Hello i need following function. Admin needs to be able "logged" as user. View all pages as user, but still have an admin features. I more than sure that there is exist ready-made solutions for this. If not, please give me advice how to build this and avoid issue when user logged in and admin logged in as this user.
You're talking about authentication and authorization. For authentication the most popular option right now is Devise. For authorization a popular option is CanCan (by Ryan Bates of railscasts fame). These two gems work well together and there's a lot of information out there on how to use them. (see below)
As for your question about an admin logging in as a user, here's a wiki for Devise on how to do that.
Screencast on using Devise
Screencast on using CanCan
Related
I have an existing rails app with Mongo DB.Currently the app can be accessed by anyone that is every method in Portfolio controller and customer controller. Now I want that Portfolio controller should only be accessed by sign in user. How can I do that. I tried using active_admin but was unsuccessful.
You're looking for User Authentication. Try any authentication plugin like Devise or Clearance to sign in and distinguish individual users (more options here) or, even better at first, try building your own authentication solution alongside some of these excellent RailsCasts on User authentication (the paid episodes are totally worth it!). You'll learn how the different moving parts fit together real quick.
You might also want to consider using the Sorcery (https://github.com/NoamB/sorcery) gem as another option. It has links to the railscasts on the github repo there which helped a lot, and myself as a beginner found the wiki to be incredibly in-depth. Super easy to use.
I'm looking for a rails gem that allows my users (and or groups) the ability to create "pages".
I want it similar (if not nearly exactly) like pages.github.com, which I believe uses a library called Jekyll.
I've looked into this briefly, but I haven't been able to find any more... complete solutions.
Does anyone know of a solution that does what I'm looking for? I'd like to configure it for my models Group and User.
Thanks!
I don't about Jekyll, but his website says "is a blog-aware, static site generator in Ruby", and I don't think that's the case.
A solution is to store the pages created by the users to the Database, you can use Textile and/or RedCloth (instead of pure HTML).
There is a nice railscast how to create semi-static pages, I am sure you can get some good ideas:
http://railscasts.com/episodes/117-semi-static-pages
I hope this help you.
You should get the listed Gems
Devise + CanCan + Rolify
Use Devies to authenticate your users.
Use CanCan to authorize your users Roles.
Use Rolify to create the roles on your users that cancan checks.
Then just make a generic page model where the ability checks the roles to see if a user can read, update, create or destroy.
I've got devise working, but I see CanCan frequently mentioned in tutorials alongside Devise; is it meant to be complementary or is CanCan an alternative to Devise?
CanCan covers authorization - who is allowed to do what. Devise handles authentication - Are you truly you? That's how they complement each other. You can use one without the other.
See for example http://techoctave.com/c7/posts/34-authentication-vs-authorization.
Devise handles authentication (logging in and out, handling sessions, etc..) but it does not handle authorization (allowing access to views or actions).
If you have a non-trivial application, then you will need authorization and probably roles.
CanCan is a very simple authorization Gem, which can work nicely if you have very few roles, and very simple authorization rules. http://railscasts.com/episodes/192-authorization-with-cancan
If you have a lot of roles, or more complex authorization rules, then I would recommend declarative_authorization http://railscasts.com/episodes/188-declarative-authorization
Both work very well with Devise, and either Rails 2 or Rails 3.
For implementing roles you have two choices: having a roles table and a join table between roles and users in your database; or using the role_model plugin http://railscasts.com/episodes/189-embedded-association
You'll also have the choice if a user can only have one role, or many roles.
hope this helps
Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.
I am building a project management app and I am not sure which is the best/correct authorization model to implement given I am new to Rails (and programming in general). Here is what I am trying to do.
I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (that are essentially representatives of the client) to view that clients multiple projects but not other clients. I intend on having controllers for time tracking, notes, comments and images all to be associated with both clients and project of that client.
In addition, I would like to set up the account to control who is able to have one. I don't need the user to establish an account on their own.
Does that make sense?
I believe what you are mentioning is called Authorization not Authentication, anyway:
I would suggest acl9 for authorization and authlogic for authentication.
These (free) Railscasts should give you some food for thought. There are lots of great RubyGems/plugins out there for this sort of thing.
The Ruby Toolbox gives you an overview of tools and their popularity in the rails community (rated by watchers and forkers on GitHub). As you can see there, the suggested plugins restful_authentication and authlogic are almost on the same level.
Restful Authentication is still the golden standard for user authentication in ruby on rails.
I have used Authorization plug-in in the past and like it because it gives some nice meta methods such as:
user.is_eligible_for_what --> returns array of authorizable objects for which user has role "eligible"
user.is_moderator_of? group --> returns true/false
user.is_moderator_of group --> sets user to have role "moderator" for object group.
user.is_administrator --> sets user to have role "administrator" not really tied to any object.
There's also a brand new RailsCast on CanCan.
I'd use AuthLogic for authentication (logging in users and making sure they are who they claim to be) and declarative_authorization for authorization (making sure they have access to resources). See Ryan Bates' excellent Railscasts on AuthLogic and restful_authentication for more info.