I want that only my users who have their attribute is_admin set to true to be able to access my active admin backend
我希望只有我的用户将其属性is_admin设置为true才能访问我的活动管理员后端
how should I do this?
我该怎么办?
"Normal" users should only be able to login to the site, not to active admin.
“普通”用户应该只能登录该站点,而不能登录到活动管理员。
2 个解决方案
#1
38
In config/initializers/active_admin.rb you have such config:
在config / initializers / active_admin.rb中你有这样的配置:
config.authentication_method = :authenticate_admin_user!
so if you create a method named authenticate_admin_user! in the ApplicationController, then ActiveAdmin will check if the user can go to the admin pages or not. Like this:
所以如果你创建一个名为authenticate_admin_user的方法!在ApplicationController中,ActiveAdmin将检查用户是否可以转到管理页面。喜欢这个:
# restrict access to admin module for non-admin users
def authenticate_admin_user!
raise SecurityError unless current_user.try(:admin?)
end
and rescue from that exception in ApplicationController (or you can actually redirect inside the authenticate_admin_user! method)
并在ApplicationController中从该异常中解救(或者您实际上可以在authenticate_admin_user!方法内重定向)
rescue_from SecurityError do |exception|
redirect_to root_url
end
And one more small thing, if you don't have admin_users, then it would be nice to change this line in config/initializers/active_admin.rb:
还有一件小事,如果你没有admin_users,那么在config / initializers / active_admin.rb中改变这一行会很好:
config.current_user_method = :current_user
And with devise you might want to make the default path different for admin/non-admin users, so you can define after_sign_in_path_for method in the controller
有了设计,您可能希望为admin / non-admin用户设置不同的默认路径,因此您可以在控制器中定义after_sign_in_path_for方法
# path for redirection after user sign_in, depending on user role
def after_sign_in_path_for(user)
user.admin? ? admin_dashboard_path : root_path
end
#2
0
For "Normal" users you should write separate logic to login to the site or maybe I did not understand why you want to allow users to login through the active admin. Active admin using devise, just create another model called User.
对于“普通”用户,您应该编写单独的逻辑来登录该站点,或者我可能不明白您为什么要允许用户通过活动管理员登录。使用设计的主动管理员,只需创建另一个名为User的模型。
#1
38
In config/initializers/active_admin.rb you have such config:
在config / initializers / active_admin.rb中你有这样的配置:
config.authentication_method = :authenticate_admin_user!
so if you create a method named authenticate_admin_user! in the ApplicationController, then ActiveAdmin will check if the user can go to the admin pages or not. Like this:
所以如果你创建一个名为authenticate_admin_user的方法!在ApplicationController中,ActiveAdmin将检查用户是否可以转到管理页面。喜欢这个:
# restrict access to admin module for non-admin users
def authenticate_admin_user!
raise SecurityError unless current_user.try(:admin?)
end
and rescue from that exception in ApplicationController (or you can actually redirect inside the authenticate_admin_user! method)
并在ApplicationController中从该异常中解救(或者您实际上可以在authenticate_admin_user!方法内重定向)
rescue_from SecurityError do |exception|
redirect_to root_url
end
And one more small thing, if you don't have admin_users, then it would be nice to change this line in config/initializers/active_admin.rb:
还有一件小事,如果你没有admin_users,那么在config / initializers / active_admin.rb中改变这一行会很好:
config.current_user_method = :current_user
And with devise you might want to make the default path different for admin/non-admin users, so you can define after_sign_in_path_for method in the controller
有了设计,您可能希望为admin / non-admin用户设置不同的默认路径,因此您可以在控制器中定义after_sign_in_path_for方法
# path for redirection after user sign_in, depending on user role
def after_sign_in_path_for(user)
user.admin? ? admin_dashboard_path : root_path
end
#2
0
For "Normal" users you should write separate logic to login to the site or maybe I did not understand why you want to allow users to login through the active admin. Active admin using devise, just create another model called User.
对于“普通”用户,您应该编写单独的逻辑来登录该站点,或者我可能不明白您为什么要允许用户通过活动管理员登录。使用设计的主动管理员,只需创建另一个名为User的模型。