在Heroku上管理Gem

时间:2015-12-01 23:46:55

标签: ruby-on-rails ruby-on-rails-3 ruby-on-rails-4 heroku rubygems

我已经遵循了如何安装Administrate Gem的教程,它是Ruby on Rails中ActiveAdmin的替代品,它在开发和生产(Heroku)中运行良好,但唯一的问题是当我去www时.myherokuapp.com / admin我去那里没有要求密码。我甚至用另一台电脑做过。以前有人有这个问题吗?这是我的用户dashboar文件

仪表板/ users_dashboard

require "administrate/base_dashboard"

class UserDashboard < Administrate::BaseDashboard
  # ATTRIBUTE_TYPES
  # a hash that describes the type of each of the model's fields.
  #
  # Each different type represents an Administrate::Field object,
  # which determines how the attribute is displayed
  # on pages throughout the dashboard.
  ATTRIBUTE_TYPES = {
    posts: Field::HasMany,
    reviews: Field::HasMany,
    id: Field::Number,
    email: Field::String,
    encrypted_password: Field::String,
    reset_password_token: Field::String,
    reset_password_sent_at: Field::DateTime,
    remember_created_at: Field::DateTime,
    sign_in_count: Field::Number,
    current_sign_in_at: Field::DateTime,
    last_sign_in_at: Field::DateTime,
    current_sign_in_ip: Field::String,
    last_sign_in_ip: Field::String,
    created_at: Field::DateTime,
    updated_at: Field::DateTime,
    name: Field::String,
    password: PasswordField,
    password_confirmation: PasswordField

  }

  # COLLECTION_ATTRIBUTES
  # an array of attributes that will be displayed on the model's index page.
  #
  # By default, it's limited to four items to reduce clutter on index pages.
  # Feel free to add, remove, or rearrange items.
  COLLECTION_ATTRIBUTES = [
    :posts,
    :reviews,
    :id,
    :email,
  ]

  # SHOW_PAGE_ATTRIBUTES
  # an array of attributes that will be displayed on the model's show page.
  SHOW_PAGE_ATTRIBUTES = ATTRIBUTE_TYPES.keys

  # FORM_ATTRIBUTES
  # an array of attributes that will be displayed
  # on the model's form (`new` and `edit`) pages.
  FORM_ATTRIBUTES = [
    :posts,
    :reviews,
    :email,
    :password,
    :password_confirmation,
    # :encrypted_password,
    # :reset_password_token,
    # :reset_password_sent_at,
    # :remember_created_at,
    # :sign_in_count,
    # :current_sign_in_at,
    # :last_sign_in_at,
    :current_sign_in_ip,
    :last_sign_in_ip,
    :name,
  ]

  # Overwrite this method to customize how users are displayed
  # across all pages of the admin dashboard.
  #
  # def display_resource(user)
  #   "User ##{user.id}"
  # end
end

2 个答案:

答案 0 :(得分:2)

作为suggested by the authors,保护管理页面的最简单方法是基本的HTTP身份验证:

class Admin::ApplicationController < Administrate::ApplicationController
   http_basic_authenticate_with name: "name", password: "supersecretpassword"
end

如果您的姓名和密码是公开的,请确保您的姓名和密码不在您的来源中。使用环境变量(使用下面的dotenv)代替:

class Admin::ApplicationController < Administrate::ApplicationController
  http_basic_authenticate_with name: ENV.fetch("ADMIN_NAME"), password: ENV.fetch("ADMIN_PASSWORD")
end

答案 1 :(得分:1)

Admin::ApplicationController中,您应该实施authenticate_admin方法。例如,如果您的用户不是管理员,则可以重定向您的用户。有关详情,请查看docs

def authenticate_admin
 redirect_to root_path unless current_user.admin?
end