Permission management without using cancan or rolify for active admin

1
votes

I have the requirement in one of the application to use active admin as the admin panel and I have used devise for the authentication purpose.

Now we have three types of users, super_admin admin and normal users. Super admin and admin will have the different functionality and we should use the same active admin interface.

The problem over here is as the devise will not allow two models like

devise_for :admins, ActiveAdmin::Devise.config

devise_for :super_admins, ActiveAdmin::Devise.config

we cant use both in routes to differntiate user type from routes and we can't scope the user type in the active admin as we are not using the role management systems(like cancan), but using the type field in user.

So can any one please help me to find the way to use active admin with two types of admin(super admin and admin). By using type and not using the role managements.

Thanks.

1
ruby-on-railsruby-on-rails-4deviseactiveadmin

1 Answers

2
votes

While it might be possible you're really just making a huge mess by pushing down authorization into the authentication layer.

It would make your Devise setup truly cringeworthy and you also need to setup a authorization layer if your own such as:

(current_super_admin || current_admin).is_a?(SuperAdmin) # yuck

You end up with a greatly overcomplicated authentication layer and a crappy homerolled authorization system. Both are a recipe for disaster.

Its also less than desirable if you need to be able to grant/revoke privileges since you need to transfer the user data from one table to another and also any relations that user might have.

If you want to do roles on the cheap you can simply use a enum column:

rails g migration add_role_to_user role:integer:index

class User
  enum role: [:peasant, :admin, :super_admin]
end