后台

app/models/user.rb

@@ -6,7 +6,7 @@ class User < ActiveRecord::Base
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable
   # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :nickname, :role_id, :regip, :lastloginip, :viewnum, :onlinetime, :credit1, :credit2, :credit3, :credit4, :credit5, :credit6, :credit7, :credit8
+  attr_accessible :email, :password, :password_confirmation, :remember_me
   
   has_attached_file :avatar, :styles => { :middle => ["120x120#", :png], :small => ["48x48#", :png] }, :default_url => lambda { |avatar| "http://www.gravatar.com/avatar/#{Digest::MD5.hexdigest(avatar.instance.email.strip.downcase)}?size=#{120}" }
   

config/application.rb

@@ -48,7 +48,7 @@ module MycardServerHttp
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = false
 
     # Enable the asset pipeline
     config.assets.enabled = true

config/environments/development.rb

@@ -23,7 +23,7 @@ MycardServerHttp::Application.configure do
   config.action_dispatch.best_standards_support = :builtin
 
   # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
+  # config.active_record.mass_assignment_sanitizer = :strict
 
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)

config/initializers/rails_admin.rb

 #encoding: UTF-8
 RailsAdmin.config do |config|
   config.main_app_name = Proc.new { |controller| [ "Mycard", "管理中心 - #{controller.params[:action].try(:titleize)}" ] }
-  config.authenticate_with &:authenticate_admin!
+  class FakeUser
+    def self.username
+      'admin'
+    end
+
+    def self.email
+      'zh99998@gmail.com'
+    end
+  end
+
+  RailsAdmin.config do |config|
+    config.current_user_method do
+      authenticate_or_request_with_http_basic do |username, password|
+        p username, password, username == "admin" && password == "mycard.web"
+        username == "admin" && password == "mycard.web"
+      end
+      FakeUser
+    end
+    config.authenticate_with{}
+  end
 end
\ No newline at end of file