Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New To Rails, and Trestle - how to restrict access to a view to admin users #21

Open
VinylVault opened this issue Jul 11, 2019 · 3 comments
Open

New To Rails, and Trestle - how to restrict access to a view to admin users #21

VinylVault opened this issue Jul 11, 2019 · 3 comments

Comments

@VinylVault
Copy link

Hi All,

Please forgive what is probably a n00bs question, being raised as an issue, but I can't find the info I seek by googling or reading through the docs.

I want to limit the access to a particular page to admin users only. The script is to import data - naturally general visitors I dont want to be able to do this (although strictly speaking there will be no issue if they did apart from if many tried, it would become a DDOS - long running script)

I have trestle-auth installed and working - and have created the MVC for the import

Hope I've given enough info for help, if not, let me know and i will add more

Thanks for Help
Rich
@spohlenz
Copy link
Member

This is definitely a valid question -- the docs and authorization functionality are still somewhat lacking.

To accomplish this today however, I would suggest using a before_action within your Trestle admin/resource. This works pretty much the same as before_action within a Rails controller (see https://guides.rubyonrails.org/action_controller_overview.html#filters).

Here's an example that should be fairly close to your situation.

Trestle.resource(:articles) do
  before_action only: :import do
    unless current_user.admin?
      flash[:error] = "Administrator access required."
      redirect_to Trestle.config.path
    end
  end
end

Note that this won't automatically remove any buttons you have added (or built-ins), so you will need wrap them in some similar if statements.

@leotrieu
Copy link

current_user.admin? doesn't work with Devise and Rails 6.0.0.rc1

I installed trestle-auth and Devise and when I went to the admin pages, it was looking at the Users table (from Devise) instead of the Administrator table (from trestle-auth).

Is there any solution for this?
Thank you!

@dmitry dmitry mentioned this issue Feb 3, 2020
Open
@frenkel
Copy link

frenkel commented Dec 2, 2021

I know this is an old issue, please close it if this has been resolved or has become irrelevant for you.

current_user.admin? is checking whether the admin attribute on your User model is true. If you don't have that, it won't work. If you're using something like administrator you should use current_user.administrator?.

@verachell verachell mentioned this issue Feb 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spohlenz @frenkel @leotrieu @VinylVault