0

I have 2 of my models , users & company configured to ActiveAdmin gem in my ROR 3 app. I want to restrict one of my admin users to have access to only users model (like he can change password, username etc ) but he should not be able to change any data in company model (like add company, or change no of licenses for a company etc)

How can I achieve this different access levels based on models?? For now I want one admin user to access all models and one to access only users model

Code snippets:

I have created two admin users.. one tagged as type-super and other as normal. The following code works fine for super admin with full access but for normal admin , it gives error as : This web page has redirect loops

app/admin/companies.rb:

ActiveAdmin.register Company do

  index do
    column "Company", :name
    column :address
    column "No. of Subscriptions", :no_of_licenses
    column "License Period(Days)", :no_of_days
    if authorized?(:update, companies)
        default_actions
      end
  end
  filter :name


  form do |f|
    f.inputs "Company Details" do
      f.input :name
      f.input :address
      f.input :no_of_licenses, :label => 'No of Subscriptions'
      f.input :no_of_days, :label => 'License Period(Days)'
    end
    f.buttons
  end 

end

app/models/OnlyUser.rb:

class OnlyUser < ActiveAdmin::AuthorizationAdapter

  def authorized?(action, subject = nil)
    user.super?
  end

  end

config/initializers/activeadmin.rb:

  config.authorization_adapter = "OnlyUser"

app/models/admin_user.rb:

as_enum :admin_type, :normal => 0, :super => 1
Aks..
  • 1,343
  • 1
  • 20
  • 42

1 Answers1

1

There are gems like CanCan that can intergrate with ActiveAdmin but for something this simple I think you can just provide your own adapter as here:

http://www.activeadmin.info/docs/13-authorization-adapter.html

Step 2 would be providing a way to test the user's access. You can either implement a set of simple boolean flags or possibly use a gem like simple enum

like so (in your User model):

  as_enum :admin_role, [:none, :staff, :super]

We are doing it this way and it works and is nice and simple.

Mark Fraser
  • 3,160
  • 2
  • 29
  • 48
  • Thank u.. I'll try this and let u know how it goes – Aks.. Feb 24 '14 at 04:55
  • Hi I tried useing simple_enum and the authorization adapter.. but when the authorized? returns true( giving full access) it works fine but for second level admin, I get the error : This page has too many redirect loops!!! I see that localhost:3000/admin redirects to localhost:3000/admin/login and that again to localhost:3000/admin .. – Aks.. Feb 24 '14 at 13:23
  • What does your method look like that checks for admin user? It should be in your config/initializers/active_admin.rb file. You can update your question with that and perhaps your authorization adapter code. – Mark Fraser Feb 24 '14 at 22:54
  • ok I'll add my code.. I have created a file under app/models to overwrite the authorize? method... Please review the code and let me know.. – Aks.. Feb 25 '14 at 07:44
  • Your adapter keeps getting called because it is always returning false and redirecting back to itself. You need to authorize the login action or redirect to somewhere else. See the Viktor's answer here for a suggestion: http://stackoverflow.com/questions/17433208/activeadmin-with-cancanadapter-causing-infinite-redirect-on-dashboard – Mark Fraser Feb 28 '14 at 00:08