Rails - Devise - Only allow registration if the user object already exists
Question
This may be a strange question, but it has come up in a project that I've been working on recently.
I have a Devise model called Student with a unique :sid parameter. The Student table in the database is already filled with Student objects with only :sid values set. I need to enable students to register using their :sid, setting the other attributes of the Student object and doing any Devise setup that is necessary.
How in the world should I set the registration up? Right now, I'm using a custom Devise RegistrationController with the following code:
# inside controllers/students/registration_controller.rb
def create
if Student.exists?(:sid => params[:student][:sid].to_i)
@student = Student.find_by_sid(params[:student][:sid].to_i)
@student.update_attributes(params[:student])
if @student.save
set_flash_message :notice, :signed_up if is_navigational_format?
sign_in(Student, @student)
else
set_flash_message :notice, :sign_up_failed
redirect_to student_registration_path
end
else
set_flash_message :error, :sid_not_found
redirect_to new_student_registration_path
end
end
This code merely updates the existing Student object.
I don't know if it makes more sense to store a list of valid :sids somewhere else, or if I should do something else entirely to make this work.
EDIT: As for my main question, I'm wondering whether this is the best way to go about only allowing registrations from a pool of existing user objects that are selected using an arbitrary value.
1 answers
solution1
2 ACCPTED 2012-11-25 19:35:50
If I understand your question right: you want to enable only those who have a certain token to register on the site and fill in their info. If this what you want to do then you could accomplish this by generating a token value (say 6 characters: 18ui7p) and store these in a separate table then if you want some one to register you send them a url that contains a valid token say
http://example.com/users/sign_up?token=18ui7p
and in your registrations controller you override new method to allow only a user that has a valid token (that you have generated and stored before in the db) to register as a user, the same in the create action, also don't forget to remove/mark the token after it is used.
This way if someone (say school admin) wants to add someone new in the system, they can generate a token and send it to the student in an email, which means you will provide an action that generates a token and send it to an email, of course this is accessible only by the admin.
I just found a gem called devise_invitable which could do what you want, but you could just implement the solution yourself.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.