Prevent admin access to most users?

30 views
Skip to first unread message

Toby Johnson

unread,
Feb 20, 2015, 5:40:58 PM2/20/15
to alche...@googlegroups.com
I have a pre-existing Rails site using Devise and am integrating Alchemy CMS to just show a few pages ("About", "Contact", etc.)

So I want to prevent most users from seeing the Alchemy admin area, even if they're logged in to my main site. My existing User object has an is_admin? method, and only those users should see the Alchemy CMS admin area too. But everyone should be able to see the regular pages, whether they are logged in or not (for guest users I just have a "guest" User object that I create in memory).

So my first thought was that this is something I could easily accomplish with alchemy_roles. But even if I just return ['member'] for non-admins, they can still see the admin area if they guess the URL.

So now I'm thinking that this is something I'd need to do via CanCan, but I'm not familiar enough with that gem or how Alchemy uses it. Can someone provide an example of how to do this? Preferably they would get redirected to root if they're not authorized, but just throwing some 500 error would work too.

Thanks!

Thomas von Deyen

unread,
Feb 21, 2015, 11:33:40 AM2/21/15
to alche...@googlegroups.com
Members shouldn't be able to see the admin area. They are meant to be exactly for your use case. They are able to access only the login screen. That is something we could change, so you can build your own member login. 

Could you please open an issue on the bug tracker?

Thank you. 


Thomas
--
You received this message because you are subscribed to the Google Groups "Alchemy CMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alchemy-cms...@googlegroups.com.
To post to this group, send email to alche...@googlegroups.com.
Visit this group at http://groups.google.com/group/alchemy-cms.
To view this discussion on the web visit https://groups.google.com/d/msgid/alchemy-cms/fd51ec48-ba7c-4d19-a236-4203228b3955%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Toby Johnson

unread,
Feb 21, 2015, 2:10:08 PM2/21/15
to alche...@googlegroups.com
Okay, will do. I already have a member login screen, and have set Alchemy.login_path etc. accordingly.

--
You received this message because you are subscribed to a topic in the Google Groups "Alchemy CMS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/alchemy-cms/k3hFaP3S-mg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to alchemy-cms...@googlegroups.com.

To post to this group, send email to alche...@googlegroups.com.
Visit this group at http://groups.google.com/group/alchemy-cms.
To view this discussion on the web visit https://groups.google.com/d/msgid/alchemy-cms/C77A12B3-7B80-40E4-9B08-F77EE09A52D3%40gmail.com.
Reply all
Reply to author
Forward
0 new messages