How to manage permissions with CanCan on namespaced web app? - ruby-on-rails-3

I am experiencing some problems setting permissions on my Rails 3 web application. I currently use Devise and CanCan. I have a single User model, used by Devise. The roles are admin, manager and user.
My solution uses namespaces to separate administration panels.
Root (frontend)
- static pages
Manager
- administration pages for "manager" roled users.
Backend
- administration pages for "admin" roled users.
I read documentation and some tutorials but I can make it working. My problem is that CanCan checks ability with the action that the user is trying to execute on models.
So, if a user is logged as manager and has to manage his own Posts, he can do it by going on /manager/posts. But the problem is that he also can go to /backend/posts directory and can index Posts which he is not owner.
This problem happens because ability class tells that managers can index the Post model, but managers and admins, both are working on the Post model.
Is there a way to specify the namespace where the user is allowed to access, or not?
I saw there is many ways like using namespaced models (Backend::Posts Manager::Posts, using different tables)...
What is the best solution to manage permissions on a namespaced app where roles are working on same models, with Devise and CanCan?

Problem solved with this solution:
https://github.com/ryanb/cancan/wiki/Authorization-for-Namespaced-Controllers

Related

How can I prevent user access to Drupal 8 when using as a headless backend?

I'm creating a web app that uses a "headless" Drupal 8 backend and I want to leverage the Drupal user entity, but I don't want to allow users to log in to the Drupal site. There will be a frontend app that users can log into.
Is there a way to prevent users from logging into the Drupal admin area based on roles so that admins and content managers CAN log into Drupal, but other users cannot?
I can create a custom module if need be.
Thanks
As a user, if you are not connected yet you only have the "anonymous user" role. So you can't restrict access to your login page to specific roles (As everybody is anonymous before logging in).
I recommand that you disable the login block in your block layout configurations then you could use something like Rename Admin Paths (https://www.drupal.org/project/rename_admin_paths) so only you and your content managers know the login page url.

PHPBB Authentication + Rails

I have a phpbb forum and i am developing a rails application that will be used for a mobile friendly app. I need a way to perform SSO between phpbb and rails.
I found a ruby gem called phpbb-auth on github but it hasn't been updated in over 3 years.
My initial thoughts were to mimic phpass (which i believe is what the latest phpbb uses) in rails and then just have rails reference the phpbb_users table when authenticating with Devise/Warden.
However, that task became daunting and would become just another lib to manage.
My next thought was to write a plugin for Warden to check for a phpbb_session and if its there, then continue. Otherwise redirect them to the phpbb login page.
Has anyone come across doing this before, and if so what was the method you used.
I doing same thing right now (already succeed actually).
So, you basically have several options depending on your setup/deployment. Consider following:
Will you deploy your rails app and phpbb on same domain or different domains?
Have both sites access to each other db.
Which authentication system you whish to use? So, you'd like rails (i.e. devise, authlogic or whatever) authenticate and handle users or phpbb db auth (i.e. storing logins and password in phpbb users table).
So far, I've implement auth through phpbb db auth + single domain with my app (phpbb: forum.example.com, my rails app is on: example.com for cookie sharing). In this case you can use code from gem you have mentioned (phpbb-auth). It's not very hard. Code is still working fine (with some adjustments probably).
BUT
I do not like it this way :) I consider my site as a main app and do not want forum to handle my users...
So, as I understand starting from phpbb 3 you can write plugin (API docs) for external auth for phpbb.
There are several examples in Python and Django in the net. Looks like this one for same domain + db access. And looks like this one for doing things remotely with JavaScript. Those are in Python, but there's not too much Python inside, only some examples :), so you can easily adopt them for rails, I think.
This question discuss same stuff, but in more generic way.

creating a new multi tenant app which authorization and permissions system

I am writing a new authorization system and permission system for my multi tenant rails 3 app.
I need to have guests, basic users, site owners, site owners can have users, multi site owners with users and also admin users.
I am wondering what everyone would use for this setup ?
Devise, Authlogic, Sorcery etc ?
Canacan, declarative_authorization etc ?
or any other gems that would fit better for this sort of system.
thanks a lot
Rick
I personally prefer devise with cancan. I have yet to find anything that I was not able to do with that combination.

How Do I Implement an Admin Role With Rails Clearance?

I want an admin role so that I can access some RESTful states while my users cannot. I'm using Clearance but there is no longer a page on their wiki for how to implement an admin role for Clearance. Does anyone have it working on Rails 3?
I've had success with Aegis. It doesn't guarantee Rails 3 compatibility but I haven't had any issues using it with Rails 3 (3.0.5).

Subdomaining in rails 3

I am working on a project which is a app store. User can subscribe to many applications. I am creating a subdomain for each user and applications he subscribed are again running on subdomains.
Eg.
1). One user registers and selects subdomain as "mysubdomain". Then after logging in he will be accessing everything as "mysubdomain.appstore.com".
2). After registration he subscribes an app, say, "discussion-board".
3). Then the discussion board will be running on "discussion-board.mysubdomain.appstore.com"
Application which allows user which is running on app_store.com and the utility app discussion-board are two different applications.
I know the question sounds more like serverfault.com, but I am putting it here if it can be managed using rails.
I am using devise for authentication on rails 3
I'd recommend you review:
http://railscasts.com/episodes/221-subdomains-in-rails-3
And take a look at doing the separate apps as Rack middleware.