael Hartl is great for learning how to set up your own.
http://ruby.railstutorial.org/ruby-on-rails-tutorial-book
I have used that on multiple apps and love the flexibility of setting up my own Authentication Method.
Though for the most part I use Devise and LOVE it. It is very quick/easy to implement, very secure, and does exactly what I need it do.
https://github.com/plataformatec/devise
I will typically use it in conjunction with CanCan and Rolify