Ask A Question

Notifications

You’re not receiving notifications from this thread.

redirect loop on ActiveAdmin and authorization with cancancan

JM asked in Gems / Libraries

When i try navigating to http://localhost:3000/admin i get "This webpage has a redirect loop"
and also my logs I have

Started GET "/admin" for 127.0.0.1 at 2015-11-25 17:58:35 +0300
Processing by Admin::DashboardController#index as HTML
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."deleted_at" IS NULL AND "users"."id" = ? LIMIT 1 [["id", 1]]
Redirected to http://localhost:3000/admin
Filter chain halted as :authenticate_active_admin_user rendered or redirected
Completed 302 Found in 4ms (ActiveRecord: 0.1ms)

I have tried all i can but i am stil stuck :

my activeadmin.rb looks like this

def authenticate_admin_user!
if current_user.admin?
redirect_to admin_root_path
else
redirect_to new_user_session_path
end
end

config.authorization_adapter = ActiveAdmin::CanCanAdapter
config.authentication_method = :authenticate_admin_user!
config.current_user_method = :current_user
config.on_unauthorized_access = :access_denied

my ability.rb

def initialize(user)
user ||= User.new

if user.admin?
  can :read, ActiveAdmin::Page, :name => "Dashboard"
  can :manage, :all
elsif user.client?
  can :manage, [Activity, Domain, FactPage, Task, TaskType]
  cannot :read, ActiveAdmin::Page, :name => "Dashboard"
else
  can :read, Activity
end

can :manage, UserSessionsController do |user_session|
  user == user_session
end

if user.active?
  can :time, Activity
  can :read, ActiveAdmin::Page, :name => "Dashboard"
end
can :log_in, User
can :log_out, User
can :reset_password, User

end

will appreciate some good direction ....

Reply

I think the trick here is in your authenticate admin user method. You don't want to redirect if their an admin, only if they aren't (so you don't get a loop).

def authenticate_admin_user!
  if !current_user.admin?
   redirect_to new_user_session_path
  end
end
Reply

HI Chris this seems to work but i get another error:

NoMethodError in Admin::Dashboard#index

Showing /home/jmunyi/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/activeadmin-1.0.0.pre2/app/views/active_admin/page/index.html.arb where line #2 raised:

undefined method `destroy_user_session_path' for


    :ActiveAdmin::Views::TabbedNavigation

    fyi I am not using Devise anywhere my authorization is being handle by cancancan and sorcery

    Reply

    I've never used Sorcery with ActiveAdmin so I wont' be of huge help here, but I imagine you can just copy that view into your app, override it, and adjust the links.

    Reply

    You can open an issue on the ActiveAdmin github page to get some help from their maintainers. They're really helpful for this stuff.

    Reply

    I reached out to them, had to chnage a few things but then again activeadmin doesnt support logout links with ids to landed into more problems, i might end up using sorcery for the app and devise for activeadmin ... not ideal but it migth do the job.... Unless there is a way to refactor the sorcery destroy session method not to use an id when deleting a session

    Reply

    Yeah, that's probably the easiest way then. This is one of the reasons I'm not a huge fan of ActiveAdmin because it can be fairly opinionated at times on things like this. Overall it's a great admin, but you might check out the recent episode on Administrate if you want to try an alternative.

    Reply

    I already did, but i guess its still to use administrate for a production quality app , isnt ?

    Reply

    I guess it depends. It is just basic scaffolds for your gems, so as long as you don't mind updating it regularly, I don't see that there's much to worry about with it.

    Reply

    does it support filters at this point ? as activeadmin does ? thats the reason why i was going for active admin .... i needed multiple filters for my data ... May be i should check if they have updated and included that since the last time i checked it out about 3 weeks ago

    Reply

    I know they've been discussing it at least. That's the last feature I've been waiting for but I know it's coming soon so I've already started a few apps using Administrate knowing that.

    Reply

    cool.... i will keep checking on its progress cheers !!

    Reply

    settle for activeadmin with device for Authorization and sorcery for the App .. not ideal but got the job done

    Reply
    Join the discussion
    Create an account Log in

    Want to stay up-to-date with Ruby on Rails?

    Join 85,831+ developers who get early access to new tutorials, screencasts, articles, and more.

      We care about the protection of your data. Read our Privacy Policy.