I am using Rails 4.0 and would like to use Devise for my sign-up/sign-out/etc.
However, on my sign-up page I would like to have fields not only from the user model that devise creates but also another model that users have a relationship with (organizations in this case).
I have setup associations on the models for user and organization like so:
user.rb
has_one :organization
accepts_nested_attributes_for :organization
organization.rb
belongs_to :user
Any ideas on how to make this happen? I tried overriding the registration controller for devise but haven't had any luck.
You need to override the views and insert a fields_for block for that :organization association. Run rails generate devise:views and look for the new view files in your app/views/devise directory.
Related
I'm currently building a rails application that contains 3 user types. This is my first experience with web development, and I would like to avoid making crucial design errors that will cost me later on. Hopefully more experienced rails users and web developers will be able to guide me in the right direction.
I want to use Devise as my primary authentication system, and I am currently planning something like this in order to support 3 user-types within the Devise framework:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :email, :password, :password_confirmation, :remember_me
belongs_to :rolable, :polymorphic => true
end
For each of the three user-types:
# usertype1.rb
class UserType1 < ActiveRecord::Base
has_one :user, :as => :rolable
end
# usertype2.rb
class UserType2 < ActiveRecord::Base
has_one :user, :as => :rolable
end
Essentially, there is a polymorphic association between the user class and the several different user types. My hope is that this approach will allow me to eventually add different associative keywords within the user-type models (such as has-many) that will allow convenient querying of the database.
I'm also concerned about how to implement user-dependent routing. The idea is that each user-type will see a separate "hub" when they log-in, with different dashboards, different actions, etc. I was thinking that I would approach this by overriding the Devise SessionsController. Something like this:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
if user.type == 1
redirect_to hub_typeone
else if user.type == 2
redirect_to hub_typetwo
else
redirect_to hub_typethree
else
flash.now.alert = "Email or password is invalid"
render "new"
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, notice: "Logged out!"
end
end
The idea is that upon successful authentication, the user is routed to a different page based on user type. I'm planning on using the devise current_user framework to then query the database to populate the hubs with the user-specific data.
Do you guys have any pointers for me? Do you see any huge flaws in my plans/reasoning/approach? Thanks in advance!
I get a feeling you are over-engineering this, and building something You Aren't Gonna Need It
It's best if you are clear about what the three different user types are. Most applications would require the following three user types:
Guest users, who aren't logged in, and can access some part of the application
Regular users
Admin users who administer the rights of regular users.
I am curious to know what other user types you would need if they are not in this list.
Devise wikipages has suggestions on how to create a guest user, and how to add an admin role. Probably best to start by implementing the functionality of the regular users of your application, and then use the above mentioned resources to add other user types.
I am trying to write a database for a company in town. I am using Devise for authentication, and Forem for the forums of the site. I decided to just have one class, "Account" for the Devise authentication, which will have many different access types to the site.
The bulk of the users will be just customers, which are segregated by routes (not Rails routes, street routes). So I decided to have them have their own profile model.
I want to do this - Profile is linked to account, and to route. (Routes are named gmr_routes)
Is this code the proper way to do it? Documentation I've found hasn't told me I can't, but I just want to be sure....
class Profile < ActiveRecord::Base
attr_accessible :first_name, :last_name, :phone_number, :street_address
belongs_to :account
belongs_to :gmr_route
end
Account has a has_one relationship with Profile, and gmr_route has a has_many.
Is this right?
Bryan
Yes, that's perfectly acceptable. You need to remember to include a foreign key id on any model with a belongs_to.
So in the case you describe, you would have account_id:integer and gmr_route_id:integer in your migration, and include those in the attr_accessible call in your model
Hi I have a NOOB question in light of what happend at GITHUB with their application being exploited because of the security hole in Rails.
What is the best way to protect object attributes in Rails but still allow them to be assigned values where applicable?
Thanks
Actually Rails 3.1 has added new built-in ways to handle mass-assignment with roles which is probably something that you want to take a look at.
Release notes here
Basically it works like this:
class User < ActiveRecord::Base
attr_accessible :name
attr_accessible :name, :role, :as => :admin
end
What this enables you to do is that you can use the following way to allow the user to update his own information in one of your controllers:
#user.update_attributes(params[:user])
And that usage can never update the :role attribute in the User model. But when you have your admin users managing the roles in a separate controller, then you can user the following syntax:
#user.update_attributes(params[:user], :as => :admin)
And that will allow the :role attribute to be updated as well
I'm using rails 3.1 with Devise for user authentication...
I'm having trouble either getting the associations between two scaffold generated models working or I'm not accessing it correctly.
I have two models: User (Devise), and Post
I've added the belongs_to :user tag in the Post model and has_many :posts in the User model.
When I open a rails console, rails c from terminal in the app directory, I thought I should be able to reference the Post model through the user model. Such as User.post.count but I keep getting a NoMethodError: undefined method "post" error.
I've been through all the guide.rails.org and back through the railstutorial.org book and I'm definitely missing something somewhere.
Any help would be much appreciated.
Have you added your migrations that adds user_id to the posts table? Without that foreign key, Rails can't figure out which users are associated with which posts.
I have set up a blog with secure log-in using the Devise plugin and its working well. I'm going to add an additional 'username' field at sign-up and article posts will then display this info. How do I achieve this so the username goes into the db - any code help would be appreciated?
User names will need to be unique but I will look into this later.
As the Devise wiki sez:
Create a migration
rails generate migration add_username_to_users username:string
Run the migration
rake db:migrate
Modify the User model and add username to attr_accessible
attr_accessible :username
more info here
For uniqueness you could just do a validation on the User model
Hope this helps!
Okay so you have 2 questions in the same topic.
The first one has been answered and you followed these steps: Add custom fields to devise
Then for your next question: the problem isn't the user but #article because this variable is nil. So Rails can't find the User related to something that is nil.
You should post your controller and your _article view so I can help further.
Also I don't understand what you meant by :
I changed the object from 'email' to 'username' to stop it showing the submitters email address in the article
..You can choose whatever you want to display without replacing anything. If you want to display the user's username, just do user.username
add belongs_to :user in your article.rb and has_many :articles to your user.rb
update your migration of article to include a user_id:integer field (or use t.references :user)
update your ArticlesController#create action to use current_user.create_article or build_article
be sure to invoke the authenticate_user! before_filter for the :create action
before_filter :authenticate_user!, only => :only => [:new, :create, :edit, :update, :destroy]
ref:
http://guides.rubyonrails.org/association_basics.html