Hi,
I am new to rails and I try to understand it. I followed the tutorial and adapted it to my own needs (just changing “Articles” to “Laboratoires”, for instance). All worked well.
Then I wanted to try ActiveAdmin with Devise and Cancancan. I have two kind of users (admin_role and referent_role).
I managed to give all users the abilities I wanted, but I realised than an user can access informations on Laboratoires using /laboratoires (fine by me) but also /admin/laboratoires. I would like only user with admin_role to access /admin/laboratoires. Referent_role users should only access /laboratoires.
I tried to modify my Cancancan’s ability.rb file several ways but nothing worked up to now. Maybe you may have an idea?
Here’s the ability file:
# frozen_string_literal: true
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin_role?
can :manage, :all
elsif user.referent_role?
can [:read, :create, :update, :destroy], Laboratoire
cannot [:read, :create, :update, :destroy], ActiveAdmin::Page, name: "Laboratoire", namespace_name: "admin"
end
end
end
The following line cannot [:read, :create, :update, :destroy], ActiveAdmin::Page, name: "Laboratoire", namespace_name: "admin"
is the one I expected to prevent users with only referent_role to access my activeadmin pages but it seems I miss something or a concept is unclear.
In other words, I would like to restrict access to backend (which is my activeadmin’s pages) for all except the users that have an admin role.