I know how to change the password using devise but I don't know how to create a link to an action for the current admin user. For example adding a link under the email.
Change password
and that would send to an action calling:
send_reset_password_instructions
I can't really find any good documentation for ActiveAdmin, the official site expose some examples but nothing there is really explained. Its unclear where and how things works.
You'll want to look at ActiveAdmin's documentation on custom controller actions. I've accomplished this by creating a "member_action" (a custom controller action which acts upon a single record), and adding an "action_item" to perform it (those are the buttons which appear in the top right when viewing a record). Here's how I make it work:
# in app/admin/admin_users.rb
action_item do
# Link to perform the member_action, "reset_password" defined below
link_to("Reset Password", reset_password_admin_admin_user_path(admin_user))
end
member_action :reset_password do
# Find the user in question
admin_user = AdminUser.find(params[:id])
# Call the method (from Devise) which sends them a password reset email
admin_user.send_reset_password_instructions
# Redirect back to the user's page with a confirmation
redirect_to(admin_admin_user_path(admin_user),
notice: "Password reset email sent to #{admin_user.email}")
end
Related
I have added rails_admin in my application. Now I need to add an additional feature, that is send email to all users from the rails application. How can I add a new view with in rails_admin. Currently I have added a new static menu in rails_admin.rb
config.navigation_static_links = {
'Compose' => '/admin/email'
}
But it is opened in a new tab as a seperate view with no side bar, footer, header etc..
I want to add this feature like dashboard. Please give some useful hints for my issue. Thanks in advance
probably you will need to create what RailsAdmin define as Action for your Admin role and make sure you manage correctly the admin authentication with Devise
You can implement a method that sends email with ActionMailer, I am quoting the solution from Hitham S.AlQadheeb from the following post. Go check his post for more info.
For each call to the mailer method one email is sent in scheduled worker
def calling_method
#users.each do |user|
send_digest(user.email, user.name)
end
end
in user mailer
def send_digest(user_email, user_name)
mail(to: user_email, subject: user_name)
end
You need to create a custom action
https://github.com/sferik/rails_admin/wiki/Custom-action
Based on the dashboard
https://github.com/sferik/rails_admin/blob/master/lib/rails_admin/config/actions/dashboard.rb
And if you want a link to it visible at all times, you will need to override the existing navigation partial on your project.
https://github.com/sferik/rails_admin/blob/master/app/views/layouts/rails_admin/_navigation.html.haml
I want to have an additional layer of authentication by asking for an access code from users who plan to sign up.
Basically, users have to input an access code prior to getting into the sign up page. I was thinking it could be something like schoology's way for students to sign up (https://app.schoology.com/register.php?type=student)
I am using Devise for authentication
I think you should not do this: Adding another layer to registration avoid users from register to your site.
But anyway, if you just want to put a general password for the whole website you could use Http Basic Authentication
Frontend Only solution:
Make a textfield and check the input via javascript. If it matches your code you hide the input field and show the registration form.
With backend:
First put just the password form on the page and in your rails app you need a action in a controller. There you check if the code matches and et a variable like #code_valid = true. In frontend you only display the registration form when the code is valid
# /controllers/pre_signup_controller.rb
.
.
def validate_code
#code_valid = params[:code] == '12345' ? true : false
if #code_valid
redirect_to ///where ever your registration page is
end
end
I have a devise authentication already setup in my application.Now i want to implement second level authentication in rails. i want to hard code the email and password in coding in controllers. i want to compare this email and password with the email and password provided by the user. rather than saving in database and picking for second level authentication.,Because these 5 to 6 links are going to be used by only one person in the company at any point of time. i want to implement this for a 5 to 6 actions in my application in controller. how can i implement this? i checked a gem gem 'devise-authy' but it seems it sends a password to mobile for otp authentication. i dont want otp authentication. i want a second level authentication with the same email as devise email but the password should be different from the devise original password.(like in devise table i want to take one more column second_level_password.) is there any gem for this kind of requirement or is this manually coded. if it is manually coded then how can i do that?
You can use before_action in rails controller.
Add following line of code in your controller.
before_action :second_level_access
private
def second_level_access
#You can use your logic to get password
unless current_user.second_level_password == params[:second_level_password]
# signout to user because user is already logged in with devise.
redirect_to session_path
end
end
EDIT
You can use
attr_accessor_with_default :second_level_logged_in, false
add following line to application controller:
before_action :logged_in_with_second_level, if: 'current_user and !second_level_logged_in'
def logged_in_with_second_level
redirect_to 'second_level_logged_in_form_page'
end
in create action of second_level_logged_in
add code current_user.second_level_logged_in=true
In my web-app I have a typical User-Activation process by e-Mail.
At the moment I have a custom controller action for each step in the activation process, i.e. I've got an action "activate" that more or less simply renders the "register"-page, then I have another action "activation" which is the target action of the actual form on the register page.
I wonder if this is best practice? - right now, I'm on the verge of implementing admin-initiated password resets (admin clicks a link for a password reset on a specific user, the user gets an email with a link to a page where he can set a new password). I would go further, and add 3 more controller actions (one for sending the reset-email, one for the user accessing the reset-page, and one for the action of the actual reset-form).
This seems to clutter up my controller quite a bit and I wonder if this was the "right" way to do it?
thx for any advice
What you are doing is fine - it is not necessary to conform your controller actions to the RESTful actions. REST should only be used if it fits your model, but you shouldn't try to make your model conform to a RESTful architecture unless it makes the interaction easier and intuitive.
It might be best to place these custom actions into their own controllers though, rather than the UsersController. Once you feel that your controller is getting too crowded, it's probably a good idea to move some actions into separate modules or controllers of their own.
class RegistrationController
def activate # perform the activation
..
end
def activation # show the activation page
...
end
end
class PasswordController
def send # send the email
end
def resetter # show the page to reset the password
end
def reset # actually reset the password
end
end
These controller actions could be accessed via custom routes instead of resources.
match 'register/activation' => 'registration#activation'
post 'register/activate' => 'registration#activate'
post 'password/send' => 'password#send'
match 'password/resetter' => 'password#resetter'
post 'password/reset' => 'password#reset'
In order to have a post-registration page, I added a RegistrationsController and method to provide a custom page to tell the user to check their email for the account confirmation link.
def after_inactive_sign_up_path_for(resource)
"/awaiting_confirmation"
end
Is there any way on that page (which is seen by a user who has created an account, but not confirmed it, and not signed in yet) to show the email address they used to create the account.
I'd like the page to say "we just sent a confirmation link to you at useremail#userdomain.com"
But the view for that page cannot display current_user.email because current_user is nil because they have not signed in.
Is there some other devise variable, or session variable, that would contain the registration info that was just created?
here's how we solved it ... it was easy.
modified the one-line controller method in my custom registration controller (shown in my question) to:
"/awaiting_confirmation?email=#{resource.email}"
then in the receiving method for the route /awaiting_confirmation I simply do
#email = params[:email]
and display the #email variable in my view.
You can do this two ways, the first is to display a flash message to the user after the email is successfully sent. You still have access to the users email in a variable there so something like:
:notice => "Email was sent to #{userobject.email}"
Or you could pass this object into the page that you are sending the user to after a signup and using it there.
Another way you could tackle this would be to authenticate the user with a token and then the user would be effectively signed in and you could then use current_user.
For that you would want to look into single use token authentication and devise.