I am new to rails and I try to understand it. I followed the tutorial and adapted it to my own needs (just changing “Articles” to “Laboratoires”, for instance). All worked well.
Then I wanted to try ActiveAdmin with Devise and Cancancan. I have two kind of users (admin_role and referent_role).
I managed to give all users the abilities I wanted, but I realised than an user can access informations on Laboratoires using /laboratoires (fine by me) but also /admin/laboratoires. I would like only user with admin_role to access /admin/laboratoires. Referent_role users should only access /laboratoires.
I tried to modify my Cancancan’s ability.rb file several ways but nothing worked up to now. Maybe you may have an idea?
Here’s the ability file:
# frozen_string_literal: true class Ability include CanCan::Ability def initialize(user) user ||= User.new # guest user (not logged in) if user.admin_role? can :manage, :all elsif user.referent_role? can [:read, :create, :update, :destroy], Laboratoire cannot [:read, :create, :update, :destroy], ActiveAdmin::Page, name: "Laboratoire", namespace_name: "admin" end end end
The following line
cannot [:read, :create, :update, :destroy], ActiveAdmin::Page, name: "Laboratoire", namespace_name: "admin" is the one I expected to prevent users with only referent_role to access my activeadmin pages but it seems I miss something or a concept is unclear.
In other words, I would like to restrict access to backend (which is my activeadmin’s pages) for all except the users that have an admin role.