All threads / redirect loop on ActiveAdmin and authorization with cancancan
Ask A Question


You’re not receiving notifications from this thread.

redirect loop on ActiveAdmin and authorization with cancancan

John Munyi asked in Gems / Libraries

When i try navigating to http://localhost:3000/admin i get "This webpage has a redirect loop"
and also my logs I have

Started GET "/admin" for at 2015-11-25 17:58:35 +0300
Processing by Admin::DashboardController#index as HTML
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."deleted_at" IS NULL AND "users"."id" = ? LIMIT 1 [["id", 1]]
Redirected to http://localhost:3000/admin
Filter chain halted as :authenticate_active_admin_user rendered or redirected
Completed 302 Found in 4ms (ActiveRecord: 0.1ms)

I have tried all i can but i am stil stuck :

my activeadmin.rb looks like this

def authenticate_admin_user!
if current_user.admin?
redirect_to admin_root_path
redirect_to new_user_session_path

config.authorization_adapter = ActiveAdmin::CanCanAdapter
config.authentication_method = :authenticate_admin_user!
config.current_user_method = :current_user
config.on_unauthorized_access = :access_denied

my ability.rb

def initialize(user)
user ||=

if user.admin?
  can :read, ActiveAdmin::Page, :name => "Dashboard"
  can :manage, :all
elsif user.client?
  can :manage, [Activity, Domain, FactPage, Task, TaskType]
  cannot :read, ActiveAdmin::Page, :name => "Dashboard"
  can :read, Activity

can :manage, UserSessionsController do |user_session|
  user == user_session

  can :time, Activity
  can :read, ActiveAdmin::Page, :name => "Dashboard"
can :log_in, User
can :log_out, User
can :reset_password, User


will appreciate some good direction ....

I think the trick here is in your authenticate admin user method. You don't want to redirect if their an admin, only if they aren't (so you don't get a loop).

def authenticate_admin_user!
  if !current_user.admin?
   redirect_to new_user_session_path

HI Chris this seems to work but i get another error:

NoMethodError in Admin::Dashboard#index

Showing /home/jmunyi/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/activeadmin-1.0.0.pre2/app/views/active_admin/page/index.html.arb where line #2 raised:

undefined method `destroy_user_session_path' for


    fyi I am not using Devise anywhere my authorization is being handle by cancancan and sorcery

    I've never used Sorcery with ActiveAdmin so I wont' be of huge help here, but I imagine you can just copy that view into your app, override it, and adjust the links.

    You can open an issue on the ActiveAdmin github page to get some help from their maintainers. They're really helpful for this stuff.

    I reached out to them, had to chnage a few things but then again activeadmin doesnt support logout links with ids to landed into more problems, i might end up using sorcery for the app and devise for activeadmin ... not ideal but it migth do the job.... Unless there is a way to refactor the sorcery destroy session method not to use an id when deleting a session

    Yeah, that's probably the easiest way then. This is one of the reasons I'm not a huge fan of ActiveAdmin because it can be fairly opinionated at times on things like this. Overall it's a great admin, but you might check out the recent episode on Administrate if you want to try an alternative.

    I already did, but i guess its still to use administrate for a production quality app , isnt ?

    I guess it depends. It is just basic scaffolds for your gems, so as long as you don't mind updating it regularly, I don't see that there's much to worry about with it.

    does it support filters at this point ? as activeadmin does ? thats the reason why i was going for active admin .... i needed multiple filters for my data ... May be i should check if they have updated and included that since the last time i checked it out about 3 weeks ago

    I know they've been discussing it at least. That's the last feature I've been waiting for but I know it's coming soon so I've already started a few apps using Administrate knowing that.

    cool.... i will keep checking on its progress cheers !!

    settle for activeadmin with device for Authorization and sorcery for the App .. not ideal but got the job done

    Join the discussion

    Want to stay up-to-date with Ruby on Rails?

    Join 70,337+ developers who get early access to new tutorials, screencasts, articles, and more.

      We care about the protection of your data. Read our Privacy Policy.

      logo Created with Sketch.

      Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

      © 2023 GoRails, LLC. All rights reserved.