my requirement is to create user accounts through admin login. I have installed cancan,devise and rollify but problem is i'm unable to trace how to do. Please help me out.I have to register users by admin login.
All the information you need is at this link:
Adding an Admin Role
When you deploy your application, you can then use the console to create your first Admin, who can in turn create Users via the GUI as per normal in a CRUD Rails application. Make sure that in your Users controller you have a before_filter that checks for admin_signed_in? on the create action (assuming that you have called your Admin role 'Admin' when creating it using rails generate devise Admin on the command line) - this will make sure that only Admins can access the create action in the Users controller. You could also wall off the edit and destroy actions in the same way, but I'm guessing you'd want to allow a User access to those.
Related
I'm building an app which have two user models: user and user_admin, user_admin is provided with activeadmin via devise and user was created with devise too. I created main page, some resources, and admin page, now I want to restrict access to any admin page via cancan. So to summarize:
User is on main page, then go to same other page, devise redirect him to sign_in
after sign in user can browse pages, but if he will want to go on /admin cancan should be give him 404 or give access to admin pages
only if he has admin role, then he must sign in with another
user_admin account.
So how I can describe in ability restriction to admin pages, some problems are:
I don't know where is Admin::DashboardController#index thus I can't check here role and make redirect to 404
Also Active admin is generating dynamically routes so I can't use that either.
How can I make it working?
I'm creating a multi-tenant app using devise and apartment gems. I'm using postgresql database. I've created a few models. 'User' model is in global namespace and it is used for authentication by devise gem. There are some other models (e.g. Project, Setting etc) which are in tenant namespace.
I've followed this tutorial for creating this multi-tenance app: https://gorails.com/episodes/multitenancy-with-apartment?autoplay=1
The multi-tenancy feature is working fine in a sense that if I login to two separate subdomains (e.g. user1.example.com and user2.example.com) from their relevant accounts (e.g. user1#gmail.com and user2#gmail.com) it works fine and I can create unique records for each tenant.
Now, the issue is, I can login to any subdomain using any email and the tenant records would be shown based on the subdomain present in address bar. e.g. I can login with user1#gmail.com at user2.example.com and it will succesfully autheticate and will display records of user2 tenant.
My question is, while logging in how can I check if current user's subdomain matches with the requested subdomain (on address bar), if it matches proceed with authentication and display admin dashboard and if not (logging in from wrong subdomain or from TLD) authenticate the user but redirect him to his relevant subdomain's dashboard. How can I do that?
UPDATE # 1:
I was able to restrict the user login to their specific sub-domain by using minor devise configuration. In devise.rb file I've added :subdomain attribute in the list of authentication keys, so it will also check for correct subdomain value together with email, however I'm not sure how to provide the subdomain value to the login form correctly. I can use a hidden field like this in login form <%= f.hidden_field :subdomain, value: request.subdomain %> but it is hackable as user can change it's value from browser inspector.
UPDATE # 2:
I was able apply a fool proof method to restrict user login to their specific sub-domain. I've followed this method: https://github.com/plataformatec/devise/wiki/How-to:-Scope-login-to-subdomain
Now, my only issue is that user is unable to login from TLD (e.g. example.com), I want it to be possible but after login user must be redirected to their relevant sub-domain with alive session.
Supposing you're saving the subdomain on the User model, you can create a validation in your controller you can use something like:
if user.subdomain == request.subdomain
redirect_to root_url(subdomain: user.subdomain)
else
everything_is_ok
end
If you store your subdomain in your User table and if you check it via request.subdomain then how can someone join the another tenant(company) ? They can be included in more than one company.
That's why, I created 2 middle tables to handle it.
I've user table for all of my users.
I've account table to store subdomains with its creator.
And I've account_permissions to find out who are authorized to where.
So, when user1 comes to user2.example.com, I'm querying to my Account_permissions and if it has permission for user2.example.com, I let it go.
This way seems like sense.
If someone still have a similar problem and is not very expert in ROR, I suggest building the base app first and then making it multi_tenant using that video.
After building your app, you only need to install the apartment gem, then make a model which stores tenants information and then exclude it from being multi_tenanted.
I am building simple image-board type site.
There is no need for registration because users are anonymous.
Problem is that I don't know how to add moderators.
I cant make form for registration because then regular users could register and be able to delete posts.
What you need is a combination of a registration system like Devise to handle your user accounts and an authorization system like Cancan which can establish permissions.
I have a system in place where people need to claim accounts already set in a database by proving that they own the same email address. Every user in the user database has a password generated by Devise using the friendly token, so that people can still just login via omniauth plugins.
The current method I have planned out is to create a separate version of password#new (from Devise) as the 'claim' form, but I'm not too sure where to go from there. Do I have to create a whole new model? or can I just create a PasswordsController and config routes to go to a new view?
I have developed two rails applications app1 and app2, they have their own user controller and model and own ability.rb file and own devise gem. I want all of them share a common user controller and user model and ability.rb file so that anyone irrespective of the application goes through the same authentication system.
In this context I have read the post Rails: Devise Authentication from an ActiveResource call and How to add authentication before filter to a rails 3 apps with devise for user sign up and sign in?. But I am sorry, I could not figure out how to modify their individual routes.rb file so that all the authentication requests redirected to it and I would like to know if I have to make another application for only management of user for that purpose.
You might use omniauth gem to provide one application to manage its users through the second one (like a Facebook connect, for example). This app's sign in action would just be a redirect to the second one's sign in page.
In this case, however, you would have 2 different user tables, which might need synchronization, but for just a simple authentication that could work.