Ent Web UI
Hamed Asghari edited this page Jul 7, 2023
·
6 revisions
Sidekiq Enterprise 1.5.0+ allows for user-defined authorization within the Web UI; you can define rules for whether a given request is allowed to proceed or not.
You define custom authorization logic at the top of your config/routes.rb, like so:
require 'sidekiq-ent/web'
Sidekiq::Web.authorize do |env,method,path|
# env == the Rack env for this request
# method == 'GET', 'POST', 'DELETE', etc
# path == env['PATH_INFO']
user = nil # you'll need to define how you get access to the current user
# non-admins only allowed read-only GET operations
method == 'GET' || user.admin?
end
...Your authentication library will determine how you get access to the current user. If you use a popular authentication library like Devise, Warden, Sorcery, etc, feel free to update this wiki page with how you access the current user.
require 'sidekiq-ent/web'
Sidekiq::Web.authorize do |env,method,path|
session = env['rack.session']
warden_key = session['warden.user.user.key']
return false unless warden_key && warden_key[0] && warden_key[0][0]
user = User.find warden_key[0][0]
user && user.admin?
end
...require 'sidekiq-ent/web'
Sidekiq::Web.authorize do |env, method, path|
user = env[:clearance].current_user
user && user.admin?
end