Security Check Configuration

This plugin allows you to configure security check for both view and update access. Default security check is to allow both view and update access in development mode and restrict both view and update access in any other environment.

Given below are some example security rules you could use as a starting point for your application.

Note that whatever changes you make to the security checks, if you are in development mode you will have access to the admin_data pages.

Default security.

AdminDataConfig.set = {
  :is_allowed_to_view => lambda {|controller| return true if Rails.env.development? },
  :is_allowed_to_update => lambda {|controller| return true if Rails.env.development? }
}

Customizing security for view and upate

Put the following lines of code in an initializer at ~/config/initializers/admin_data_settings.rb .

AdminDataConfig.set = {
  :is_allowed_to_view => lambda {|controller| controller.send('logged_in?') },
  :is_allowed_to_update => lambda {|controller| controller.send('admin_logged_in?') }
}

In the above case application_controller.rb must have two method logged_in? and admin_logged_in? .

View security permission on per model basis

Previous section discussed customizing view and update security. It means either a user has view permission or not. However there are cases when you want to allow a particular user to have view access to ‘/admin_data’ but you do not want to expose certain models. That can be accomplished by configuring security in following manner

AdminDataConfig.set = ({
  :is_allowed_to_view_model => lambda {|controller| 
    controller.klass.name == PhoneNumber.name ?  false : true
   }
})

In this case use will be able to see all the models except the model called ‘PhoneNumber’. The proc has access to controller and the controller has access to klass. You can use that information to configure security as per your needs.