Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to limit access to active admin to admin users

Tags:

I want that only my users who have their attribute is_admin set to true to be able to access my active admin backend

how should I do this?

"Normal" users should only be able to login to the site, not to active admin.

like image 263
Jasper Kennis Avatar asked Feb 23 '12 15:02

Jasper Kennis


People also ask

What is active admin?

Active Admin is a framework for creating administration style interfaces. It abstracts common business application patterns to make it simple for developers to implement beautiful and elegant interfaces with very little effort.

How do I use Active Admin?

Run the generator to install Active Admin. This will create an AdminUser model, an initializer file for configuring Active Admin and an app/admin directory that will hold the administration files. It uses Devise for authentication.


1 Answers

In config/initializers/active_admin.rb you have such config:

config.authentication_method = :authenticate_admin_user! 

so if you create a method named authenticate_admin_user! in the ApplicationController, then ActiveAdmin will check if the user can go to the admin pages or not. Like this:

# restrict access to admin module for non-admin users def authenticate_admin_user!   raise SecurityError unless current_user.try(:admin?) end 

and rescue from that exception in ApplicationController (or you can actually redirect inside the authenticate_admin_user! method)

rescue_from SecurityError do |exception|   redirect_to root_url end 

And one more small thing, if you don't have admin_users, then it would be nice to change this line in config/initializers/active_admin.rb:

config.current_user_method = :current_user 

And with devise you might want to make the default path different for admin/non-admin users, so you can define after_sign_in_path_for method in the controller

# path for redirection after user sign_in, depending on user role def after_sign_in_path_for(user)   user.admin? ? admin_dashboard_path : root_path  end 
like image 106
alony Avatar answered Oct 08 '22 06:10

alony