Reputation: 20746
How to make the whole site accessible by the single admin only
How can I achieve the following behavior in Ruby on Rails?
I need to make the whole site accessible by the single admin only, so I need to show the authorization page on every not signed in user's action.
What is the best way to do it? Maybe cancancan or smth like this? Can you give me an example, please?
I'm using Ruby on Rails 4.1.4 btw.
Thanks in advance.
Upvotes: 1
Views: 211
Answers (3)
Reputation: 10251
I am big fan of ActiveAdmin. You can manage whole site's content and users through Active Admin even it's provide search, filter & sorting facility. as you described that whole site accessible by the single admin only, not signed in user's action
For your reference:
If you wanted to authorized user for signed in then as papirtiger answered you can simply use that before_action :authenticate_user! method
Update:
As you mentioned that all users can access the page then in this case I would like to suggest to use cancancan for Rails 4. You can simply assign the roles and as per the roles you can give access to use actions. Provide Role Management System
OR
In your Users table append one column of roles as boolean type and assign admin user to false and by default all users to true. This is the easiest way to achieve your goal.
In your controller set If user's role false then he can access everything..
For E.g. Add an Admin Role
Upvotes: 1
Reputation: 102036
You could use Devise to set it up. Since you want a single user system you don´t need cancancan which authorises resources.
Basically you lock down the app by adding a before filter which requires the use to be authenticated:
before_action :authenticate_user!
There is a guide on how to set up the registration to only accept one user on the Devise wiki. https://github.com/plataformatec/devise/wiki/How-To:-Set-up-devise-as-a-single-user-system
Upvotes: 2
Reputation: 7366
If you have only one user that can access your site then you can use devise gem also. Just create simple user using devise. and use before_filter :authenticate_user! on your applications_controller.rb . So each request will checked before reaching to controller.
Upvotes: 1
Related Questions
- How to restrict access to rails_admin admin panel?
- Rails Admin -> only access if user have role admin
- How can I prevent user access?
- Easy way to let only admin manage users
- How to limit access to active admin to admin users
- Rails - Making a page viewable to admin only
- having users and admins in rails devise app(only allowing access to certain views to admins)
- Rails Way to handle single admin on site with no user model/login
- admin can do everything [rails 4]
- Rails app: best way to only have admin user, no other user