All geek questions in one place

Develop a login with models of users or administrators and subdomains of the Basecamp style

I have separate models for Devise users and administrators. I also use Basecamp style subdomains. Everything works well, with the exception of a few controllers and actions, when I need to be able to authenticate as a user or administrator.

I currently have authenticate_user! set in my application_controller.rb, and I skip it with skip_before_filter for those controllers and actions that only administrators should have access to.

Unfortunately, I can’t just specify the authentication requirement on each controller, because I still need some controllers and actions for access by both the user and the administrator.

I tried several things to no avail. It seems that if I translate authenticate_user! and authenticate_admin! it is not processed into some subdomain detection logic. Mostly:

current_subdomain = request.subdomains.first if current_subdomain == 'admin' authenticate_admin! else authenticate_user! end

At some point, I was able to try to authenticate, but for some reason it failed, except that the session controller did not need authentication, which led to a redirect cycle (the first for me with Ruby!).

I understand that I can add a field to my user, which indicates the status of the administrator, but the application requires a greater separation of powers between the user and the administrator than it will allow, with the exception of a few controllers and actions.

  • Ruby 1.9.2
  • Rails 3.0.3
  • Develop 1.1.3
+4
source share
3 answers

Try writing your own before filtering by lines

 #application_controller.rb def authenticate_any! if admin_signed_in? true else authenticate_user! end end

then in the controller where you want both administrators and users to have access through authentication, use

 #myobject_controller.rb before_filter :authenticate_any!

If you are logged in as an administrator, you will pass the before_filter file, otherwise you will go through authenticate_user! which is the default behavior.

+13
source

This actually does not work:

 #application_controller.rb def authenticate_any! if admin_signed_in? true else authenticate_user! end end

It will start infinite recursion for the authentication user.

try this instead:

 def authenticate_user! return if admin_signed_in? super end

Just remember that with this second decision you say something like this: "You must be registered as, at least, and you will only lose user authentication.

Administrators will be able to access everyone.

+10
source

Maybe you should consider an additional stone - CanCan for role processing

Pretty well described here: http://www.tonyamoyal.com/2010/09/29/rails-authentication-with-devise-and-cancan-part-2-restful-resources-for-administrators/

+1
source

Source: https://habr.com/ru/post/1334468/

More articles:


All Articles