在 Heroku 上管理 Gem
Administrate Gem On Heroku
我遵循了如何安装 Administrate Gem 的教程,它是 Rails 上 Ruby 中 ActiveAdmin 的替代品,它在开发中运行良好并且production (Heroku),但唯一担心的是当我去 www.myherokuapp.com/admin 时,我去那里时没有要求输入密码。我什至用另一台电脑做到了。以前有人遇到过这个问题吗?这是我的用户仪表板文件
dashboard/users_dashboard
require "administrate/base_dashboard"
class UserDashboard < Administrate::BaseDashboard
# ATTRIBUTE_TYPES
# a hash that describes the type of each of the model's fields.
#
# Each different type represents an Administrate::Field object,
# which determines how the attribute is displayed
# on pages throughout the dashboard.
ATTRIBUTE_TYPES = {
posts: Field::HasMany,
reviews: Field::HasMany,
id: Field::Number,
email: Field::String,
encrypted_password: Field::String,
reset_password_token: Field::String,
reset_password_sent_at: Field::DateTime,
remember_created_at: Field::DateTime,
sign_in_count: Field::Number,
current_sign_in_at: Field::DateTime,
last_sign_in_at: Field::DateTime,
current_sign_in_ip: Field::String,
last_sign_in_ip: Field::String,
created_at: Field::DateTime,
updated_at: Field::DateTime,
name: Field::String,
password: PasswordField,
password_confirmation: PasswordField
}
# COLLECTION_ATTRIBUTES
# an array of attributes that will be displayed on the model's index page.
#
# By default, it's limited to four items to reduce clutter on index pages.
# Feel free to add, remove, or rearrange items.
COLLECTION_ATTRIBUTES = [
:posts,
:reviews,
:id,
:email,
]
# SHOW_PAGE_ATTRIBUTES
# an array of attributes that will be displayed on the model's show page.
SHOW_PAGE_ATTRIBUTES = ATTRIBUTE_TYPES.keys
# FORM_ATTRIBUTES
# an array of attributes that will be displayed
# on the model's form (`new` and `edit`) pages.
FORM_ATTRIBUTES = [
:posts,
:reviews,
:email,
:password,
:password_confirmation,
# :encrypted_password,
# :reset_password_token,
# :reset_password_sent_at,
# :remember_created_at,
# :sign_in_count,
# :current_sign_in_at,
# :last_sign_in_at,
:current_sign_in_ip,
:last_sign_in_ip,
:name,
]
# Overwrite this method to customize how users are displayed
# across all pages of the admin dashboard.
#
# def display_resource(user)
# "User ##{user.id}"
# end
end
作为 suggested by the authors,保护您的管理页面的最简单方法是基本 HTTP 身份验证:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: "name", password: "supersecretpassword"
end
如果是 public,请确保不要将您的姓名和密码放入来源中。使用环境变量(使用下面的 dotenv)代替:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: ENV.fetch("ADMIN_NAME"), password: ENV.fetch("ADMIN_PASSWORD")
end
在您的 Admin::ApplicationController 中,您应该实施 authenticate_admin 方法。因此,例如,如果他们不是管理员,您可以重定向您的用户。欲了解更多信息,您可以查看 docs.
def authenticate_admin
redirect_to root_path unless current_user.admin?
end
我遵循了如何安装 Administrate Gem 的教程,它是 Rails 上 Ruby 中 ActiveAdmin 的替代品,它在开发中运行良好并且production (Heroku),但唯一担心的是当我去 www.myherokuapp.com/admin 时,我去那里时没有要求输入密码。我什至用另一台电脑做到了。以前有人遇到过这个问题吗?这是我的用户仪表板文件
dashboard/users_dashboard
require "administrate/base_dashboard"
class UserDashboard < Administrate::BaseDashboard
# ATTRIBUTE_TYPES
# a hash that describes the type of each of the model's fields.
#
# Each different type represents an Administrate::Field object,
# which determines how the attribute is displayed
# on pages throughout the dashboard.
ATTRIBUTE_TYPES = {
posts: Field::HasMany,
reviews: Field::HasMany,
id: Field::Number,
email: Field::String,
encrypted_password: Field::String,
reset_password_token: Field::String,
reset_password_sent_at: Field::DateTime,
remember_created_at: Field::DateTime,
sign_in_count: Field::Number,
current_sign_in_at: Field::DateTime,
last_sign_in_at: Field::DateTime,
current_sign_in_ip: Field::String,
last_sign_in_ip: Field::String,
created_at: Field::DateTime,
updated_at: Field::DateTime,
name: Field::String,
password: PasswordField,
password_confirmation: PasswordField
}
# COLLECTION_ATTRIBUTES
# an array of attributes that will be displayed on the model's index page.
#
# By default, it's limited to four items to reduce clutter on index pages.
# Feel free to add, remove, or rearrange items.
COLLECTION_ATTRIBUTES = [
:posts,
:reviews,
:id,
:email,
]
# SHOW_PAGE_ATTRIBUTES
# an array of attributes that will be displayed on the model's show page.
SHOW_PAGE_ATTRIBUTES = ATTRIBUTE_TYPES.keys
# FORM_ATTRIBUTES
# an array of attributes that will be displayed
# on the model's form (`new` and `edit`) pages.
FORM_ATTRIBUTES = [
:posts,
:reviews,
:email,
:password,
:password_confirmation,
# :encrypted_password,
# :reset_password_token,
# :reset_password_sent_at,
# :remember_created_at,
# :sign_in_count,
# :current_sign_in_at,
# :last_sign_in_at,
:current_sign_in_ip,
:last_sign_in_ip,
:name,
]
# Overwrite this method to customize how users are displayed
# across all pages of the admin dashboard.
#
# def display_resource(user)
# "User ##{user.id}"
# end
end
作为 suggested by the authors,保护您的管理页面的最简单方法是基本 HTTP 身份验证:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: "name", password: "supersecretpassword"
end
如果是 public,请确保不要将您的姓名和密码放入来源中。使用环境变量(使用下面的 dotenv)代替:
class Admin::ApplicationController < Administrate::ApplicationController
http_basic_authenticate_with name: ENV.fetch("ADMIN_NAME"), password: ENV.fetch("ADMIN_PASSWORD")
end
在您的 Admin::ApplicationController 中,您应该实施 authenticate_admin 方法。因此,例如,如果他们不是管理员,您可以重定向您的用户。欲了解更多信息,您可以查看 docs.
def authenticate_admin
redirect_to root_path unless current_user.admin?
end