I'm using devise for the user system but I have one problem. I'd like for a logged-in user to register new user. It's a question of security. However, a logged-in user can not currently register a new user.
I dont know how fix this.
Thanks by help!
I'm pretty sure the easist way would be just to turn off the devise config option :registerable, this will get rid of the sign_up paths and links.
Then just build your own user controller actions and views to interact directly with your User model.
The default devise registrations controller wants to auto create a new session for the newly created user which is why it won't let logged in users create another user.
Hope this helps.
The Devise documentation explains how to do that kind of thing.
You don't need to over-ride anything in devise. Just treat it like any other namespaced resource.
Related
I want to disable user sign up, but still provide edit profile functionality for existing users. Is this possible?
Currently, removing :registerable from th options list also disables the edit profile functionality and edit_user_registration_path is no longer defined.
Any way around this? It is strange that seemingly unrelated functionality is coupled this way.
What I would do would be to create a registration controller and use devise mappings to use that new registration controller. Then for the new and create actions set a flash message and redirect to the root of the app (or your chosen location). If you want to lock it down even more, just override the create method on your user model and throw an exception.
See this answer- disabling Devise registration for production environment only
I'm building a service on Rails using Devise which requires an 'admin' user to add regular users to their organization account.
The default behaviour of Devise doesn't support this, as the ':require_no_authentication' method is called when a logged in admin user tries to create a regular user account.
What would be the recommended method of achieving the functionality I am looking for?
:require_no_authentication is called by prepend_before_filter in the
Devise::RegistrationsController class, rather that in one of the
RegistrationsController methods, so I do not know if this can be
overridden (correct me if I'm wrong).
I believe separating the admin users from the regular users would
work, however these users will share very similar properties, so I
believe doing this will add unnecessary repetition.
I am currently trying to create new admin users (who in turn create
the organization that regular users belong to) using the regular
Devise sign up flow with 'users#new' and 'users#create' controller
actions, and allowing admins to add new users through a 'users#add'
action.
If there is perhaps another good user authentication gem that would better suit my needs, I would be happy to take a look at switching to that.
This seems to be more of an authorization problem than an authentication problem. You can use an authorization gem, such as cancan, to assign roles to users (such as admin) and grant abilities to those roles. This works really well alongside Devise. Here's a tutorial:
http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/
EDIT: I think I may have misunderstood your problem. Maybe what you need is just another controller to handle the creating of users outside of the Devise controllers. You could use cancan to restrict access to this controller to only admins.
I am having a Rails app for personal use and it uses Devise for authentication. I want there is only one user for my app. In other words, how do I disable registration in Devise after there is already 1 user registered ?
I am thinking about creating a custom method in controller. But is there any good way to do this ?
You want to remove the :registerable option in the model. Then create your single account in your seed.rb and then just seed your app. No need to complicate things just for your own use.
I would like to disable user registration for devise and move the creation of new users to an admin method under an admin namespace.
How could this be accomplished? I have searched and think I have to overrule the devise controllers disabling the custom user registration.
But how to make a new user based on a form under an admin namespace? Anyone done such a thing before and could share some pointers on how to get it done? thank you
Check out the devise Wiki, quite a common question (think this is what you are looking for)
https://github.com/plataformatec/devise/wiki/How-To%3a-Require-admin-to-activate-account-before-sign_in
I really like how devise offers an easy to use registration system out of the box but I'm having trouble extending it to do what I need. I need to create a public user profile for each user that shows their information like name, email, bio, and more info. I've done this in the past before with a users/show function but since devise doesn't provide any easily editable controllers, I'm having trouble figuring out how to do this. I've already run rails generate devise:views to copy the devise views to my app but I don't know where to go from here. Any help would be much appreciated.
Sounds like you want users to update their profile at the same time they create their account? If so, you can setup an associated Profile model with the User model. Using accepts_nested_attributes_for you can then create a record for the nested model on devise user registration submit/creation.
Here's a great screencast covering nested models and I also suggest you search other devise relate SO posts as this question has been discussed before.
There is an alternative approach, that is simpler to implement — only allow registered users edit/update their profile. This way you don't have to alter the Devise views and you can setup the various CRUD actions via a separate non-devise controller.
Throw in an Access Control List (ACL) solution such as CanCan (there are other alternatives too!) and you can even allow other users view profiles but deny access to edit/destroy etc.