RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data.
[Action required] Security issue
RailsAdmin::Config::Fields::Types::Serialized#parse_input was unsafe, because it was using the infamous
To fix this, RailsAdmin now uses safe_yaml, with
suppress_warnings on, for maximum compatibity with all existing apps.
Incidentally, if you want to safely load YAML in your own app, you can use
YAML.load(something, safe: true), since RailsAdmin does not force safe load by default (you might be parsing objects in YAML coming from a safe source).
If you use Serialized with RailsAdmin with non-totally-trusted users, your server is at risk. Update your gem to
> 0.4.3 (should be released any time soon) or to at least this patched commit if you use
Rails3.0 and other non-maintained branches may be at risk too, I strongly advise against using those any longer.
More information about the whole drama here.
- Display database tables
- Create new data
- Easily update data
- Safely delete data
- Custom actions
- Automatic form validation
- Search and filtering
- Export data to CSV/JSON/XML
- Authentication (via Devise)
- Authorization (via Cancan)
- User action history (internally or via PaperTrail)
- Supported ORMs
- Mongoid [new]
Gemfile, add the following dependencies:
gem 'fastercsv' # Only required on Ruby 1.8 and below gem 'rails_admin'
And then run:
rails g rails_admin:install
This generator will install RailsAdmin and Devise if you don't already have it installed. Devise is strongly recommended to protect your data from anonymous users. Note: If you do not already have Devise installed, make sure you remove the registerable module from the generated user model.
It will modify your
mount RailsAdmin::Engine => '/admin', :as => 'rails_admin' # Feel free to change '/admin' to any namespace you need.
devise_for route must be placed before the mounted engine. The following will generate infinite redirects.
mount RailsAdmin::Engine => '/admin', :as => 'rails_admin' devise_for :admins
This will resolve the infinite redirect error:
devise_for :admins mount RailsAdmin::Engine => '/rails_admin', :as => 'rails_admin'
See #715 for more details.
It will also add an intializer that will help you getting started. (head for config/initializers/rails_admin.rb)
bundle exec rake db:migrate
More on that in the Wiki
Start the server:
You should now be able to administer your site at http://localhost:3000/admin.
All configuration documentation has moved to the wiki: https://github.com/sferik/rails_admin/wiki
If you have a question, please check this README, the wiki, and the list of known issues.
If you still have a question, you can ask the official RailsAdmin mailing list.
If you think you found a bug in RailsAdmin, you can submit an issue.
Supported Ruby Versions
This library aims to support and is tested against the following Ruby implementations: