search

TrestleAdmin / trestle-auth

Authentication plugin for the Trestle admin framework
https://trestle.io
GNU Lesser General Public License v3.0
53 stars 22 forks source link

A way to validate roles and stop the login using existing Users table #43

Open jakegiangankoda opened 2 years ago

jakegiangankoda commented 2 years ago

Hello, I'm currently using Trestle Auth to basically provide a login layer for my admin, and to allow updating users table thatw was already managed by devise gem

as of now, i'm also using the said users table to also serve an admin account distinguishable by a role column, and manage them with an enum

enum role: { user: 1, admin: 2 }

currently I'm trying to make a logic using the current_user instance when the login succeeds.. but i can't seem to find the right way to prevent the login from happening if the current_user isn't the right role..

the code below is my current implementation that isn't working as i intended at all..

the current_user.role conditionals gets performed smoothly and if the user is an admin it goes to the index but if the user isn't an admin idk what or how should i prevent the user from using the admin panel at all, which is the thing i'm currently trying to implement is to prevent unauthorized/non admin users from coming in the trestle app

config.auth.redirect_on_login = -> {
    if admin = Trestle.lookup(Trestle.config.auth.user_admin)
      if current_user.role == 'admin'
        Trestle.config.path
      end
      if current_user.role == 'user'
        # kick the user back to login page, and clear the token
      end
    else
      Trestle.config.path
    end
  }