我已经遵循了如何安装Administrate Gem的教程,它是Ruby on Rails中ActiveAdmin的替代品,它在开发和生产(Heroku)中运行良好,但唯一的问题是当我去www时.myherokuapp.com / admin我去那里没有要求密码。我甚至用另一台电脑做过。以前有人有这个问题吗?这是我的用户dashboar文件
仪表板/ users_dashboard
require "administrate/base_dashboard"
class UserDashboard < Administrate::BaseDashboard
# ATTRIBUTE_TYPES
# a hash that describes the type of each of the model's fields.
#
# Each different type represents an Administrate::Field object,
# which determines how the attribute is displayed
# on pages throughout the dashboard.
ATTRIBUTE_TYPES = {
posts: Field::HasMany,
reviews: Field::HasMany,
id: Field::Number,
email: Field::String,
encrypted_password: Field::String,
reset_password_token: Field::String,
reset_password_sent_at: Field::DateTime,
remember_created_at: Field::DateTime,
sign_in_count: Field::Number,
current_sign_in_at: Field::DateTime,
last_sign_in_at: Field::DateTime,
current_sign_in_ip: Field::String,
last_sign_in_ip: Field::String,
created_at: Field::DateTime,
updated_at: Field::DateTime,
name: Field::String,
password: PasswordField,
password_confirmation: PasswordField
}
# COLLECTION_ATTRIBUTES
# an array of attributes that will be displayed on the model's index page.
#
# By default, it's limited to four items to reduce clutter on index pages.
# Feel free to add, remove, or rearrange items.
COLLECTION_ATTRIBUTES = [
:posts,
:reviews,
:id,
:email,
]
# SHOW_PAGE_ATTRIBUTES
# an array of attributes that will be displayed on the model's show page.
SHOW_PAGE_ATTRIBUTES = ATTRIBUTE_TYPES.keys
# FORM_ATTRIBUTES
# an array of attributes that will be displayed
# on the model's form (`new` and `edit`) pages.
FORM_ATTRIBUTES = [
:posts,
:reviews,
:email,
:password,
:password_confirmation,
# :encrypted_password,
# :reset_password_token,
# :reset_password_sent_at,
# :remember_created_at,
# :sign_in_count,
# :current_sign_in_at,
# :last_sign_in_at,
:current_sign_in_ip,
:last_sign_in_ip,
:name,
]
# Overwrite this method to customize how users are displayed
# across all pages of the admin dashboard.
#
# def display_resource(user)
# "User ##{user.id}"
# end
end
答案 0 :(得分:2)
作为suggested by the authors,保护管理页面的最简单方法是基本的HTTP身份验证:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: "name", password: "supersecretpassword"
end
如果您的姓名和密码是公开的,请确保您的姓名和密码不在您的来源中。使用环境变量(使用下面的dotenv)代替:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: ENV.fetch("ADMIN_NAME"), password: ENV.fetch("ADMIN_PASSWORD")
end
答案 1 :(得分:1)
在Admin::ApplicationController
中,您应该实施authenticate_admin
方法。例如,如果您的用户不是管理员,则可以重定向您的用户。有关详情,请查看docs。
def authenticate_admin
redirect_to root_path unless current_user.admin?
end