Rails 3- Active_admin and CanCan integration - ruby

The title is very explanatory.
How can I integrate active_admin gem with cancan?
I need administrative roles.
Thanks

You may want to follow this guide
Robbie

for a simple case, assuming there are 2 roles: normal_user , admin,
if you just want to "admin" to access "/admin" (activeadmin's default namespace), while "normal_user" can not, I suggest you take a look a hook method:
# config/initializers/active_admin.rb
config.before_filter :check_user_role
# define this method in applicaton_controller.rb
def check_user_role
redirect_to root_path unless current_user.role == "admin"
end

Following link is also helpful to set cancan with activeadmin.
https://github.com/gregbell/active_admin/wiki/How-to-work-with-cancan

Nowadays there is a gem that do the work: https://github.com/11factory/activeadmin-cancan

Related

How make rails forms submit if using rails-api gem. Undefined method `protect_against_forgery?

I have a rails application which is api only i am using gem rails-api. Now I am trying to create admin panel on it because we realised later that we do need an admin panel. But i think rails-api doesnt have good support for views.
When I try to submit forms it says undefined method protect_against_forgery? maybe because it doesnt supports <%= csrf_meta_tags %>
I tried to define manually this method in my controller but no luck.
def protect_against_forgery?
true
end
How can i submit the forms without getting this error.
in your api controller put following line.
skip_before_filter :verify_authenticity_token
or try with
def protect_against_forgery?
false
end
this may be help you.
According to rails-api, try to set config.api_only = false to config/application.rb file
Or, since protect_from_forgery is a method that belongs to ActionController, try to add require "action_controller/railtie" to application.rb

What does this do in my routes.rb file?

I am looking at a gist showing me how to handle CORS request in a Rails app. My routes.rb needs to have this bit of code in it.
Rails.application.routes.draw do
controller :whatever, path: '/whatever' do
match 'post_action', via: [ :post, :options]
end
end
If I was looking at a post resource, could someone show me how to set this up? I mainly do not understand the match function.
It will match the /whatever/post_action with the Controller/Action whatever#post_action. One useful tool you could use to see what your routes.rb are doing is to run the command:
rake routes
That will display all the routing table of your Rails app.
You can find more info in the Rails guide http://guides.rubyonrails.org/routing.html
Take care!
Actually match is not the good way to handle routes.
In rails 4 also it removed.
You can use the following code to use it:-
resource :whatever do
post 'post_action'
end
To test your routes
rake routes

How do I use Devise to secure the delayed_job_web interface?

I'm using the delayed_job_web gem to monitor delayed jobs. https://github.com/ejschmitt/delayed_job_web
It is accessible using this line in my routes.rb:
match "/delayed_job" => DelayedJobWeb, :anchor => false
Every other area of my site requires a login using the Devise gem. How do I make this require a login too?
In the readme, they suggest adding the following to the config.rb:
if Rails.env.production?
DelayedJobWeb.use Rack::Auth::Basic do |username, password|
username == 'username'
password == 'password'
end
end
But that just uses plain text browser authentication.
UPDATE:
I tried something similar to the railscast on resque, and I think it's on the verge of working but giving me a redirect loop now:
authenticate :admin do
mount DelayedJobWeb, :at => "/delayed_job"
end
Any thoughts on why would it be giving a redirect loop?
Thanks,
Use authenticated instead of authenticate as described here: http://excid3.com/blog/rails-tip-5-authenticated-root-and-dashboard-routes-with-devise/
Works for me!
You could do something like this define this inside config/routes.rb file
authenticate_user = lambda do |request|
request.env['warden'].authenticate?
end
constraints authenticate_user do
mount DelayedJobWeb, :at => "/delayed_job"
end
Alternately if you have cancan for any other role management library you could do it something like this
I have used both of this in my applications to control access to resque-web depending on the needs of the application
Hope this help
Now it's 2017 I tried the other solutions and they didn't work, but the following admin check does work:
authenticated :user, -> user { user.admin? } do
mount DelayedJobWeb, at: "/delayed_job"
end

Generate URL for file in /public in Rails 2 ERB view

In my rails (v2.3.8) app I have a static resource file which I've put at /public/myfile.kml No need for any special routes.rb setting right?
It serves up just fine at http://localhost:3000/myfile.kml
When I deploy (to passenger) it appears at http://myserver/myappname/myfile.kml
All is well so far...
I have a view (an erb file) which spews out javascript which needs to reference this file. The output needs to be '/myfile.kml' on localhost, and '/myappname/myfile.kml' in production, or maybe the full URLs as above, or maybe a relative url involving a bit of '../../../' (awkward with RESTful URLs).
Should I be able to do something like <%=url_for 'myfile.kml'%> ?
or '<%=ROOT_URL%>/myfile.kml'
I know there's an insanely easy answer to this question, but honestly I've had no luck finding it. Quite a few people talking about 'root_url' but what is that? A variable I can reference in a view? It's undefined.
I'm not sure about Rails 2.3.8, but in Rails 3 this value defaults to false.
edit config/environments/production.rb and set:
config.serve_static_assets = true
Also, here's a blog post that shows a helper for linking to a static resource (favicon)
http://ilconnettivo.wordpress.com/2008/07/28/favicon-on-rails/
'<%= ENV["RAILS_RELATIVE_URL_ROOT"] %>/myfile.kml'
<%= RAILS_ROOT + "/public/myfile.kml" %>
Inspection of rake routes reveals the helper root_path for use in views. For example <%= root_path + 'myfile.kml' %> By default will map to files under public/ in a rails application.
The latest (>2.3.6) is Rails.root, see:
http://joneslee85.wordpress.com/2010/05/27/the-dilemma-of-rails-root-vs-rails_root-complex/
Why not just replicate your production environment locally? A webserver is not very resource hungry and it can help resolve some ecosystem configuration issues like you're seeing here.

Login using headers in cucumber

I'm new at cucumber and capybara so maybe this is easy.
I'm using headers to check if a user is logged in or not and i'm having a problem when doing cucumber testing.
I use Capybara and Cucumber and a "add headers hack": http://aflatter.de/2010/06/testing-headers-and-ssl-with-cucumber-and-capybara/
The problem I have is that it only sets the header once in each feature story. So if I have a story that goes trough more than one step the header is gone and the user is no longer logged in.
An example story:
Given I am logged in as a superuser
And I have a database "23456789" that is not active
And I am on the home page
When I follow the "Delete" link for "23456789.sqlite"
Then I should see "Deleted the database"
In this story the "When I follow the "Delete" link for "23456789.sqlite" line will not work since the user is no longer logged in!
Have thought about using session or the before/after in cucumber.
Does someone have a clue on how to fix this?
You can achieve this by passing the username in an environment variable:
When /^I am logged in as a superuser$/ do
ENV['RAILS_TEST_CURRENT_USER'] = 'admin'
end
application_controller.rb:
before_filter :stub_current_user
def stub_current_user
if Rails.env == 'cucumber' || Rails.env == 'test'
if username = ENV['RAILS_TEST_CURRENT_USER']
#current_user = User.find_by_username(username)
end
end
end

Resources