Hey there I am using devise authentication for my rails app and I am aware that I can use the helper current_user to access current user in my model or controller. Where I am lost is how can I find the site_id that a user owns. If i look in the active records I can see the users site id. Also I am using the subdomains app from github so my code is identical at the moment.
How can I create a method that tells rails to get the users site_id that is logged in?
You said that the user model has a site_id attribute, and current_user returns a user model, so by the transitive property, current_user should have a site_id attribute, right?
Apparently you can also access the site object itself by using current_user.site.
Related
How do you allow a user only being able to access a controller action only if he had accessed another controller.
For example, i have a set of Products which will go to NumberController ('new' action) - i prevent the anonymous to go to the new action in the NumberController, directly and only allow the anonymous user coming form the Products page which the anonymous user had selected before that.
One solution that i had read is that you can use session cookies to disallow the user to access the new action in the NumberController and the other is using scoped query for example:
Product.find(params[:id]).Number.find(params[:product_id])
or something similar and use nested resources. Any ideas?
This answer posted on this question:
Authorizing non-logged-in user behavior in rails with cancan and devise
illustrates how you can handle anonymous (not logged in) users with CanCan authorization. It's fairly straightforward.
Also, importantly, CanCan is currently fairly out of date. CanCanCan (https://github.com/CanCanCommunity/cancancan) is a fairly drop-in replacement for CanCan that's being actively maintained, works with Rails 4, etc. It will handle your anonymous user issue just fine.
Have you try cancan and rolify.
you could use them to set a role for a user so will be able to verify if this user have a role (admin) to access this action...
In admin section, I'm showing a list of currently logged in users.
Now admin can select one or more user/users and destroy their session(logout them).
I'm not able to figure where to start from,please help me.
You can use the sign_out method in the controller action by passing in the user object:
# Make sure only admins can do this
def sign_out_user
#user = User.find(params[:id])
sign_out #user
end
More info here:
http://rubydoc.info/github/plataformatec/devise/master/Devise/TestHelpers%3asign_out
Considering users is the collection of your required users,
for user in users
sign_out user
end
It should solve your issue.
Hope it helps :)
The sign_out method provided by Devise won't help. I know the documentation says that it will logout the "resource" you requested, but if you dig into the gems themselves (devise and warden) you'll find that when you give it an object, like a user, it merely figures out what scope (ie, :user) that object belongs to, and it logs out that entire scope.
A scope in Devise is a namespace for logins. You might have a Customer model that requires logins, but also a Vendor model that also requires logins, and you'd use different scopes for those. Most applications only use a single scope, tied to the User model.
You're probably using :cookie_store for your session storage, which is the Rails default. In this case, it isn't possible to log out any single user except yourself. Devise stores your login info in the session, which is stored in a cookie, and not in your database. Their browser has the credentials, so you can't directly remove that.
I am working on a new rails 3 application. In this application I have 2 different types of resources(admin and garage) both with different views and with 2 different login screens using devise. The admin can create a garage and can generate a password for the garage using which the garage manager can login to the application. Till now I am able to implement this.
One problem that I am facing in the above implementation is that the garage manager, once logged in, is able to view the admin section by changing the url in the browser and can make changes like an admin user.
Now what I am trying to implement is to have a single log in/sign in form for both the models and when someone logs in, depending on their model type they should be redirected to their respective views. Also, I would like to restrict all the users but admin from using the admin section.
What should be my approach to implement this. I am using devise for authentication.
resource is an instance of one of your models here:
def after_sign_in_path_for(resource)
return admin_route_path if resource.is_a?(Admin)
return garage_route_path if resource.is_a?(Garage)
end
resource is a symbol of the model name here:
def after_sign_out_path_for(resource)
return "/admin" if resource == :admin
return "/" if resource == :garage
end
Normally goes in application_controller.rb
One problem that I am facing in the above implementation is that the garage manager, once logged in, is able to view the admin section by changing the url in the browser and can make changes like an admin user.
As for this, it's an authorization problem and not an authentication problem. Though you can do some simple stuff within devise to manage this, like an admin flag or something of that nature so you can differentiate the two. Just redirecting won't solve this issue entirely.
Take a look at cancan, declarative authorization and I'm sure there are many others.
Is there a way to include the logged in user in rails logs? I am using devise and graylog2, the latter of which I assume is inconsequential to the answer.
Devise provides a current_user helper in the controller which can be used to access the currently signed-in user.
Assuming the user model has a name attribute, you can do the following:
::Rails.logger.info "The currently logged-in user is #{current_user.name}"
Is there any way to use devise's controller helpers in model namely user_signed_in? I have tried adding the following line to my user model, but that doesn't seem to work:
include Devise::Controllers::Helpers
More specifically, I want users to be allowed to be created without password, for which I am implementing the method 'password_required?'. In that method I want to check (before creating the user) if another user is creating that user, or weather he/she is signing up. Any help would be much appreciated.
You cant access controller helper within the model. however you can build an association between users that would allow you to create users on behalf of one another
take a look at rbates screencast on how to implement it
http://railscasts.com/episodes/163-self-referential-association