ruby-on-railsdeviserails-admin

How to restrict access to rails_admin admin panel?

I have a simple app where i have used devise for authentication. I have just added rails_admin gem

https://github.com/sferik/rails_admin

This will allow for easy access to data via /admin route. I have also added

RailsAdmin.config do |config|
  config.authenticate_with do
    warden.authenticate! scope: :admin
  end
  config.current_user_method(&:current_admin)
end

to initializer so now authentication is needed before accessing /admin.

But i want one more restriction. I have an admin property in my User model. I change the admin property only via console. I want to restrict access to /admin panel to only Users with admin property set to true.

Currently any user can access the /admin panel provided by rails_admin gem. How can i achieve this goal? I appreciate any help! Thanks!

Solution

  • I suggest you to write this custom authorization since you have a boolean field for admin..

    config.authorize_with do |controller|
  if current_user.nil?
    redirect_to main_app.new_user_session_path, flash: {error: 'Please Login to Continue..'}
  elsif !current_user.admin?
    redirect_to main_app.root_path, flash: {error: 'You are not Admin bro!'}
  end
end