I've been trying to set up rails_admin and to work with Rails 4.0.4, but unfortunately I ran across some issues. I have a devise generated User model with admin added as boolean afterwards. But even if the User is admin and needs to access the rails_admin panel, I get unauthorized access. It's like the current user cannot be passed in the ability.rb properly. Not sure if this is a Rails 4 issue or I'm doing something wrong.
Here's the code, with a little (ugly?) workaround that works, but I need a more elegant solution. Thanks.
ability.rb
class Ability
include CanCan::Ability
def initialize(user)
# Define abilities for the passed in user here. For example:
#
user = User.current # guest user (not logged in)
if user.admin?
can :manage, :all
can :access, :rails_admin # needed to access RailsAdmin
can :dashboard # dashboard access
else
can :read, :all
end
end
end
user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
def self.current
Thread.current[:user]
end
def self.current=(user)
Thread.current[:user] = user
end
end
application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_filter :set_current_user
def set_current_user
User.current = current_user
end
end
And, of course, I have this in rails_admin.rb enabled.
RailsAdmin.config do |config|
config.authorize_with :cancan
end
Thanks!
