I'm using devise for authentication on Rails 3.1. Users are to be registered by administrators on my site (it's a site internal to a school, unknown people should not register.) Each user is alloted a role (Eg, student, teacher, admin, resource_person) on registration, and this role is used for authorizing activities.
Now I don't want the user to be able to edit their role, hence it's not placed under attr_accessible. Because of this, I'll have to manually set the role from the parameters when registering a user. Is there any simple way to do this with devise, or must I create a custom controller that inherits from the devise registration controller?
Assuming you simply want to be able to manage users as an admin, I think the best way is to simply create a CRUD interface for your users model (https://github.com/plataformatec/devise/wiki/How-To:-Manage-users-through-a-CRUD-interface).
If you want users to be able to manage some of their model (e.g. password changing), simply authorize them according to their role.
Related
I am trying to create an app which has two different types of devise users, individuals and businesses. How can I achieve this, knowing that devise gives me separate routes for each model( both will login with email and password?)
You can create your own route for logging the users in. Devise has a method for signing in a user that you can use from your controller sign_in (ref).
sign_in(User.find(params[:id]), scope: :user)
An alternative would be to create roles for your users. Every user is the same (instance of User), but they could have different roles. Depending on use case, you could give users a "current role" so that they could switch roles when needed.
Roles in your case would be "business" and "individual". You could add in "admin" for yourself.
I have a User table where i store user information and i have a Role table where i store the roles. The associations of the tables is : User can have just one role, and roles can have more than one User.
I have my controller where i have actions like "create, new, update, delete". I want to use authorization for these actions. For example admin can do everything, a simple user can just read etc. Im very new in RoR, can somebody tell me how to permit/restrict access to specific pages/actions based in roles.
Thanks in advance
The CanCanCan gem is designed for this task.
I would also recommend considering the gem Devise for user authentication, rather than rolling your own solution.
I'm building a service on Rails using Devise which requires an 'admin' user to add regular users to their organization account.
The default behaviour of Devise doesn't support this, as the ':require_no_authentication' method is called when a logged in admin user tries to create a regular user account.
What would be the recommended method of achieving the functionality I am looking for?
:require_no_authentication is called by prepend_before_filter in the
Devise::RegistrationsController class, rather that in one of the
RegistrationsController methods, so I do not know if this can be
overridden (correct me if I'm wrong).
I believe separating the admin users from the regular users would
work, however these users will share very similar properties, so I
believe doing this will add unnecessary repetition.
I am currently trying to create new admin users (who in turn create
the organization that regular users belong to) using the regular
Devise sign up flow with 'users#new' and 'users#create' controller
actions, and allowing admins to add new users through a 'users#add'
action.
If there is perhaps another good user authentication gem that would better suit my needs, I would be happy to take a look at switching to that.
This seems to be more of an authorization problem than an authentication problem. You can use an authorization gem, such as cancan, to assign roles to users (such as admin) and grant abilities to those roles. This works really well alongside Devise. Here's a tutorial:
http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/
EDIT: I think I may have misunderstood your problem. Maybe what you need is just another controller to handle the creating of users outside of the Devise controllers. You could use cancan to restrict access to this controller to only admins.
I am new to rails and am wanting to make a training scheduling app. I need a user management system and am sure one exists as a gem but I cannot seem to find one with all of these needed features.
Multiple access levels (User, Trainer, Manager, Admin)
No user signup (Trainer, Manager, Admin will create accounts and the information will be emailed to users)
User groups (User, Trainer, Manager) belong to groups and can only manage users in those groups. Admin can manage anyone in any group.
Users can change details on their account and change their passwords.
Admins can determine how users will login (custom field, username, email)
Can use a mysql database
Is there any current gems out there with all this functionality or will a custom one need to be created?
You're combining two concepts here, user authentication and role-based access control. Consider using devise for authentication as it's quite configurable (you can disable the sign_up route and only allow sign_in, for example), and something like cancan for rbac.
Also, do you really need to allow admins to determine how users will login? Consider just settling on one method to start with, and adding this functionality later if it's a real priority.
I have a rails app with authentication already set up using Devise. I'm adding CanCan and Role_Model. Adding abilities seems easy enough. However I'm unsure where to store the user's role. Should I:
Add a column in the user db table for role?
Add a separate table or tables for role and role_user?
Add the role somewhere else?
This depends on how roles will be implemented in your application.
If roles will be inherited, for example admin < registered user < guest, meaning that admin is able to do everything reg. user and guest are capable of (and so on) then you may want to only add a single role field on a common user model.
If "actions" in your app a tied to a special roles that do not inherit permissions (unlike above), i.e. you need to have multiple roles on admin in order to do some common interaction with application (like guest does), then you need a join table, populated with user_id, role_id pairs.
I personally prefer the first option.