Rails, ActiveAdmin, Cancancan: how to prevent access to /admin?

Hi,

I am new to rails and I try to understand it. I followed the tutorial and adapted it to my own needs (just changing “Articles” to “Laboratoires”, for instance). All worked well.

Then I wanted to try ActiveAdmin with Devise and Cancancan. I have two kind of users (admin_role and referent_role).

I managed to give all users the abilities I wanted, but I realised than an user can access informations on Laboratoires using /laboratoires (fine by me) but also /admin/laboratoires. I would like only user with admin_role to access /admin/laboratoires. Referent_role users should only access /laboratoires.

I tried to modify my Cancancan’s ability.rb file several ways but nothing worked up to now. Maybe you may have an idea?

Here’s the ability file:

# frozen_string_literal: true
class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)

    if user.admin_role?
      can :manage, :all
    elsif user.referent_role?
      can [:read, :create, :update, :destroy], Laboratoire
      cannot [:read, :create, :update, :destroy], ActiveAdmin::Page, name: "Laboratoire", namespace_name: "admin"
    end
  end
end

The following line cannot [:read, :create, :update, :destroy], ActiveAdmin::Page, name: "Laboratoire", namespace_name: "admin" is the one I expected to prevent users with only referent_role to access my activeadmin pages but it seems I miss something or a concept is unclear.

In other words, I would like to restrict access to backend (which is my activeadmin’s pages) for all except the users that have an admin role.

Well, I actually think I have just found the answer to my own question. I think I got confused between authorization and authentication. I just realised the ActiveAdmin’s parameter config.authentication_method can help me to handle this point. So I wrote a method in the application controller that ActiveAdmin call through this parameter to prevent non admin users to access ActiveAdmin. It worked perfectly well.