How to allow only the administrator to register a user with Devise

Asked

Viewed 886 times

1

I wanted to know if there is only the administrator register user, with Devise. I can not program this. And where is the controller with the Devise methods in the project?

ruby-on-rails ruby

  • Good afternoon, Have you heard of Gem Pundit ? I’m using it in an application with 3 access levels. Admin | Intermediario | Basic . It does the whole authorization part. Just adc in the app controller and a few more.

1 answer

0


Devise is an engine. What is an engine? Although it looks a lot like a normal plugin, an engine is actually a kind of application that you "mount" in your application.

Standard plugins only add functionality to your app. Already Ngines, can have their own controllers, models, views, etc. Only that you can not see, because it is in a separate namespace, "invisible" for you.

According to the Devise documentation, you can override the Devise Sessionscontroller as follows:

  1. Spin rails generate devise:controllers [scope], where "Scope" is the name of your user table (such as users)

Now the Devise has created for you a controller in app/controllers/[scope]/, inheriting the original controller by inheritance, and allowing you to overwrite your methods.

  1. Configure the routes to use this new controller, not the original:

config/routes.rb:

devise_for :users, controllers: {sessions: '[scope]/sessions'}
  1. If you are using custom views in app/views/devise, copy to app/views/[scope]

To solve your problem, I think a before_action resolves:

class Users::SessionsController < Devise::SessionsController
  before_action :verifica_permissao, only: [...] # configure os métodos que você quer

  def verifica_permissao
    possui_permissao? || redirect_to('/')
  end

  def possui_permissao?
    # aqui você verifica se o usuário é admin
  end
end

References:

  • Perfect. Thus, the administrator logged in( it uses the same table as the common users, only changes the role field ), can create a user, without giving the error that I am already logged in?

  • @Vinícius I didn’t stop to think about it, I think he will complain that he is already logged in. You can also write the create method.

  • Have a look at the controller’s source code: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb. Up there you have a "require_no_authentication" for new e create. The way and see if we can eliminate this.

  • Then in this case, I would only take the parameters, and save in the bank? probably the original create method, check if the current_user is nil, right?

  • I believe this is what you are looking for https://github.com/plataformatec/devise/wiki/How-To:-Manage-users-through-a-CRUD-interface

  • I’ve never done this before, my answer is based on research. Take a look at @Alex’s tip, or try to add skip_before_action: :require_no_authentication in the controller.

  • @user23970 I tried to use skip_before_action on my controller, and I couldn’t fix this problem. What I could do?

Show 2 more comments

Browser other questions tagged ruby-on-rails ruby

You are not signed in. Login or sign up in order to post.