My app is built with Devise and sometimes some users report a problem, so I would like to be able so log in with their accounts and see the dashboard (the website in general) as they do (as a regular member).
How to do that with Devise? Is there any feature for this?
Use a field role to define user access. In case of other users just assign as guest. Make a admin role for your user entry. Now instead to logging into others account, create a custom option in dashboard which can be accessed only by admin, provide a option to change users which helps in viewing different dashboards depending on users.
Related
I'm working on a family sharing app, using a Syned Realm, where there will be 1 admin and other members created by the admin.
Admin will be able to set the roles & permissions of other members. Each member can have View/Edit/Add permission tied to them. The admin when signing-up for the app will send out invitations to the email-id's that he wants to invite and will set the necessary permissions for them.
I'd like to know if there is a way to completely handle this from the client side using Realm. From what I've read, the admin should know the User-ID's to be able to set the permission and the other members should know the Admin User-ID to access/edit the shared realm.
Initial thought was to create all the member users by the admin using SyncUser.logIn(). But that causes a problem as SyncUser.logIn() asynchronously log them in to the Realm Object Server which will cause the admin user to logout.
What would be the best approach to do this? Is there a way for the admin to create users without actually logging-in them?
Thanks a lot in advance.
I was wondering if we can allow Admins to add Accounts for the Member Models? with out them having to confirm it if the Admin adds it?
I have two Devise Models
Admins
Members
To Launch the application i want to restrict Registration and Admins will create the Logins for Members from the Admin Scope. When he adds the Member i dont want them to confirm their account but just send a welcome Email may be with the login details.
I don't want them to confirm their account but just send a welcome Email may be with the login details
One way you could do this is by simply writing a new user form, saving the user and manually sending an email. If you are using Devise confirmable, then you must call confirm! on the built object, in order for them to log in.
However, sending a password in plain text is generally speaking a dodgy thing to do. Surely you'd then want to force each user to change their password anyway, for security reasons? As such, I'd recommend going for the more standard approach of Devise invitable - which will send an invitation token to the user, and ask them to set their initial password. You achieve this by calling invite! on the built user object.
Here are two RailsCast videos about Devise, which you may find helpful for further reference and examples:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
Yes you can, just create the object and call confirm on it :)
However, as members will need a password to access their account, it could be nice to email them a link to enter this password, so this link could also confirm the account for you.
IMHO, It's a bad practice to send any password by email, a lot of email servers don't implement any secured protocol, better let your users chose it, with a one-time link
I have finally managed to implement Facebook as an external login provider on my MVC website which seems to be working fine, but I am wondering what is the correct / secure way to allow multiple external login provides to be linked to a single account.
Lets say I login with my facebook ID, no existing account is found with the same email address and my website persists a new account with their email address and their facebook token etc associated.
Next day I login with my Google account, If i check my database for an account which already has a matching email address what should I do?
1) Link this Google account with the existing account automatically and
log them in?
2) Ask the user if they wish to link their google account to the
already existing account we found?
3) Something else?
Thank You.
It is really up to you. But the default provided in the VS2013 template assumes a one to many relationship between your internal user and any external logins. If you retrieve a user with UserManager, you will see a IList for each external provider the user has logged in with.
As they log in with the new provider, you would normally not automatically know the user is associated with another provider's login. When you login it looks up a user via external ProviderKey, so initally would not find any relation to an internal user. At that point you could search users by name, email (with customized user store) and so on to link as needed.
Assuming primary emails registered on facebook and google for example, are verified by them (which they usually are) I don't see any issues on linking them together.
I think the main problem is linking internal account with email that was not verified to be from specific user. If i create an account with email of other user and that email is not verified, when the other user creates an account it associates the data of the first user together and that way both users are using the same account.
Can anyone identify and explain potential flaws for my first claim please?
I am creating a daily deal app.
I am using devise for authentication (sign up/sign in).
I need to have multiple types of users that are not independent but each have a little more "right"s according to the sign up step he is in:
guest user: lowest rights: It's basically just standard visitors visiting the website (but I create an account as soon as they come in order if they sign up to have their history)
user_with_only_email: I changed devise so that users can sign up only by giving their email( no password on the very first step of the sign up process).
user_with_email_and_password: these users have provided password and password confirmation in the 2nd step of the sign up process
confirmed_users: users with email, password and who have confirmed their subscription by clicking on the confirmation email link.
I am using Cancan and Rolify already as I have used the roles: User, Admin, superadmin
I wonder if Cancan and Rolify are well suited for me to implement theses other users roles, given that they are not independent but allow users to have gradual rights. Indeed, I want to be able to say that this page can only be seen starting from the user_with_only_email meaning that all the roles above (user_with_email_and_password and confirmed_users will then of course have access to this page)
Would you say that CanCan and Rolify is made for this and fits my needs? Maybe there are other better tools for this?
Currently we are using devise for our users to login into our site, but we have two devise models. One for users and one for landlords. Right now our users are created atomically when a user opens our iOS app for the first time. When a user goes to create a listing they create another user account called landlords. I need a way to make those into one but keep the current functionality for our iOS app and add the ability to sign in via facebook. Any thoughts or input on how to solve this problem?
Perhaps when a User makes a Landlord account, pass in the user_id, and then transfer all fields to the Landlord user type, then delete the user, or something like that. Alternatively you could set a boolean determining if the user is a landlord.
For facebook, use omniauthable with Devise. The example is for facebook https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview