Allow a user to add new users in Devise, and remain logged in as themselves
Question
I am using Ruby On Rails with Devise, Rails 4.1.0.rc1, Ruby 2.1.0p0, devise-3.2.4
I followed the tutorial from Rails Cast Episode #209 to get devise installed and working. I can login and log out and register new users.
I extended my user model to include non-changing information like birthdate, first name and last name.
Following this blog post I added a user controller & views in order to add additional functionality such as a listing of all users that I did not see with devise. https://github.com/danweller18/devise/wiki/Allow-Users-to-View-Profile-and-List-All-Users
I have also reviewed these questions on Stack overflow: Allowing admins to add users with Devise How do I customize the controller for registration in Devise? Ruby on Rails: Custom Devise Registration Controller, Asking For Create Action
I am new to ruby on rails since March 1st of this year, and have taken Mike & Nicole Clarks Rails 1 & Rails 2 online courses.
What I am trying to do is allow a user to add new users. Ultimately this function would be an admin or manager adding clients. The client should then be able to log in with the credentials created.
What is occurring is that I can be logged in, add a new "user" through the new_user_path and user view (as opposed to the devise view) but when I submit it, I am then logged in as the new user. The previous users is not persistent.
I am doing all of this via the users view & controller actions because I don't want to actually "register" or login & logout with these actions, just create new records in the user table that would then be able to log in on their own.
Any help is appreciated.
here is my user controller:
class UsersController < ApplicationController
def index
@users = User.all
end
def show
@user = User.find_by_id(params[:id])
end
def new
@user = User.new
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update_attributes(user_params)
redirect_to user_url, notice: "Updated User."
else
render :edit
end
end
def create
@user = User.new(user_params)
if @user.save
redirect_to user_url, notice: "User succesfully created!"
else
render :new
end
end
private
def user_params
params.require(:user).permit(:first_name, :last_name, :img_file_name, :email, :password, :password_confirmation, :birthdate)
end
end
Here is my application controller:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) {|u|
u.permit(:first_name, :last_name, :birthdate, :img_file_name, :email, :password, :password_confirmation, :current_password)}
devise_parameter_sanitizer.for(:sign_up) {|u|
u.permit(:first_name, :last_name, :birthdate, :img_file_name, :email, :password, :password_confirmation, :current_password)}
end
end
Here is my user new.html.erb file: (Admins Only is just a reminder for me right now, there is no admin function at them moment)
<header id="content-header">
<h1>Create a New User (Admins Only)</h1>
</header>
<%= render 'form' %>
Here is the _form.html.erb
<%= form_for(@user) do |f| %>
<%= render "shared/errors", object: @user %>
<fieldset>
<ol>
<li class="required">
<%= f.label :first_name %>
<%= f.text_field :first_name, size: 40, autofocus: true %>
</li>
<li class="required">
<%= f.label :last_name %>
<%= f.text_field :last_name, size: 40 %>
</li>
<li class="required">
<%= f.label :email %>
<%= f.email_field :email, size: 40 %>
</li>
<li class="required">
<%= f.label :password %>
<%= f.password_field :password, size: 40 %>
</li>
<li class="required">
<%= f.label :password_confirmation, "Confirm Password" %>
<%= f.password_field :password_confirmation, size: 40 %>
</li>
<li >
<%= f.label :birthdate %><br/>
<%= f.date_select :birthdate, start_year: 1915 %><br/>
</li>
<li >
<%= f.label :img_file_name %><br/>
<%= f.text_field :img_file_name %>
</li>
</ol>
<p>
<% if @user.new_record? %>
<%= f.submit "Create Account" %>
<% else %>
<%= f.submit "Update Account" %>
<% end %>
<%= link_to "Cancel", users_path, class: 'button' %>
</p>
</fieldset>
<% end %>
4 answers
solution1
19 ACCPTED 2014-04-19 20:50:44
I think the problem is actually with your routes. I imagine that you've added resources :users to your routes file to set up routes for your UsersController . However, I'm guessing that you've also got devise_for :users … to set up devise. This means that you'll have devise and your UsersController fighting for the same routes. Specifically, you're expecting a POST to /users to create a new user, but it's actually routing to devise's RegistrationsController and registering a new user and signing them in.
You can see this by running rake routes and seeing that both devise and your UsersController have, for example, mappings for POST /users(.:format) . You need to separate out the two sets of routes. There are various ways you can do this. You could add :path => 'u' to your devise_for line in routes.rb , which will then mean your devise routes are all /u instead of /users . Alternatively, you could keep devise routes on /users and instead change your UsersController routes to something like:
resources :users_admin, :controller => 'users'
which will map /users_admin to your UsersController (but note the path helpers will also change from eg users_path to users_admin_path ).
solution2
7 2014-04-21 01:17:53
Here is what I finally did to solve this
in routes.rb
devise_for :users
resources :users_admin, :controller => 'users'
in users_controller.rb no changes
in form.html.erb for adding new & updating users. Note the specified URL. This is documented to some degree here, but only mentions it for singular resources http://guides.rubyonrails.org/routing.html
However I had to separate out the edit & new paths as the url would not work in both create & update at the same time, so instead of rendering a partial, I just have 2 forms. Not sure what the workaround is.
This one is my new user form:
<%= form_for @user, url: users_admin_index_path(@user) do |f| %>
And this one is in my edit user form:
<%= form_for @user, url: users_admin_path(@user) do |f| %>
At the bottom of the form I have this code:
<% if @user.new_record? %>
<%= f.submit "Create Account" %>
<% else %>
<%= f.submit "Update Account" %>
<% end %>
<%= link_to "Cancel", users_admin_index_path, class: 'button' %>
</p>
Then in the show.html.erb form I had to specify the URLS from 'rake routes'
<footer>
<nav>
<%= link_to "Edit User", edit_users_admin_path, class: 'button' %> |
<%= link_to "New User", new_users_admin_path, class: 'button' %> |
<%= link_to "All Users", users_admin_index_path, class: 'button' %>
</nav>
</footer>
I got the path names from rake routes.
I hope this helps somebody else out and thank you all for the help. I do not have enough reputation to upvote any answers yet.
solution3
0 2014-04-17 19:17:40
As i understood your question(text part, not read the code), you want users to add other users and the accounts should be ready to be used. TO register using devise, you would be using user email, password and password_confirmation field as mandatory .
When registering users with email, provide a dummy password to the accounts so that the user entry is being saved. Send mails to the users to confirm their account and change password using the password reset links.
solution4
0 2014-04-17 19:41:54
GhostRider is correct on the workflow. You could also move the logic to an AdminsController or similar. This thread will solve the specific issue of getting signed in as that user: Devise: How to create a new user being already logged in?
But it is a better workflow to have the admin set a temporary password and email the new user to have them finish creating their account.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.