Wednesday, 8 October 2014

Custom routing for restricting sidekiq pages in rails.

After integrating sidekiq with rails . It provides the web access to manage the processes/jobs . User can view Scheduled jobs from "Scheduled" tab.

Here is the screenshot of the sidekiq page.  This will be more easier to understand with this page.


Here we can see the jobs are being listed in the table. These jobs are in queue to be scheduled.

These listed jobs have some individual checkbox to select each jobs. We can delete the jobs at any point. Also deschedule from the site . Below is the "Delete" button to delete the jobs .


If we will view it to pubic it will be miss-utilized.

What we can do?

We can restrict the url from routes. Below is the routes for sidekiq.

require 'sidekiq/web'

Myapp::Application.routes.draw do
     mount Sidekiq::Web, at: '/sidekiq'
end

This is the general route for sidekiq. All the routes are generated from the same route configurations.

If we will do  $rake routes   in our rails console, we will get the following routes
 sidekiq_web     /sidekiq           Sidekiq::Web

How to restrict?

Example 1-

We can use a lambda call for the specific user group or emails. For example :

authenticate :user, lambda { |u| u.is_super_admin? || u.email == 'your@email.com'} do
    mount Sidekiq::Web, at: '/sidekiq'

end

Here it is restricting through the user group as if the user is super admin then it will show to the user.
Also it can be opened to a specific user email.

Example 2

Through Restful Authentication

Checks a User model instance that responds to admin?

#lib/admin_constraint.rb
class AdminConstraint
    def matches?(request)
        return false unless request.session[:user_id]
        user = User.find request.session[:user_id]
        user && user.admin?
    end
end

#config/routes.rb
require "admin_constraint"
mount Sidekiq::Monitor::Engine => '/sidekiq', :constraints => AdminConstraint.new



Also we can follow all the examples explained in
 Sidekiq wiki : https://github.com/mperham/sidekiq/wiki/Monitoring

Thanks :)

No comments:

Post a Comment