Does anyone know of a quick way to add a role CRUD system to rails?
I only want admins to create users and have all currently signed up users listed on a page in my app.
Im trying to figure out a way to assign users to different roles and restrict them for performing certain actions using collection select or a series of checkboxes.
Ive followed a few tutorials but none seem to be working for me :/
Can anyone recommend a solution? I us devise for my authorization it that matters.
You can think about CanCan. Using it you're able to define roles and restrict access to certain actions or model elements according to the role.
It can be also easily integrated with Devise mentioned by Scott Schulthess.
Devise on github has a wiki page showing how to do this
https://github.com/plataformatec/devise/wiki/How-To:-Add-an-Admin-role
You can also try using API Keys if you want to expose this API to many others
Related
I'm working on a project that involves two Devise models (User and Admin). What I'd like to do is allow for Admin members to be able to view and manage Users in a RESTful way (i.e: index, show, create, update, destroy).
Would the best way be to create a users_controller and treat it like an average RESTful model (modifying each controller action to work with Devise where applicable)?
Any suggestions would be much appreciated.
Thanks.
CLARIFICATION UPDATE
It seems I wasn't clear about the question above. Answers below are about the authorisation of actions affecting the User model. This isn't what I'm asking about. I'm asking about the best way to facilitate the transaction itself, not the authorisation and restriction of the transaction. What would be the best way to have Admin members creating Users and updating User records without using the standard Devise self-signup. My intention is to disable self-signup so as to only allow new User registration by an Admin member creating the User account. Hopefully, this is more clear. Thanks.
I advise you take a look at the following gems Rolify and CanCan, there were integrated with devise here.
Here's a link
I have an existing rails app with Mongo DB.Currently the app can be accessed by anyone that is every method in Portfolio controller and customer controller. Now I want that Portfolio controller should only be accessed by sign in user. How can I do that. I tried using active_admin but was unsuccessful.
You're looking for User Authentication. Try any authentication plugin like Devise or Clearance to sign in and distinguish individual users (more options here) or, even better at first, try building your own authentication solution alongside some of these excellent RailsCasts on User authentication (the paid episodes are totally worth it!). You'll learn how the different moving parts fit together real quick.
You might also want to consider using the Sorcery (https://github.com/NoamB/sorcery) gem as another option. It has links to the railscasts on the github repo there which helped a lot, and myself as a beginner found the wiki to be incredibly in-depth. Super easy to use.
Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.
I have seen lots of similar questions here but nothing that quite fits my need.
I am a pretty experience rails developer but this new project is my first time using both Rails 3 and Devise (I'm normally on authlogic).
My app has two different models that I want to authenticate via devise.
One, User is just a standard users model
Two, Business is similar to a user, (it has an email address column too) but it has additional info in the database (address, phone number, etc..)
I want to be able to log them both in via the same login form. Then obviously once they are logged in they will be presented with different info depending on what type of Model has logged in.
It may or may not be relevant that I was planning on using OmniAuth to allow Users (though probably not businesses) to sign up/on via facebook.
Thanks!
What's the easiest way to go about doing this?
I think the only way to handle this would be to have your own custom sign in form and controller that determined the type of user and then sign them in correctly. I would recommend an approach like what mark mentioned for simplicity (take a look at something like CanCan to manage roles).
Another potential problem with having multiple user models is that you will have multiple versions of all the devise helper methods. So for current_<resource> and <resource>_signed_in? you would have current_user, current_business_user, user_signed_in? and business_user_signed_in?. Then you would either have to implement your own versions of these methods or you would need to check both versions everywhere you used them.
Can do this in application_controller?
current_user = current_resource_a || current_resource_b
I need help figuring out the best way to do this.
Im using declarative authorization gem.
I have 4 roles, admin, master, junior, subscriber.
When it comes to new users:
I want the admins to be able to create any kind of user they wish.
But I also want masters to be able to create users with master, junior or subscriber roles.
So whats the best way to make this secure?.
I need help on both sides, view and model/controller logic...
The view should display all 4 roles to the admin in the colletion_select but just the other 3 options to the masters....
The rest of the users dont have access to get to that view thanks to declarative auhorization.
And on the model/controller logic I want it to validate that the user being created is not an admin role if the user creating it is not an admin... dont know how to do that either....Please help.
Ryan Bates did Railscasts on declarative_authorization and authlogic. I think the declarative authorization one in particular will help you get started and explain how to do the kinds of things you're trying to do in general. You can also read them on ASCIIcasts (declarative_authorization, authlogic).