admin_data security configuration for a Rails 2.3.x application
- In development mode user is allowed to view and update data. All the security settings supplied are applied only in non-development environment.
- Put all your security configuration information at ~/config/initializers/admin_data.rb .
Default security configuration is to allow both view and update access in development mode and restrict both view and update access in any other environment. The default security configuration looks like this
AdminData::Config.set = {
:is_allowed_to_view => lambda {|controller| return true if Rails.env.development? },
:is_allowed_to_update => lambda {|controller| return true if Rails.env.development? },
}
By default in production environment no one will be able to view anything. It is upto you how you want to configure your settings for production environment. Here is an example of configuration I use in one of my projects.
AdminData::Config.set = {
:is_allowed_to_view => lambda {|controller| controller.send('logged_in?') },
:is_allowed_to_update => lambda {|controller| controller.send('admin_logged_in?') },
}
In the above case application_controller.rb must have methods logged_in? and admin_logged_in? .
As you can see controller is provided as argument to proc so you can invoke any method on controller to decide if the user should have access or not.
admin_data provides RSS feed for all models. RSS feed can only be consumed if you are properly authenticated. admin_data uses http basic authentication mechanism to authenticate requests for RSS feed. Given below is how you can provider userid and password against to check for authentication.
AdminData::Config.set = {
:feed_authentication_user_id => 'admin_data',
:feed_authentication_password => 'welcome'
}
The url to access RSS feed for model user would be http://localhost:3000/admin_data/feed/user . In this link substitute user with the model you want to track.