[devise] User logged in as Admin (CanCan integration) creating users, How?
330 views
Skip to first unread message
rgoytacaz
Apr 16, 2010, 12:08:40 AM4/16/10
to Devise
Hey There,
I have a need to be able to create users, as a admin in my app.
Devise handles all the authentication and CanCan the authorization.
I wanna re-use the registerable code, but without letting normal users
accessing the sign_up forms.
But devise won't let a logged user touch the users/sign_up.
Quick solution to that?
I'm already hacking Devise code, extracted its source to vendor.
[]'s
Rodrigo Dellacqua
--
Subscription settings: http://groups.google.com/group/plataformatec-devise/subscribe?hl=en
I have a need to be able to create users, as a admin in my app.
Devise handles all the authentication and CanCan the authorization.
I wanna re-use the registerable code, but without letting normal users
accessing the sign_up forms.
But devise won't let a logged user touch the users/sign_up.
Quick solution to that?
I'm already hacking Devise code, extracted its source to vendor.
[]'s
Rodrigo Dellacqua
--
Subscription settings: http://groups.google.com/group/plataformatec-devise/subscribe?hl=en
Rodrigo Dellacqua
Apr 16, 2010, 10:00:46 AM4/16/10
to Devise
Well,
I found out the solution, I simply removed the line bellow from the registration controller.
prepend_before_filder :require_no_authentication => :new, :create
and used CanCan to restrict the access to this page.
To be able to delete users, as a admin, I had to create a users controller with a restricted access to destroy.
[]'s
Rodrigo
I found out the solution, I simply removed the line bellow from the registration controller.
prepend_before_filder :require_no_authentication => :new, :create
and used CanCan to restrict the access to this page.
To be able to delete users, as a admin, I had to create a users controller with a restricted access to destroy.
[]'s
Rodrigo
Andion
Apr 16, 2010, 10:20:48 AM4/16/10
to Devise
The short answer is not user registerable module if you want to do
that.
But, you always can create an admin's only controller that let them
create users. There will be two countermeasures then:
1) The password. Users set their own password when they sign up, and
you probably don't want the admin do that. Solution: set a constant
default password to all users or create one based on the created_at
time of the user (so you don't event have to modify devise's users).
Then create another action on your new controller that let's an user
confirm his account with this default password and set their real
password. This leads us to problem number 2
2) Users can register them (setting their passwords) or they can be
created by an admin. The confirm action is different for each
registering way, so we must send to their email two different
"confirmation required" emails that point to two different
confirmation actions: one the default one (no password setting) and
the oene you've created to let them set their real password.
In a dirty way you can chech on your confirmation_instructions
template if an admin is logged in when registering or not and send the
appropiate email. But i haven't a correct solution for that, I only
hang that checking on Tread.current, becasue ActionMailer doesn't let
you use ActionController's helpers to do that.
Hope it helps
that.
But, you always can create an admin's only controller that let them
create users. There will be two countermeasures then:
1) The password. Users set their own password when they sign up, and
you probably don't want the admin do that. Solution: set a constant
default password to all users or create one based on the created_at
time of the user (so you don't event have to modify devise's users).
Then create another action on your new controller that let's an user
confirm his account with this default password and set their real
password. This leads us to problem number 2
2) Users can register them (setting their passwords) or they can be
created by an admin. The confirm action is different for each
registering way, so we must send to their email two different
"confirmation required" emails that point to two different
confirmation actions: one the default one (no password setting) and
the oene you've created to let them set their real password.
In a dirty way you can chech on your confirmation_instructions
template if an admin is logged in when registering or not and send the
appropiate email. But i haven't a correct solution for that, I only
hang that checking on Tread.current, becasue ActionMailer doesn't let
you use ActionController's helpers to do that.
Hope it helps
Rodrigo Dellacqua
Apr 16, 2010, 11:05:01 AM4/16/10
to plataforma...@googlegroups.com
Andion,
Thanks for the reply, but I ended up hacking the RegistrationController, to be able to re-use the logic, I didn't want to rewrite it ;)
Remove the line:
prepend_before_filter :require_no_authentication
Makes you able to enter the sign_up action, while being logged in.
I added some authorization with CanCan, so that only Admins can do that.
Simple fix =)
[]s
Rodrigo Dellacqua
Thanks for the reply, but I ended up hacking the RegistrationController, to be able to re-use the logic, I didn't want to rewrite it ;)
Remove the line:
prepend_before_filter :require_no_authentication
Makes you able to enter the sign_up action, while being logged in.
I added some authorization with CanCan, so that only Admins can do that.
Simple fix =)
[]s
Rodrigo Dellacqua
andkjaer
Apr 19, 2010, 3:15:46 PM4/19/10
to Devise
Rodrigo:
Where do I find the "prepend_before_filder :require_no_authentication
=> :new, :create "
I cant find it?
Thanks.
Where do I find the "prepend_before_filder :require_no_authentication
=> :new, :create "
I cant find it?
Thanks.
Rodrigo Dellacqua
Apr 20, 2010, 1:53:19 PM4/20/10
to plataforma...@googlegroups.com
You need to vendor the devise gem.
rake gems:unpack
Into vendor/gems/devise/app/controllers, you will find the RegistrationController.
It's the second line of the controller.
[]'s
Rodrigo Dellacqua
rake gems:unpack
Into vendor/gems/devise/app/controllers, you will find the RegistrationController.
It's the second line of the controller.
[]'s
Rodrigo Dellacqua
Joe Ellis
Apr 28, 2010, 7:26:24 PM4/28/10
to Devise
Might just be easier to do
skip_before_filter :require_no_authentication
in your Registrations controller. That way you don't have to keep
changing the gem code each time you update Devise.
On Apr 20, 12:53 pm, Rodrigo Dellacqua <rgoyta...@gmail.com> wrote:
> You need to vendor the devise gem.
>
> rake gems:unpack
>
> Into vendor/gems/devise/app/controllers, you will find the
> RegistrationController.
>
> It's the second line of the controller.
>
> []'s
> Rodrigo Dellacqua
>
skip_before_filter :require_no_authentication
in your Registrations controller. That way you don't have to keep
changing the gem code each time you update Devise.
On Apr 20, 12:53 pm, Rodrigo Dellacqua <rgoyta...@gmail.com> wrote:
> You need to vendor the devise gem.
>
> rake gems:unpack
>
> Into vendor/gems/devise/app/controllers, you will find the
> RegistrationController.
>
> It's the second line of the controller.
>
> []'s
> Rodrigo Dellacqua
>
Reply all
Reply to author
Forward
0 new messages