Rails: Roles/admin - ruby-on-rails

Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?

I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.

Related

Rails existing app adding user sign up

I have an existing rails app with Mongo DB.Currently the app can be accessed by anyone that is every method in Portfolio controller and customer controller. Now I want that Portfolio controller should only be accessed by sign in user. How can I do that. I tried using active_admin but was unsuccessful.
You're looking for User Authentication. Try any authentication plugin like Devise or Clearance to sign in and distinguish individual users (more options here) or, even better at first, try building your own authentication solution alongside some of these excellent RailsCasts on User authentication (the paid episodes are totally worth it!). You'll learn how the different moving parts fit together real quick.
You might also want to consider using the Sorcery (https://github.com/NoamB/sorcery) gem as another option. It has links to the railscasts on the github repo there which helped a lot, and myself as a beginner found the wiki to be incredibly in-depth. Super easy to use.

Rails User or Group Pages Gem

I'm looking for a rails gem that allows my users (and or groups) the ability to create "pages".
I want it similar (if not nearly exactly) like pages.github.com, which I believe uses a library called Jekyll.
I've looked into this briefly, but I haven't been able to find any more... complete solutions.
Does anyone know of a solution that does what I'm looking for? I'd like to configure it for my models Group and User.
Thanks!
I don't about Jekyll, but his website says "is a blog-aware, static site generator in Ruby", and I don't think that's the case.
A solution is to store the pages created by the users to the Database, you can use Textile and/or RedCloth (instead of pure HTML).
There is a nice railscast how to create semi-static pages, I am sure you can get some good ideas:
http://railscasts.com/episodes/117-semi-static-pages
I hope this help you.
You should get the listed Gems
Devise + CanCan + Rolify
Use Devies to authenticate your users.
Use CanCan to authorize your users Roles.
Use Rolify to create the roles on your users that cancan checks.
Then just make a generic page model where the ability checks the roles to see if a user can read, update, create or destroy.

How to implement omniauth, healthgraph and rails?

I'm trying to build a very simple Rails app where people can log in and then see a list of their Run Keeper Fitness Activities
I opted to use Devise and OmniAuth to handle the logins (complete with omniauth-runkeeper). All was working well, having followed Ryan Bates brilliant Railscast on the topic.
I was then keen to use the HealthGraph gem to connect to the RunKeeper API. To do so, it needs an access token. I opted to pull this at point of authorising the app, and record it in the user model (as outlined in this Gist) but I'm not sure this approach is quite right. Should I be recording this access token permanently in the database? I can easily create a new connection through the API now by using the following, but I'm concerned that this isn't the securest approach.
#user = HealthGraph::User.new(current_user.run_token)
Any advice or tips on a different approach would be greatly appreciated.
Ian

Admin views page as user

Hello i need following function. Admin needs to be able "logged" as user. View all pages as user, but still have an admin features. I more than sure that there is exist ready-made solutions for this. If not, please give me advice how to build this and avoid issue when user logged in and admin logged in as this user.
You're talking about authentication and authorization. For authentication the most popular option right now is Devise. For authorization a popular option is CanCan (by Ryan Bates of railscasts fame). These two gems work well together and there's a lot of information out there on how to use them. (see below)
As for your question about an admin logging in as a user, here's a wiki for Devise on how to do that.
Screencast on using Devise
Screencast on using CanCan

Authorization model for Ruby on Rails

I am building a project management app and I am not sure which is the best/correct authorization model to implement given I am new to Rails (and programming in general). Here is what I am trying to do.
I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (that are essentially representatives of the client) to view that clients multiple projects but not other clients. I intend on having controllers for time tracking, notes, comments and images all to be associated with both clients and project of that client.
In addition, I would like to set up the account to control who is able to have one. I don't need the user to establish an account on their own.
Does that make sense?
I believe what you are mentioning is called Authorization not Authentication, anyway:
I would suggest acl9 for authorization and authlogic for authentication.
These (free) Railscasts should give you some food for thought. There are lots of great RubyGems/plugins out there for this sort of thing.
The Ruby Toolbox gives you an overview of tools and their popularity in the rails community (rated by watchers and forkers on GitHub). As you can see there, the suggested plugins restful_authentication and authlogic are almost on the same level.
Restful Authentication is still the golden standard for user authentication in ruby on rails.
I have used Authorization plug-in in the past and like it because it gives some nice meta methods such as:
user.is_eligible_for_what --> returns array of authorizable objects for which user has role "eligible"
user.is_moderator_of? group --> returns true/false
user.is_moderator_of group --> sets user to have role "moderator" for object group.
user.is_administrator --> sets user to have role "administrator" not really tied to any object.
There's also a brand new RailsCast on CanCan.
I'd use AuthLogic for authentication (logging in users and making sure they are who they claim to be) and declarative_authorization for authorization (making sure they have access to resources). See Ryan Bates' excellent Railscasts on AuthLogic and restful_authentication for more info.

Resources