Home > Software design >  How to set routes for specific users in rails 7
How to set routes for specific users in rails 7

Time:08-25

I am having an issue with Rails_admin. rails_admin is successfully added to the app and working fine.

Issue is when I am trying to set the routes to a specific role user.

My app consists of several role like user, client, admin etc. What I want here is only user with role 'admin' can access to rails_admin section by either using "link_to 'rails_admin_path'" or http://127.0.0.1:3000/admin.

Already I am having an admin section so I don't want to add any other login section for rails_admin, just need the features of rails_admin in my admin.

And I've a method called "check_admin" which will check the role of the current_user is admin or not

current_user.check_admin

#routes.rb

Rails.application.routes.draw do
   mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
end

Here what my requirement is, the given route can be only accessed by admin user

hints: check_admin or current_user.roles.admin.present?

CodePudding user response:

Solution

routes.rb

authenticate :user, -> (u) { u.roles.admin.present? } do
  mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
end

Change route under a condition where it check for the particular role, in my case its "admin".

So the other users who are not an admin can't get an access to rails_admin in anyway

CodePudding user response:

The routes configuration is not the correct place to prevent the non-admin user from accessing the page. The routes configuration has no concept of current_user.

It should be done in the controller.

def show
  unless current_user.roles.admin.present?
    render "unauthorized"
  end
  # default "show.html will render
end

CodePudding user response:

Upon request, expanding on my previous comment...

class AdminController < ApplicationController
  before_action :reject_non_admins

  def index
  end

  def show
  end

# etc... all the admin CRUD actions

private
  def reject_non_admins
    unless current_user.check_admin
      render "unauthorized.html" and return
    end
  end

end

so non-admin users are not prevented from accessing the sensitive admin pages, but they're just shown a page that tells them they're not allowed to see the content.

# app/views/admin/unauthorized.html

<p>Sorry, only admins can see this page</p>

Page link:https//www.codepudding.com/Softwaredesign/521756.html

Prev:When I run migration, config.assets is not working in rails 7
Next:Rails 7 JQuery Not Working, but Shows in Sources
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding