I want that only my users who have their attribute is_admin
set to true to be able to access my active admin backend
how should I do this?
"Normal" users should only be able to login to the site, not to active admin.
Active Admin is a framework for creating administration style interfaces. It abstracts common business application patterns to make it simple for developers to implement beautiful and elegant interfaces with very little effort.
Run the generator to install Active Admin. This will create an AdminUser model, an initializer file for configuring Active Admin and an app/admin directory that will hold the administration files. It uses Devise for authentication.
In config/initializers/active_admin.rb
you have such config:
config.authentication_method = :authenticate_admin_user!
so if you create a method named authenticate_admin_user! in the ApplicationController, then ActiveAdmin will check if the user can go to the admin pages or not. Like this:
# restrict access to admin module for non-admin users def authenticate_admin_user! raise SecurityError unless current_user.try(:admin?) end
and rescue from that exception in ApplicationController (or you can actually redirect inside the authenticate_admin_user!
method)
rescue_from SecurityError do |exception| redirect_to root_url end
And one more small thing, if you don't have admin_users, then it would be nice to change this line in config/initializers/active_admin.rb
:
config.current_user_method = :current_user
And with devise you might want to make the default path different for admin/non-admin users, so you can define after_sign_in_path_for
method in the controller
# path for redirection after user sign_in, depending on user role def after_sign_in_path_for(user) user.admin? ? admin_dashboard_path : root_path end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With