I want an admin role so that I can access some RESTful states while my users cannot. I'm using Clearance but there is no longer a page on their wiki for how to implement an admin role for Clearance. Does anyone have it working on Rails 3?
I've had success with Aegis. It doesn't guarantee Rails 3 compatibility but I haven't had any issues using it with Rails 3 (3.0.5).
Related
I am experiencing some problems setting permissions on my Rails 3 web application. I currently use Devise and CanCan. I have a single User model, used by Devise. The roles are admin, manager and user.
My solution uses namespaces to separate administration panels.
Root (frontend)
- static pages
Manager
- administration pages for "manager" roled users.
Backend
- administration pages for "admin" roled users.
I read documentation and some tutorials but I can make it working. My problem is that CanCan checks ability with the action that the user is trying to execute on models.
So, if a user is logged as manager and has to manage his own Posts, he can do it by going on /manager/posts. But the problem is that he also can go to /backend/posts directory and can index Posts which he is not owner.
This problem happens because ability class tells that managers can index the Post model, but managers and admins, both are working on the Post model.
Is there a way to specify the namespace where the user is allowed to access, or not?
I saw there is many ways like using namespaced models (Backend::Posts Manager::Posts, using different tables)...
What is the best solution to manage permissions on a namespaced app where roles are working on same models, with Devise and CanCan?
Problem solved with this solution:
https://github.com/ryanb/cancan/wiki/Authorization-for-Namespaced-Controllers
I am using devise as a good way of authentication in my rails 3.2 application and I tried several ways to fetch online users ,I need to know if I can fetch all online users using sessions on my application
Google and stackoverflow are your friends:
There appears to be a gem for this and has been asked a lot.
"Who's Online" using Devise in Rails
I am writing a new authorization system and permission system for my multi tenant rails 3 app.
I need to have guests, basic users, site owners, site owners can have users, multi site owners with users and also admin users.
I am wondering what everyone would use for this setup ?
Devise, Authlogic, Sorcery etc ?
Canacan, declarative_authorization etc ?
or any other gems that would fit better for this sort of system.
thanks a lot
Rick
I personally prefer devise with cancan. I have yet to find anything that I was not able to do with that combination.
The question for those, who had worked with Active Admin gem:
I just don't get how should I make a sign up and change password functions for admin users? Can I do this using Active Admin interface?
Thanks in advance.
If you follow the install steps on the active admin github page, one of the steps installs devise for you, creates and admin_user table in your DB and populates it with a default user for you to login as.
See at GitHub.
I'm using devise for authentication in my Rails application. I have a WordPress installation for the blog portion of the project (because I need several WP plugins).
Is it possible to integrate the user authentication from the RoR application into the blog, so that when someone logs into the app, then goes to the blog, their signed it status remains and shows up.
If that's possible, it should also be possible for them to log in while viewing the blog and then go straight to their page when they go to the app, right?
You have to store session information about WP and Rails session in one storage and check WP auth cookies on Rails application.