RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data.
RailsAdmin::Config::Fields::Types::Serialized#parse_input
was unsafe, because it was using the infamous YAML#load
.
To fix this, RailsAdmin now uses safe_yaml, with enable_arbitrary_object_deserialization
and suppress_warnings
on, for maximum compatibity with all existing apps.
Incidentally, if you want to safely load YAML in your own app, you can use YAML.load(something, safe: true)
, since RailsAdmin does not force safe load by default (you might be parsing objects in YAML coming from a safe source).
If you use Serialized with RailsAdmin with non-totally-trusted users, your server is at risk. Update your gem to > 0.4.3
(should be released any time soon) or to at least this patched commit if you use master~HEAD
Rails3.0 and other non-maintained branches may be at risk too, I strongly advise against using those any longer.
More information about the whole drama here.
- Display database tables
- Create new data
- Easily update data
- Safely delete data
- Custom actions
- Automatic form validation
- Search and filtering
- Export data to CSV/JSON/XML
- Authentication (via Devise)
- Authorization (via Cancan)
- User action history (internally or via PaperTrail)
- Supported ORMs
- ActiveRecord
- Mongoid [new]
Take RailsAdmin for a test drive with sample data. (Source code.)
In your Gemfile
, add the following dependencies:
gem 'fastercsv' # Only required on Ruby 1.8 and below
gem 'rails_admin'
Run:
bundle install
And then run:
rails g rails_admin:install
This generator will install RailsAdmin and Devise if you don't already have it installed. Devise is strongly recommended to protect your data from anonymous users. Note: If you do not already have Devise installed, make sure you remove the registerable module from the generated user model.
It will modify your config/routes.rb
, adding:
mount RailsAdmin::Engine => '/admin', :as => 'rails_admin' # Feel free to change '/admin' to any namespace you need.
Note: The devise_for
route must be placed before the mounted engine. The following will generate infinite redirects.
mount RailsAdmin::Engine => '/admin', :as => 'rails_admin'
devise_for :admins
This will resolve the infinite redirect error:
devise_for :admins
mount RailsAdmin::Engine => '/rails_admin', :as => 'rails_admin'
See #715 for more details.
It will also add an intializer that will help you getting started. (head for config/initializers/rails_admin.rb)
Finally run:
bundle exec rake db:migrate
Optionally, you may wish to set up Cancan, PaperTrail, CKeditor, CodeMirror
More on that in the Wiki
Start the server:
rails server
You should now be able to administer your site at http://localhost:3000/admin.
All configuration documentation has moved to the wiki: https://github.com/sferik/rails_admin/wiki
If you have a question, please check this README, the wiki, and the list of known issues.
If you still have a question, you can ask the official RailsAdmin mailing list.
If you think you found a bug in RailsAdmin, you can submit an issue.
This library aims to support and is tested against the following Ruby implementations: