Rails_admin，cancancan授權，設計認證。登錄重定向？

Question

當我嘗試導航到/管理員。如果沒有用戶登錄並且有非管理員用戶登錄，Cancancan會引發一個錯誤處理。我希望將其重定向到登錄屏幕 - 如果登錄成功，請繼續到rails_admin儀表板。

見下文，我現在的代碼/配置，請讓我知道如果你需要更多的信息：

/app/models/ability.rb

class Ability 
    include CanCan::Ability 

    def initialize(user) 

    user ||= User.new # guest user (not logged in) 
    if user && user.admin? 
     can :access, :rails_admin  # only allow admin users to access Rails Admin 
     can :dashboard 
     can :manage, :all 
    else 
     can :read, :all     # allow everyone to read everything 
    end 

    end 
end 

/config/initializers/rails_admin.rb

RailsAdmin.config do |config| 

    ### Popular gems integration 

    # == Devise == 
    # config.authenticate_with do 
    # warden.authenticate! scope: :user 
    # end 
    # config.current_user_method(&:current_user) 

    # == Cancan == 
    config.authorize_with :cancan 

    ## == Pundit == 
    # config.authorize_with :pundit 

    ## == PaperTrail == 
    # config.audit_with :paper_trail, 'User', 'PaperTrail::Version' # PaperTrail >= 3.0.0 

    ### More at https://github.com/sferik/rails_admin/wiki/Base-configuration 

    config.actions do 
    dashboard      # mandatory 
    index       # mandatory 
    new 
    export 
    bulk_delete 
    show 
    edit 
    delete 
    show_in_app 

    ## With an audit adapter, you can add: 
    # history_index 
    # history_show 
    end 

    config.model 'User' do 
    create do 
     field :name 
     field :email 
     field :password 
     field :password_confirmation 
     field :role 
    end 

    edit do 
     field :name 
     field :email 
     field :password 
     field :password_confirmation 
     field :role 
    end 
    end 


end 

/config/routes.rb

Rails.application.routes.draw do 
    mount RailsAdmin::Engine => '/admin', as: 'rails_admin' 
    # authenticate :admin do 
    # mount RailsAdmin::Engine => '/admin', as: :rails_admin 
    # end 

    root to: 'visitors#index' 
    devise_for :users 
    resources :users 

    devise_scope :user do 
    get "signup", to: "devise/registrations#new" 
    get "login", to: "devise/sessions#new" 
    get "logout", to: "devise/sessions#destroy", as: 'logout' 
    end 
end 

Answer 1

這聽起來像你正在尋找從CanCan :: AccessDenied異常救援。

rescue_from CanCan::AccessDenied do |exception| 
    redirect_to login_path, :alert => exception.message 
end 

將login_path替換爲登錄名的實際路徑名。您在做一個rake routes和發現記錄指向devise/sessions#new

您也可以使邏輯更加堅固且僅當他們試圖在管理方面要訪問的網頁重定向條目中找到它。

Answer 2

我有類似的情況，我能夠重定向沒有管理員根路徑。我使用Rails 5和Ruby 2.3這裏是我的設置：

管理軌道

# config/initialize/rails_admin.rb 
    config.authorize_with do 
    unless current_user.try(:admin?) 
     flash[:error] = "You are not authorize to access this page!" 
     redirect_to main_app.root_path 
    end 
    end 

CanCanCan

# models/ability.rb 
    def initialize(user) 
    user ||= User.new # guest user (not logged in) 
    can :manage, :all if user.role == "user" 
    end 

當用戶試圖訪問/admin它被重定向到根路徑閃爍錯誤。