Controllers filters added to BaseController instead of ResourceController

[yorch]

In my application, I'm using the before_filter to check if the user is an admin or not (same model for the all the users, but only admin can access the backend/activeadmin). The problem I had was that even non-admin users could access to the dashboard (only the dashboard, not the rest of the admin site) and that's because the before_filter was not applying to it.

So now, the before filter configured on the ActiveAdmin configuration is applied to the BaseController instead of only ResourceController.

[jpmckinney]

You need to update some tests so that they pass before we can merge this. See the Travis build failures.

[yorch]

Sorry about that.. Done.
Thanks.

[jpmckinney]

Awesome. Merged!

[pcreux]

👍

[ddonahue99]

Just ran across this as well, same exact problem with checking if the user is an admin. Thanks for the fix. Should probably release this soon, big security hole here!

[jpmckinney]

You can use HEAD with:

gem 'active_admin', :git => 'https://github.com/gregbell/active_admin.git'

[ddonahue99]

Already done. :) Just looking out for other people who aren't aware of the issue - glad I had a test for it.

[fabianoalmeida]

Is this PR up to date in 0.5.0 version?

[jpmckinney]

No, it came after 0.5.0.

[fabianoalmeida]

@jpmckinney could you help me? I have this route configuration and I'm not getting access "/admin" path. Always redirect to root_path with a log message:

Started GET "/admin" for 127.0.0.1 at 2012-10-04 15:41:36 -0300
Processing by Admin::DashboardController#index as HTML
Completed 401 Unauthorized in 1ms

And I don't know why. This patch solves my "issue" or I'm making some mess? Thanks in advance!

[jpmckinney]

I'm not sure. Can you create a new issue? Maybe the ActionDispatch::Routing::Translator line is interfering?

[fabianoalmeida]

Thanks @jpmckinney! I created a new issue #1711.