5

I was following the Blog Tutorial of Padrino and now I'm faced with the problem that I have two apps: Admin, App and I don't know how to access the authenticated account coming from Admin inside App. For example, inside views/posts/show.haml I want to be able to use the logged_in? helper, but it's always returning false as I suspect the access to the current_account variable has to be done in some other way. What am I missing?

# admin/app.rb
 module MyCompany
  class Admin < Padrino::Application
    use ActiveRecord::ConnectionAdapters::ConnectionManagement

    register Padrino::Mailer
    register Padrino::Helpers
    register Padrino::Admin::AccessControl

    set :admin_model, 'Account'
    set :login_page,  '/sessions/new'

    enable  :sessions
    disable :store_location

    access_control.roles_for :any do |role|
      role.protect '/'
      role.allow   '/sessions'
    end

    access_control.roles_for :admin do |role|
      role.project_module :posts, '/posts'
      role.project_module :accounts, '/accounts'
    end

    # Custom error management
    error(403) { @title = "Error 403"; render('errors/403', :layout => :error) }
    error(404) { @title = "Error 404"; render('errors/404', :layout => :error) }
    error(500) { @title = "Error 500"; render('errors/500', :layout => :error) }
  end
end

# app/app.rb
module MyCompany
  class App < Padrino::Application
    use ActiveRecord::ConnectionAdapters::ConnectionManagement

    register SassInitializer
    register CompassInitializer
    register Padrino::Mailer
    register Padrino::Helpers
    register Padrino::Assets
    register Padrino::CSRF

    configure :production do
      set :js_compressor, Uglifier.new(mangle: false)
      set :css_compressor, :yui
      set :precompile_assets, [/^\w\.(?!(?:css|js)$)/i]
    end
    configure :test do
      set :raise_errors, true
      set :show_exceptions, false
    end

    enable :sessions
    enable :prevent_request_forgery

    # Don't blow up when we can't find something
    error ActiveRecord::RecordNotFound do
      halt 404
      render 'errors/404'
    end

    error 404 do
      render 'errors/404'
    end

    error 500 do
      render 'errors/500'
    end

  end
end


UPDATE:

In the end, I found a workaround which consist in overriding the session_id, by sharing the same value for both apps, so that helper methods find the same logged in account:

Padrino.configure_apps do
  enable :sessions
  set :session_secret, 'mycustomsessionsecret'
  set :protection, :except => :path_traversal
  set :protect_from_csrf, true
  ## here starts the change, I assume first_app to be 'Admin'
  first_app = Padrino.mounted_apps.first
  if first_app
    set :session_id, "#{first_app.app_obj.session_id}"
  end
end

Every app dealing with authentication helpers must include this module:

register Padrino::Admin::AccessControl

If there's a better solution, I'd be glad to hear it, but this works for me.

lmerino
  • 173
  • 2
  • 11
  • Interesting question I have never heard of anyone trying to pass authentication across applications. Seems like it might be easier to implement administration inside the `App` instead? I guess you could do some kind of basic authentication when crossing the lines so that `App` knows you are authenticated but this seems cumbersome. – engineersmnky Jul 30 '14 at 13:15
  • I see, but it's something that may apply to multiple simple cases. I can think of a direct example: an Edit link button in every 'post' that is shown to logged_in? editors/admins. – lmerino Jul 30 '14 at 13:21
  • Yes but this would usually be implemented inside the same application with different classes or user types for `Admin` and `Editor`. I have never seen someone try and create 2 interactive Applications in this manner. `Admin` does not need to be its own application just a specific class for admins. Then you can just check `current_user.is_admin?` or something to that affect. – engineersmnky Jul 30 '14 at 13:28
  • Dear engineersmnky, sharing authentication is a legitimate problem if you are sharing models between your apps. And it's not wrong or uncommon to do if you want an additional abstraction layer for your project, like several connected applications or an API section. – ujifgc Jul 31 '14 at 13:12
  • Btw I found it works out-of-the box with padrino-warden (as explained in their README). – Felix Sep 04 '14 at 19:00

0 Answers0