I am building simple image-board type site.
There is no need for registration because users are anonymous.
Problem is that I don't know how to add moderators.
I cant make form for registration because then regular users could register and be able to delete posts.
What you need is a combination of a registration system like Devise to handle your user accounts and an authorization system like Cancan which can establish permissions.
Related
I have implemented the devise+patreon gem in my Rails application without issues. Now, devise requires an email/password by default when creating a User, but Patreon just uses the oauth integration.
I am wondering, what is the proper strategy to use so that I can migrate the Patreon Oauth users as Devise users, without having to set dummy passwords/emails to allow for validation to go through. I still want to eventually allow users to register via Devise natively, as well as through Patreon.
Is there maybe a known strategy/gem/addition for devise that I may have missed that can easily achieve that?
You can retrieve the user email and a lot of other infos (see here) about the user in the login call to patreon's services, but password will remain unknown, you can't just copy & paste a User.
I have a Rails application with devise-like authentication and a lot of parts that depend on it. Now I want to add a chat between users using ejabberd (xmpp). I was searching through net and found that it's quite possible, but I can't understand how to make authorization in ejabberd server. For example user logins in a Rails app through login page with one credentials how to implement ejabberd loggining in this action? It will not be good to write like "please, put your user pw and ejabbered pw". Other way is to monkey-patch users registration, so ejabbered will use the same pw as user in the database and I will make authorization in one action, but will it be good? And how long user will be online in this way? Maybe I misunderstood something?
I've used rails extauth script like this https://github.com/geoiq/digitalgazette/blob/master/mods/chat/files/ejabberd-auth.rb and ruby_bosh gem for my application.
So now ejabberd is using my app to authenticate users. At login (for example) user's jid and password is using by ruby_bosh to make session and get jid, rid and sid saving them to session to use them later in a strophejs.
I use Devise to do the oauth with Github for my users. On login we ask for two basic scopes (for regular users) but if a user wants to perform some action (like setting up a new github organization in our product) we need to require some other scopes in addition to the ones we asked already.
I got it working for the most part the question is about how to better put everything together. This is the timeline of events:
User login (scope email)
User wants to perform setup action (POST /organizations)
in POST /organizations we check for the scopes of the current user and redirect to github to ask for the extra permissions if needed
User accepts the permissions and we get the oauth callback in the callbacks controller.
What I want is to continue with the process have at POST /organizations but the callback is in a different controller (obviously).
I've looked into omniauth.origin but that will only work for a GET redirect and this is a POST.
Any ideas how to better structure a solution for this?
Thank you!
my requirement is to create user accounts through admin login. I have installed cancan,devise and rollify but problem is i'm unable to trace how to do. Please help me out.I have to register users by admin login.
All the information you need is at this link:
Adding an Admin Role
When you deploy your application, you can then use the console to create your first Admin, who can in turn create Users via the GUI as per normal in a CRUD Rails application. Make sure that in your Users controller you have a before_filter that checks for admin_signed_in? on the create action (assuming that you have called your Admin role 'Admin' when creating it using rails generate devise Admin on the command line) - this will make sure that only Admins can access the create action in the Users controller. You could also wall off the edit and destroy actions in the same way, but I'm guessing you'd want to allow a User access to those.
I have developed two rails applications app1 and app2, they have their own user controller and model and own ability.rb file and own devise gem. I want all of them share a common user controller and user model and ability.rb file so that anyone irrespective of the application goes through the same authentication system.
In this context I have read the post Rails: Devise Authentication from an ActiveResource call and How to add authentication before filter to a rails 3 apps with devise for user sign up and sign in?. But I am sorry, I could not figure out how to modify their individual routes.rb file so that all the authentication requests redirected to it and I would like to know if I have to make another application for only management of user for that purpose.
You might use omniauth gem to provide one application to manage its users through the second one (like a Facebook connect, for example). This app's sign in action would just be a redirect to the second one's sign in page.
In this case, however, you would have 2 different user tables, which might need synchronization, but for just a simple authentication that could work.