Ruby on Rails Authentication and Authorization Update 3.2
Created: 9 March 2013 Modified:
This is an update to the source code to modify it for Rails 3.2 and Devise 2.2.3. I have also added some helpful bits to the default page and corrected flaws. You should at least already have Ruby, Ruby On Rails, Devise and CanCan installed. It would be preferable that the reader has gone through the five part article first, though not required.
The first difficulty that I found was the lack of a dedicated admin user. Our first goal will be to create the email@example.com user who has permissions to everything.
First lets create the following script which will encrypt our password for our admin user. Having already installed Devise the bcrypt should already be available.
We should get something close to the following when running the script
Running password-encrypter.rb script
This gives us the password so that we can use the SQLite Manager in Firefox to create our admin user. As shown below edit the record with an id of 1 and enter firstname.lastname@example.org for username/email and the encrypted password returned by your script for the password.
Here is the table …
Double click the record with id of 1 and edit it.
Next we need to use the same methods to create the “administrator” role in the role table.
Now we need to associate this role with our user by editing the user_role table and entering a user id of 1 and a role of id of 1 which we just edited and created.
Finally we go into the role_permissions table and add “all” for the controller and “manage” for the permissions.
We now have an admin user whom we have assigned management privileges to all controller actions. Now our journey can truly begin.
If you are like me you find it annoying to have to remember the URL addresses and type them into the application. Lets edit the static landing page for URL http://localhost:3000 so that it has links we can use.
Now we have a friendly landing that is a little helpful. Next lets update our gemfile to indicate rails 3.2 and to update our sass versions.
Now Rails application is configured but if you play around with it you will realize that the Role Permissions fail to load when on the Edit
Role screen. This is because rails 3.2 handles helper files differently and it handles layouts differently.
Helper files are to be used with the View of the MVC model not with the controller which is what we chose to do the first time around.
The contents of role_permissions_helper.rb should be copied and pasted to the end of the role_permissions_controller.rb file. The
“layout nil” at the beginning of the controller no longer works to suppress the layout for a controller. Now instead we add
“render :layout => nil if request.xhr?” to the “format.html” lines in the controller.
Now comes the big finale! We modify the application_controller.rb to call Devise authentication. The application_controller is the parent of our other controllers and thus through the magic of inheritance all our controllers will that authentication.
Finally make sure that your users controller and your role controller have the “load_and_authorize_resource” right after the class declaration.
Your Ruby on Rails 3.2 with authentication and authorization should be good to go! Happy programming.