Skip to content

Custom authentication and authorization

Jump to bottom Edit New page
Philippe Vaucher edited this page Jul 10, 2018 · 2 revisions

If you use something like option 2 of https://github.com/plataformatec/devise/wiki/How-To:-Add-an-Admin-Role then you have authenticate_user! and user_signed_in? but it can be tricky to define methods to allow the lit interface only to your admins.

The following code works around this by defining authenticate_admin! and admin_signed_in?:

Devise::Controllers::Helpers.class_eval do
  def authenticate_admin!(opts={})
    user = authenticate_user!(opts)
    unless admin_signed_in?
      sign_out(user)
      throw(:warden, opts)
    end
    user
  end

  def admin_signed_in?
    current_user&.admin?
  end
end

ActiveSupport.on_load(:action_controller) do
  if respond_to?(:helper_method)
    helper_method :authenticate_admin!, :admin_signed_in?
  end
end

Lit.authentication_function = :authenticate_admin!
Lit.authentication_verification = :admin_signed_in?

Additionally, you can restrict the routes as well.

authenticate :user, lambda { |u| u.admin? } do
  mount Lit::Engine => '/lit'
end
Add a custom footer
Add a custom sidebar
Clone this wiki locally