I want to make admin panel in my app /admin that will be used to CRUD few thinks, for example Users, Companies and Wastes.
I want to do this all from one page, from /admin page.
Sketched example: http://cl.ly/3v2L3Q260g2B2M2H0J0G
Where is some simple way for making this? I can list, it's not a problem, but when I want to add new, or edit, I get stucked with routes and I don't know what more :D
I have controllers and models for Users, Companies and Wastes, but I don't know how to properly organize them.
I suppose that you are actually looking for an RBAC system (role based access control). A very good way to do that is by using devise and CanCan.
For more info :
http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/
Related
I have a requirement to configure the user's authorization per module per screen per action. For example, one user should be able to Create/Save WorkOrders in WorkOrder Module, but another user should only able to View/Delete WorkOrders. Similarly, a third user should only be able to View WorkOrders. This is an example of one screen. Now there are many screens in the application. Let's keep the actions same for all i.e. View, New, Update, Delete.
There is a reports module also, in which the user will create reports on the fly and add it into the application. So authorization is required here too. For example, a user can View/Print WorkOrder reports. But another user can only view reports. Let's keep the actions in reports only View & Print.
I am not sure Asp.Net Core built-in authorization is capable of this or not. What I have looked so far, it is not possible. Please correct me if I am wrong.
Now question is, how should I do this? I had a similar kind of requirement in a previously built application where I used database tables to store rights against each user and each screen. And upon log-in, I used to fetch that data, and then while loading the web page; I used to show or hide the relevant buttons & menus based on user's rights. But here in Asp.Net Razor Pages, the action method matters (If I'm not wrong), and certain functionality can be accessed via route. I am looking for some attribute-based solution.
I found this link with more or less above mentioned implementation using database tables and route URL to determine action name. So the URLs are saved in the database and on runtime they are checked and matched with the current URL and the user is authenticated.
Another link here, where the developer has used attribute-based filtering on action methods. But URL Routes are not being saved in the database or anywhere.
Are these the only & best solution to my problem? I have no problem implementing them, they look logical. But I just want to use the best available approach. Can anyone assist me with any other more suitable approach?
I'm using the 2sxc News App for DNN and I'm trying to figure out how to grant users the ability to add/edit/delete news posts without also granting them the ability to change the layout or edit the module.
I tried to add the "2sxc Designers" role I've read about:
But having that role doesn't seem to change anything.
Am I doing something wrong in setting the "2sxc Designers" role and is this what I need to allow only post manipulation?
This is an advanced use case, and I can't give you the full answer, but basically what you want to do is this:
On the content-type, give the group custom permissions - so that the UI accepts changes by them https://github.com/2sic/2sxc/wiki/concept-permissions
Since the toolbars won't appear for non-editors, you'll have to make this happen in the template. So add some razor to check if people of this role. Then enable edit with Edit.Enable https://github.com/2sic/2sxc/wiki/razor-edit.enable
These blog-posts may also help you: https://2sxc.org/en/blog/post/recipe-create-public-forms-with-2sxc
I have my Pages model, views, and controller in the Admin namespace. However, I would like to display the pages at a root level. Instead of admin/pages/[:id], I would like the routes for showing pages to be /[:id]. Is it possible to do this without creating multiple controllers and models for Pages and while still keeping Pages in the admin namespace? If so, what is the best approach and how would you have to write your routes?
As far as I know, and as far as I've tried, I don't think theres a way to change the routes for showing pages to be /:id instead of admin/pages/[:id] without creating multiple controllers for Pages and while still keeping Pages in the admin namespace. Referring "without creating multiple controllers and models for Pages and while still keeping Pages in the admin namespace", I don't understand creating a new model. Creating a new controller will suffice.
For a non-nested resource, changing the route to a root route is relatively an easy task, i.e. say /:id instead of foo/:id
p.s. initially, I did not give your question a deep thought, and skipped the admin namespace part. But, trying this turned out to be fun. I'd really want to see someone post an answer to this (this is one answer where I'd love to be downvoted and pointed towards the correct answer).
The owner of a site that I am working on has asked me to make the About Us page editable (by her, through a web interface). In fact, there are 5 pages in total that she wants to make editable - About Us, Terms of Service, and so on.
In the old implementation, when these pages were static view files, I had all the URLs coded into routes.rb
scope :controller => :home do
get :about
get :terms
# etc ...
end
Now that these different actions are fetching data from the DB (or wherever) it seems like the standard RESTful approach might be to make a Pages resource and consolidate all the views into a show action.
That doesn't feel quite right. Individual resources aren't usually hardwired into the site the way an About Us page is - the contents of the page might change, but the page itself isn't going anywhere, and there are links to it in the footer, in some of our emails, etc.
Specifically, factoring out the individual routes from the PagesController would raise the following problems:
I couldn't used named route helpers like about_path
The routes for permanent pages on the site would be stored in the database, which means that...
maintenance would probably be a headache, since that is not the normal place to keep routes.
So currently I think that the best approach is to leave these URLs coded into routes.rb, and have separate controller actions, each of which would fetch its own page from the DB.
Can anyone share some insight? How do you deal with data that's not totally static but still needs to be hard-wired into the site?
If you are going to allow markdown, I like the idea of a Pages controller and model. If your layout feels like all 5 pages should have a similar feel, then I'd go with one template that populates with the user generated content and appropriate navigation.
My choice would be to set the routes, make the views (including routing), and populate the views with the user generated markdown.
Without knowing more about your site, it's hard to say, but my preference is not to allow users to generate pages that reflect the site identity (About, terms, etc.) unless that's what they are paying for.
I'd like to add a CMS and blog to a web app. One that won't get in the way. There's not a lot of content, but enough that we want non-devs to be able to revise pages and probably add and remove them too.
We have a substantial app that can't be touched by the CMS, not a site that we're migrating.
How have you dealt with this situation?
Would you advise:
Running two apps (a content app and the 'app' app)
Plugging in a light weight CMS
Rolling our own using gems/plugins for WYSIWYG
Details
We'll be adding a bug ticketing and support system later too. Probably built into the app.
We'd like the users of the app to be able to comment on pages and blog posts, file tickets, etc. all from their main account, so it seems to make sense to build it into our app, rather than as an extra app. Love to hear war stories on this.
Should be:
Unobtrusive (Shouldn't interfere with the existing app)
Must not mess with Devise, DeclarativeAuthorization, or Omniauth. We've got extensive user accounts, permissions, authentication mechanisms and groups setup. These must stay.
Lightweight (prefer something dev friendly than feature loaded)
Desired Features:
Basic WYSIWYG for content editors
Lets us handle accounts (with Devise)
and maybe even permissions (with DeclarativeAuthorization)
I've read this similar question, but the author seems willing to have something a bit more intrusive.
Simple Rails 3 CMS Gem/Plugin?
Options Found
Refinery seems to have a lot of features, but at a cursory look it needs a lot of control over what's going on: http://refinerycms.com/guides/attaching-refinery-cms-to-an-existing-rails-application It says it's modular, but it seems like there's a big chunk of non optional stuff in there.
Radiant seems a bit monolithic as well
http://groups.google.com/group/radiantcms/browse_thread/thread/b691cf9ab644a8b2
ComfortableMexicanSofa seems a bit closer to what I want: https://github.com/twg/comfortable-mexican-sofa
Adva-Cms has the right philosophy but appears to be dead. Adva-Cms2 isn't ready
http://adva-cms.org/
Governor seems good, but maybe a bit too young and lean
https://github.com/carpeliam/governor
Conclusion
So far rolling our own, or using ComfortableMexicanSofa seems like the bet, but I'd like your thoughts before I spend a few days messing around with it.
I am now rolling my own blog app and I am kind of newbie to Rails 3. Even like that, in 1 week i have a blog with tags, comments, authentication with omniauth, etc.. my advise is: roll your own. I was having the same doubt and looking for pre-made solutions and I decided to start it from zero and just look for plugins for anything i need.
It goes pretty fast if you know already some rails programming and you use the right plugins. This is what i used:
Omniauth to let users be able to autenticate with facebook, twitter etc.. and leave you comments.
rails_admin: it allows you to manage your blog by going to yourapp.com/admin. It uses devise to create an Admin user (you can specify a diferent model name than user to not to mix it with the users from omniauth or from your other app) and if you have the right models and associations between them you can from there create your posts, assign them tags or categories and also delete comments etc.. its all done in an easy way. For the Text Area that you use to introduce the content of your posts you can associate it with the ckeditor just by adding to the rails_admin initializer something like:
config.model Post do
edit do
field :body, :text do
ckeditor true
end
end
end
And with the ckeditor you can introduce pictures, attach videos, format text, and so on.
Use kaminari for pagination, or you can use will_paginate if you are more used to that.
Using the blueprint framework for styling with css you will save time and have a more standar styling.
Use few jquery lines to insert/delete comments graciously.
And that's all I can remember now. And if it shouldn't interfere with the main app, i would just assign a subdomain for it. So if you go to blog.myapp.com you access to the blog and if you go to myapp.com you access to the app. And you want users from the app to interact with the blog so you should use just one app and have this 2 subdomains pointing at differents parts of the same a app.. take a look at: rails 3 - one app, multiple domains, how implement a different 'root' route for one of the domains?
That's all i can think now! let me know if i can help you in anything else.
rails_admin: it allows you to manage your blog by going to yourapp.com/admin. It uses devise to create an Admin user (you can specify a diferent model name than user to not to mix it with the users from omniauth or from your other app) and if you have the right models and associations between them you can from there create your posts, assign them tags or categories and also delete comments etc.. its all done in an easy way. For the Text Area that you use to introduce the content of your posts you can associate it with the ckeditor just by adding to the rails_admin initializer something like:
config.model Post do
edit do
field :body, :text do
ckeditor true
end
end
end