开发者

In Rails, how to have an /admin section, and then controllers within the admin section?

I want to have a /admin section in my application, and have routes within this /admin section like:

www.example.com/admin/ (only certain users have acess to this section)

then have controllers in this section like:

/admin/users/{add, new, etc}

What are m开发者_C百科y options for something like this? (using rails 3)


I prefer to do something similar to Todd's answer but slightly different. Rather than adding the before_filter to each controller related to Admin stuff I prefer to create an AdminController that all controllers related to admin actions can inherit from:

# config/routes.rb
namespace :admin do
  resources :users
end

# app/controllers/admin_controller.rb
class AdminController < ApplicationController
  before_filter :authorized?
  private
  def authorized?
    unless current_user.has_role? :admin
      flash[:error] = "You are not authorized to view that page."
      redirect_to root_path
    end
  end
end

# app/controllers/admin/users_controller.rb
class Admin::UsersController < AdminController
   ...
end


Do something like this in your routes.rb:

  namespace :admin do
    resources :users
  end

See http://guides.rubyonrails.org/routing.html for more detail.

Then in each admin controller you'll need a before_filter:

before_filter :authorized?
def authorized?
    #check if authorized here.
end


As Todd mentioned, you want to add a namespaced route:

namespace :admin do
  resources :users
end

You also need to put your controllers, views, etc in subfolders of each of these sections called "admin/". If you're generating this from scratch, it's easy:

rails g controller admin/users

This may seem pretty complicated, but I have an article that walks through all of this, with a sample rails 3 app you can download to play around with it:

Routing in Ruby on Rails 3


Then in each admin controller you'll need a before_filter:

before_filter :authorized?
def authorized?
  #check if authorized here.
end

I think it's better if he puts this code into a main AdminController which inherits from ApplicationController, then each admin controller will inherits from this AdminController.

About Rails3, here is a good article about routes


Obviously what Todd said is correct. However if you're a fan of additional security through obscurity, you can also keep your new_admin_user url helpers and Admin:: namespaced controllers, but provide a less widely-used public url path with the following:

scope  :module => "admin", :as => 'admin', :path => 'xyz' do
 resources :user
end

A rake route with that setup will show routes along these lines:

new_admin_user GET  /xyz/users/new(.:format)  {:controller=>"admin/users", :action=>"new"}

I suppose the only actor this would thwart is an unsophisticated attacker who's crawled and compiled a bunch of Rails sites that provide system access at admin/, but I don't see any harm in daring to be different with your admin console paths really.


application_controller.rb   
before_filter :if_namespace_is_admin?

def if_name_space_is_admin?
    #now you should check to see if the namespace is from admin
    #now you need namespaces because ruby ns confuse the f'out of me
end 
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜