Administrate: authenticate_admin method ?
I am trying to add an authentication method to only allow me to be the Admin in the app. I looked at the docs but couldn't find the code to do that ? Did anyone had this issue ?
Ahmedalthani
All 6 comments
Here is what I did (I am using Devise with enum roles)
class Admin::ApplicationController < Administrate::ApplicationController
before_action :authenticate_user!
before_action :authenticate_admin
def authenticate_admin
redirect_to '/', alert: 'Not authorized.' unless current_user && access_whitelist
end
private
def access_whitelist
current_user.try(:admin?) || current_user.try(:door_super?)
end
end
johnmeehan
on 2 Dec 2015
Thanks for your help. After Adding that method how can you set the user (me or anyone else that i choose) to be an admin ?
Ahmedalthani
on 3 Dec 2015
@Ahmedalthani I would add a field to the Users table in the database.
You could use a boolean field, so either a user is admin or not. Then you can use this data with an if statement and the user object, like
<% if user.admin? ?>
show this or that
<% else %>
show something else
<% end %>
Or you could add a new string-field to your database, to put in a special "role", and then use either an if or case statement and show or hide pages and features from particular users.
But if you use devise there might be no necessity to add this field yourself, because maybe devise already provides such fields. You should try and read the devise readme (reminds me I will have to do this too, soon).
Sajonara
on 3 Dec 2015
@Ahmedalthani there's a good overview of how to set up authentication in your app at http://railscasts.com/episodes/270-authentication-in-rails-3-1. It may have the solution you're looking for.
Perhaps the easiest way to get this working would be with HTTP basic authentication:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: "Ahmedalthani", password: "supersecretpassword"
end
Security Note
If you use the http_basic authentication approach, make sure you aren't storing the username and password in a public Github repo. The solution that thoughtbot uses is to store the credentials in a .env file, and use the dotenv-rails gem to load these into the app. This approach would look like:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: ENV.fetch("ADMIN_NAME"), password: ENV.fetch("ADMIN_PASSWORD")
end
And the .env file would look like:
ADMIN_NAME=Ahmedalthani
ADMIN_PASSWORD=supersecretpassword
gracewashere
on 7 Dec 2015
@graysonwright you, Sir, made my day :beer:
janklimo
on 3 Jan 2016
Glad to hear it! :smile:
gracewashere
on 8 Jan 2016
Related issues
gracewashere
路
3Comments
kwerle
路
4Comments
drewtunney
路
3Comments
trandoanhung1991
路
3Comments
MatthiasRMS
路
3Comments
Most helpful comment
@Ahmedalthani there's a good overview of how to set up authentication in your app at http://railscasts.com/episodes/270-authentication-in-rails-3-1. It may have the solution you're looking for.
Perhaps the easiest way to get this working would be with HTTP basic authentication:
Security Note
If you use the
http_basicauthentication approach, make sure you aren't storing the username and password in a public Github repo. The solution that thoughtbot uses is to store the credentials in a.envfile, and use the dotenv-rails gem to load these into the app. This approach would look like:And the
.envfile would look like: