Skip to content

Replace ActiveAdmin with custom admin controllers #837

Open
Open
Replace ActiveAdmin with custom admin controllers#837
@rewritten

Description

@rewritten
rewritten
opened on Mar 26, 2026

Context

Part of #835 (supply chain risk reduction). ActiveAdmin is a large, opaque framework that generates behaviour through a proprietary DSL — hard to audit, hard to extend outside its abstractions, and brings several transitive dependencies (activeadmin, has_scope, select2-rails). The goal is to replace it with a custom admin section that:

  • Lives entirely in the project (an internalised DSL)
  • Uses only gems already present (Bootstrap 5, simple_form, kaminari, devise, pundit)
  • Provides enough shared structure to avoid repetition across the 8 resources
  • Opens a clean path to progressive enhancement with Stimulus/Turbo Frames later

The approach: a namespaced controller hierarchy (Admin::) with shared partials as the visual building blocks, keeping all logic readable and grep-able without knowing a framework.

Existing gems that already cover all needs (nothing new required)

Need Gem Status
Styling bootstrap ~> 5.3.3 ✅ already in Gemfile
Forms simple_form ~> 5.0.2 ✅ already in Gemfile
Pagination kaminari ~> 1.2.1 ✅ already in Gemfile
Auth devise ~> 4.9.1 ✅ already in Gemfile
Authz pundit ~> 2.1.0 ✅ already in Gemfile
CSV import existing service objects ✅ already exist

Gems to remove after migration: activeadmin ~> 3.2, has_scope ~> 0.7.2, select2-rails ~> 4.0.13

Architecture overview

File layout

app/
  controllers/
    admin/
      base_controller.rb          # auth, layout, shared helpers
      concerns/
        csv_importable.rb         # shared upload_csv / import_csv actions
      dashboard_controller.rb
      users_controller.rb
      organizations_controller.rb
      posts_controller.rb
      categories_controller.rb
      transfers_controller.rb
      petitions_controller.rb
      documents_controller.rb
  views/
    admin/
      shared/
        _page_header.html.erb     # title + action buttons
        _filters.html.erb         # filter form wrapper (Bootstrap card)
        _flash.html.erb           # alert/notice banners
        _pagination.html.erb      # kaminari links
        _csv_upload_form.html.erb # shared CSV upload form
      layouts/admin.html.erb      # Bootstrap 5 navbar + main content
      dashboard/index.html.erb
      users/  organizations/  posts/  categories/  transfers/  petitions/  documents/
  assets/
    stylesheets/admin.scss        # brand colour + CSS View Transition rules

Base controller

class Admin::BaseController < ApplicationController
  layout 'admin'
  before_action :authenticate_superadmin!

  private

  def authenticate_superadmin!
    authenticate_user!
    redirect_to root_path, alert: t('not_authorized') unless current_user.superadmin?
  end
end

Reuses existing superadmin? from config/initializers/superadmins.rb.

The internalised DSL — three parts

1. A concern for CSV import (Admin::CsvImportable)
Provides upload_csv / import_csv actions, wired with one line:

class Admin::UsersController < Admin::BaseController
  include Admin::CsvImportable
  csv_importer UserImporter   # existing service object
end

2. Inline filtering — plain ActiveRecord scopes + params, no Ransack (keeps dependency count down):

def index
  scope = User.includes(:members)
  scope = scope.where('email LIKE ?', "%#{params[:email]}%") if params[:email].present?
  scope = scope.where(locale: params[:locale]) if params[:locale].present?
  @users = scope.order(created_at: :desc).page(params[:page])
end

3. Shared partials as visual DSL — every index view reads the same way:

<%= render 'admin/shared/page_header', title: 'Users', new_path: new_admin_user_path %>
<%= render 'admin/users/filters' %>
<table class="table table-sm table-hover"></table>
<%= render 'admin/shared/pagination', collection: @users %>

Plain ERB, no magic, fully grep-able.

Locality of behaviour — modern browser APIs first

Since we can target modern browsers:

  • Native <dialog> for confirmation modals — no Bootstrap modal JS needed
  • Native Popover API (popover + popovertarget) for filter panels and action menus — zero JS
  • CSS View Transitions for smooth page-to-page navigation — zero JS:
@view-transition { navigation: auto; }
::view-transition-old(root) { animation: 120ms ease-out fade-out; }
::view-transition-new(root) { animation: 120ms ease-in  fade-in;  }

Bootstrap 5 JS bundle can therefore be skipped for the admin layout; only Bootstrap CSS is needed.

A Stimulus layer (live filter debounce, in-place toggles, Turbo Frames around results) can be added as a follow-up without changing the architecture.

Resources to migrate

Resource Actions Notes
Dashboard index Stats queries, recent items
User full CRUD + CSV Nested memberships form, without_memberships scope
Organization full CRUD Logo upload (Active Storage), guarded destroy
Post full CRUD + CSV Offer/Inquiry subclass selector
Category full CRUD Icon name field, translations display
Transfer index, destroy + CSV seconds_to_hm formatted amount
Petition index, destroy Guarded destroy (cannot delete accepted petitions)
Document full CRUD Per-locale title + content fields

Routes

namespace :admin do
  root to: 'dashboard#index'
  resources :users do
    collection { get :upload_csv; post :import_csv }
  end
  resources :organizations
  resources :posts do
    collection { get :upload_csv; post :import_csv }
  end
  resources :categories
  resources :transfers, only: [:index, :destroy] do
    collection { get :upload_csv; post :import_csv }
  end
  resources :petitions, only: [:index, :destroy]
  resources :documents
end

Migration phases

  • Phase 1 — Infrastructure: BaseController, layout, admin.scss, routes skeleton
  • Phase 2 — Simple resources: Category, Document, Petition, Transfer
  • Phase 3 — Medium resources: Post (CSV + subclass), Organization (file upload, guarded destroy)
  • Phase 4 — Complex resource: User (nested memberships, scopes, batch destroy, CSV)
  • Phase 5 — Dashboard (stats + recent items)
  • Phase 6Admin::CsvImportable concern + wire up existing importers
  • Phase 7 — Remove activeadmin, has_scope, select2-rails from Gemfile; delete app/admin/; clean up locale files

Verification

After each phase:

  • rails routes | grep admin — expected routes present
  • Browser: superadmin can access, non-superadmin is redirected

After Phase 7:

  • bundle exec rails assets:precompile succeeds
  • Test suite passes
  • grep -r 'active_admin\|ActiveAdmin' app/ config/ returns nothing

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions