jump to navigation

Simple_admin met a Pieman November 7, 2008

Posted by dougmcinnes in Code, Plugins & Gems, Rails, Rake, Ruby.
Tags: , , , , ,
3 comments

Simple_admin is a Ruby on Rails plugin I created at the Los Angeles Times that morphed into a collabrative effort between Dewey, Reid and myself as it traveled between projects and functionality was added.  I’ve just released it to our latimes github account: http://github.com/latimes/simple_admin/tree/master

The basic premise is to give a simple way of managing login usernames and passwords without a database.  The data is stored in a YAML file in the application with the passwords encrypted by String’s crypt() method.

To add users to the file there’s an included rake task: admin:add_user.  The username and password are passed as parameters:

rake admin:add_user username=mrwalrus password=mahbukkit

Rake will append the user to the login.yaml file or create a new one.  The default location for this file is config/admin/login.yml but can be overridden by setting the LOGIN_FILE environment variable in your application.  If you set the LOGIN_FILE differently in your different rails environment files you can have different usernames and passwords for development and production.

There’s also a rake task for adding multiple users at the same time from a text file list, giving them all random passwords.

To get the plugin to actually use Basic HTTP authentication to ask for usernames and passwords add this to your application controller:

include SimpleAdmin
before_filter :check_basic_http_credentials

Like all filters you can add conditions:

before_filter :check_basic_http_credentials, :only => :login

When including SimpleAdmin in your controller you also get access to the authenticate(username, password) method which can be used for custom login pages.  For example:

def login
  if authenticate(params[:username], params[:password])
    session[:admin] = true
    redirect_to main_page
  end
end

Also included in the plugin is some code for marking different servers as “admin” servers and a way for a rails application to check to see if he’s an admin or not and change its behavior.  We used this on one application running on multiple boxes so we could turn off page caching on the admin-marked boxes so the administration WYSIWYG pages wouldn’t be cached and sent to non-admin users (that would be a big oops).

Advertisements