8

我正在努力做到这一点,因此只有管理员才能通过设计添加用途。我已经让它大部分工作了,但是现在当我以管理员身份登录并提交注册表单时,它把我踢回来并出现错误:You are already signed in.

我尝试按照此处的说明进行操作:http ://wiki.summercode.com/rails_authentication_with_devise_and_cancan但似乎没有提到这种情况。

我是否需要进一步覆盖editors_controller以允许这样做?

这是我的路线(“编辑器”是我的用户模型的名称):

devise_for :admins, :skip => [:registrations]

as :admin do
  get 'admin/editors'        => 'editors#index',                  as: :admin_editors
  get 'admin/editors/new'    => 'editors#new',                    as: :new_editor
  delete 'admin/editors/:id' => 'editors#destroy',                as: :destroy_editor
end


devise_for :editors, :skip => [:registrations],  :controllers => { :registrations => "editors" }

和我editors_controller的“应用程序/控制器/”

    class EditorsController < Devise::RegistrationsController
  before_filter :check_permissions, :only => [:new, :create, :cancel]
  skip_before_filter :require_no_authentication

  def dashboard
    render "editors/dashboard.html.haml"
  end

  def index
    @editors = Editor.all
    respond_to do |format|
      format.html
    end
  end

  private
    def check_permissions
      authorize! :create, resource
    end
end

编辑Processing by Devise::RegistrationsController#create as HTML当我提交表单时,我在日志中 注意到了这一点。我曾怀疑可能skip_before_filter :require_no_authentication没有被调用,但假设因为EditorsController继承自RegistrationController过滤器之前的过滤器会正常工作。不是这样吗?

4

3 回答 3

6

You'll want to implement your own create method on EditorsController instead of inheriting that action from Devise::RegistrationsController. As you're seeing, the method in Devise::RegistrationsController will first check to see if you're already logged in and kick you back if you are. If you're not logged in it will create a User account and then log you in as that user.

You're trying to get around that problem with skip_before_filter :require_no_authentication, but it's likely that your form is POSTing to /editors instead of /admin/editors. So, you'll need to add a route that allows you to get to create on the EditorsController :

as :admin do
  post 'admin/editors' => 'editors#create'
  # your other :admin routes here
end

Then you'd want to implement a scaled down version of create. You probably want something kind of like this :

class EditorsController < Devise::RegistrationsController
  def create
    build_resource(sign_up_params)
    if resource.save
      redirect_to admin_editors_path
    else
      clean_up_passwords resource
      respond_with resource
    end
  end

  # your other methods here
end

You'll also want to make sure that the admin/editors/new template is pointing the form to the correct route ('admin/editors').

于 2013-09-26T02:20:16.597 回答
1

当我尝试使用谷歌解决方案时,它们都不起作用。这有效

我所做的是在控制器中创建一个新动作并为其创建一个新路由,并连接我的视图上的链接,这些链接通常连接到创建现在调用我的路由和动作。

但这还不够。因为 Devise 正在倾听,并且会抓取您尝试执行的任何添加并通过它自己的代码对其进行验证。因此,我只是使用 sql 插入添加新的用户记录。

添加这条路线

post 'savenew', to: 'users#savenew'

将此操作添加到用户控制器:

def savenew
  rawsql = "insert into users (email, created_at,updated_at) values ('#{user_params[:email]}',now(), now())"
  sql = rawsql
  ActiveRecord::Base.connection.execute(sql)
  redirect_to action: 'index''
end

查看:new.html.erb 更改 form_for 以便提交将转到新的路由和操作,而不是默认的 Rails 之一。

<%= form_for User, :url => {:action => "savenew"} do |f| %>
于 2016-12-28T05:04:54.387 回答
0

在这里使用 Rails 4.2.6(我的模型是用户而不是编辑器)。以下解决方案绕过(我认为)任何可能干扰管理员创建新用户的设计操作:

将此操作添加到用户控制器:

def savenew
  User.create_new_user(user_params)
  redirect_to action: 'index'
end

如果此私有方法不存在,则将此私有方法添加到用户控制器:

private

def user_params
  params.require(:user).permit(:email, :password,      
                               :password_confirmation)
end

将此添加到 config/routes.rb:

match '/savenew', to: 'users#savenew', via: :post

将此类方法添加到 User 模型中:

def self.create_new_user(params)
  @user = User.create!(params)
end

我的应用程序中没有单独的 Admin 类。:validate_admin before_action相反,我为用户定义了一个管理属性,并使用用户控制器中的过滤器检查它。

我希望能够从:index视图中创建一个新用户,所以我添加了一个按钮:

<%= button_to 'New User', '/new_user', class: 'btn btn-primary',
                          method: :get %>

after_create如果您在用户模型中有任何操作(例如发送欢迎电子邮件),您可能需要调整上述解决方案。

于 2017-07-06T15:01:53.220 回答