RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data.
RailsAdmin no longer controls field visibility regarding attr_accessible status, nor uses role on mass assignment. See discussion here.
They are configured by field type, not through Text field's extra options. For detail, see CKEditor, CodeMirror, Wysihtml5 in Wiki.
RailsAdmin::Config::Fields::Types::Serialized#parse_input
was unsafe, because it was using the infamous YAML#load
.
To fix this, RailsAdmin now uses safe_yaml, with enable_arbitrary_object_deserialization
and suppress_warnings
on, for maximum compatibity with all existing apps.
Incidentally, if you want to safely load YAML in your own app, you can use YAML.load(something, safe: true)
, since RailsAdmin does not force safe load by default (you might be parsing objects in YAML coming from a safe source).
If you use Serialized with RailsAdmin with non-totally-trusted users, your server is at risk. Update your gem to > 0.4.3
(should be released any time soon) or to at least this patched commit if you use master~HEAD
Rails3.0 and other non-maintained branches may be at risk too, I strongly advise against using those any longer.
More information about the whole drama here.
- Display database tables
- Create new data
- Easily update data
- Safely delete data
- Custom actions
- Automatic form validation
- Search and filtering
- Export data to CSV/JSON/XML
- Authentication (via Devise)
- Authorization (via Cancan)
- User action history (internally or via PaperTrail)
- Supported ORMs
- ActiveRecord
- Mongoid [new]
Take RailsAdmin for a test drive with sample data. (Source code.)
In your Gemfile
, add the following dependencies:
gem 'fastercsv' # Only required on Ruby 1.8 and below
gem 'rails_admin'
Run:
bundle install
And then run:
rails g rails_admin:install
This generator will install RailsAdmin and Devise if you don't already have it installed. Devise is strongly recommended to protect your data from anonymous users. Note: If you do not already have Devise installed, make sure you remove the registerable module from the generated user model.
It will modify your config/routes.rb
, adding:
mount RailsAdmin::Engine => '/admin', :as => 'rails_admin' # Feel free to change '/admin' to any namespace you need.
Note: The devise_for
route must be placed before the mounted engine. The following will generate infinite redirects.
mount RailsAdmin::Engine => '/admin', :as => 'rails_admin'
devise_for :admins
This will resolve the infinite redirect error:
devise_for :admins
mount RailsAdmin::Engine => '/rails_admin', :as => 'rails_admin'
See #715 for more details.
It will also add an intializer that will help you getting started. (head for config/initializers/rails_admin.rb)
Finally run:
bundle exec rake db:migrate
Optionally, you may wish to set up Cancan, PaperTrail, CKeditor, CodeMirror
More on that in the Wiki
Start the server:
rails server
You should now be able to administer your site at http://localhost:3000/admin.
All configuration documentation has moved to the wiki: https://github.com/sferik/rails_admin/wiki
If you have a question, please check this README, the wiki, and the list of known issues.
If you still have a question, you can ask the official RailsAdmin mailing list.
If you think you found a bug in RailsAdmin, you can submit an issue.
This library aims to support and is tested against the following Ruby implementations: