-
Notifications
You must be signed in to change notification settings - Fork 178
How To: Secure Trestle with Devise
Nathan Colgate edited this page Feb 1, 2019
·
6 revisions
Create a lib/trestle-devise/controller_methods.rb
file. Add the following contents, customizing the before_action(s) to suit your particular needs:
module Trestle
module Auth
module ControllerMethods
extend ActiveSupport::Concern
included do
before_action :authenticate_user!
before_action :require_president!
end
protected
def require_president!
redirect_to root_url, alert: "Only the president is authorized to access this area" unless current_user.roles?(:potus)
end
end
end
end
Add the following to your config/initializers/trestle.rb
file:
Trestle.configure do |config|
# Optional, but it is always nice to give folks the option of
# logging out:
config.hook("view.header") do
render "admin/header"
end
# ...
end
require 'trestle-devise/controller_methods'
Trestle::ApplicationController.send(:include, Trestle::Auth::ControllerMethods)
Optionally, add the custom header that allows folks to log out of devise app/views/admin/_header.html.haml
:
%p{style: 'padding-top:15px;'}
= link_to destroy_session_path(:user), :method => :delete do
%i.fa.fa-sign-out
Logout
Restart your server.