I'm using RailsAdmin, this time with CanCan!
I've built my Ability Model and everything looks nice. Except for this problem:
When the user logs in for the very first time (I'm using Devise), for some reason the system is not loading the correct permissions. This leads to the unconvenient situation: the user can see more actions and entities the the actual permissions would normally grant. Any subsequent requests work fine and the correct permissions are loaded. Don't know what else I might add. Logs are not reporting anything relevant. Anyone experiencing something similar?
rails 3.2.8
rails_admin 0.4.4
cancan 1.6.7
devise 2.1.2
Related
https://www.chatwoot.com is open source chat solution provider app.
Developed in Rails and Vuejs.
It's using DeviseTokenAuth gem for authentication.
I want the current_user to work on both Vue side and Rails view side.
So If I'm using token based authentication, it should work on both side.
Or
When I login as DeviseTokenAuth, it should login into devise and when I logout from DeviseTokenAuth it should logout from Devise gem side as well.
Right now if I'm using include DeviseTokenAuth::Concerns::SetUserByToken and having no user at all when I access a action that endup with Rails view, I know I'm logging in into system from Vue side, but is there something I can do to have both on same state of authentication.
But same time if I don't include DeviseTokenAuth::Concerns::SetUserByToken I will get current_user even when I'm logged out which is given on Vue side and pointing action destroy of DeviseTokenAuth::SessionsController
So it's complex to understand how the cookies being handled when I'm not handling cookies in Rails view explicitly while I'm handling Cookies using cookies yarn library on Vue side.
All I want is to be on same page even if I'm on Rails view related controller or Vuejs view.
And if I'm using Devise based authentication for some part and devisetokenauth based authentication for other part.
Can those scenarios be in sync with each other.
I also have added this points in discussion on original repository. Here is the URL. https://github.com/chatwoot/chatwoot/discussions/1928
If anyone think they can make this question easy to understand and still explains the situation, most welcome!
Any help would be appreciated. 🙏🏻
Thanks!
We used a devise gem for Login functionality.
Now i want to implement the password expiration functionality.
So i got one devise gem i.e "devise_security_extension" on git hub.
I read this documentation for implementation of "devise_security_extension".
I tried the steps from documentation.But it is not working for me.
Can any one give step by step process to implement this "devise_security_extension" gem.
I spotted this question on the devise_security_extension issues page, I know it's been a while for you, but it might work. That leads to this fix, which I am going to try and implement tonight.
I'll report back if it helps
I am experiencing some problems setting permissions on my Rails 3 web application. I currently use Devise and CanCan. I have a single User model, used by Devise. The roles are admin, manager and user.
My solution uses namespaces to separate administration panels.
Root (frontend)
- static pages
Manager
- administration pages for "manager" roled users.
Backend
- administration pages for "admin" roled users.
I read documentation and some tutorials but I can make it working. My problem is that CanCan checks ability with the action that the user is trying to execute on models.
So, if a user is logged as manager and has to manage his own Posts, he can do it by going on /manager/posts. But the problem is that he also can go to /backend/posts directory and can index Posts which he is not owner.
This problem happens because ability class tells that managers can index the Post model, but managers and admins, both are working on the Post model.
Is there a way to specify the namespace where the user is allowed to access, or not?
I saw there is many ways like using namespaced models (Backend::Posts Manager::Posts, using different tables)...
What is the best solution to manage permissions on a namespaced app where roles are working on same models, with Devise and CanCan?
Problem solved with this solution:
https://github.com/ryanb/cancan/wiki/Authorization-for-Namespaced-Controllers
I have a phpbb forum and i am developing a rails application that will be used for a mobile friendly app. I need a way to perform SSO between phpbb and rails.
I found a ruby gem called phpbb-auth on github but it hasn't been updated in over 3 years.
My initial thoughts were to mimic phpass (which i believe is what the latest phpbb uses) in rails and then just have rails reference the phpbb_users table when authenticating with Devise/Warden.
However, that task became daunting and would become just another lib to manage.
My next thought was to write a plugin for Warden to check for a phpbb_session and if its there, then continue. Otherwise redirect them to the phpbb login page.
Has anyone come across doing this before, and if so what was the method you used.
I doing same thing right now (already succeed actually).
So, you basically have several options depending on your setup/deployment. Consider following:
Will you deploy your rails app and phpbb on same domain or different domains?
Have both sites access to each other db.
Which authentication system you whish to use? So, you'd like rails (i.e. devise, authlogic or whatever) authenticate and handle users or phpbb db auth (i.e. storing logins and password in phpbb users table).
So far, I've implement auth through phpbb db auth + single domain with my app (phpbb: forum.example.com, my rails app is on: example.com for cookie sharing). In this case you can use code from gem you have mentioned (phpbb-auth). It's not very hard. Code is still working fine (with some adjustments probably).
BUT
I do not like it this way :) I consider my site as a main app and do not want forum to handle my users...
So, as I understand starting from phpbb 3 you can write plugin (API docs) for external auth for phpbb.
There are several examples in Python and Django in the net. Looks like this one for same domain + db access. And looks like this one for doing things remotely with JavaScript. Those are in Python, but there's not too much Python inside, only some examples :), so you can easily adopt them for rails, I think.
This question discuss same stuff, but in more generic way.
I am trying to add the facebook connect to an existing site in rails 3 that uses authlogic.
so that existing users can sign in via their facebook account (I'll find existing account via email id in facebook ) and new users can sign up using facebook too.
I am trying to use authlogic connect
( I found other alternative like omniauth , facebooker2 etc , omniauth plays well with devise but I dont want to move to devise & it seems only authlogic connect plays well with authlogic and rails3 )
But I am unable to find some proper tutorial where I could understand how to use it.
I looked at their project site :
https://github.com/viatropos/authlogic-connect
I used the little help on their site and tried to do a little.
Now when the facebook login button is clicked it goes to facebook page asks for all the permission and then it comes back to a url with code as a paramater. what do I do with the code param ?
Can someone suggest me a proper tutorial (not example) for using the authlogic connect
Thank you
I really gave up on authlogic connect.
Though it seems its the best solution, It integrates so much iwht the authlogic that I am unable to customize it.
I finally got omniauth working with authlogic , though a lot of things were manually done
railcasts simple omniauth authentication helped a lot,