Ruby on Rails 设计密码覆盖

Question

我现有的应用程序使用 Devise 进行用户身份验证，这在我的用户注册/确认过程中运行良好。用户只需输入电子邮件地址、密码和密码确认。他们收到确认电子邮件，一切都很好！

现在，我想让account_admins 能够创建属于他们的其他用户。

我已经连接了控制器和表单，并且正在创建用户。但是，我突然想到我需要允许 account_admin 绕过 password 和 password_confirmation 字段。 否则，account_admin 用户需要使用他们为他们创建的密码向每个用户发送单独的电子邮件，我不喜欢这样。

相反，让 account_admin 填写必填字段 first_name、last_name、phone_number 和 email 来创建用户并让 Devise 创建并通过电子邮件发送密码更有意义给用户。

我看过不少 Devise resources 和 other things 的 ppl 已经完成了，但其中大多数也让我完全重新连接确认过程，我不想这样做。

所以，这是我的表单视图views/users/new.html.erb：

<%= form_for @user, url: users_admin_index_path(@user) do |f| %>
   <%= f.label :first_name, "First Name", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.text_field :first_name, class: "form-control", :required => true, required: "" %>

   <%= f.label :last_name, "Last Name", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.text_field :last_name, class: "form-control", :required => true, required: "" %>

   <%= f.label :email, "Email", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.email_field :email, class: "form-control", :required => true, required: "" %>

   <%= f.label :phone_number, "Phone Number", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.text_field :phone_number, class: "form-control", :required => true, required: "" %>

   <%= f.label :password, "Password", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.password_field :password, class: "form-control", :required => true, required: "" %>

   <%= f.label :password_confirmation, "Password Confirmation", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.password_field :password_confirmation, class: "form-control", :required => true, required: "" %>

   <%= link_to "Cancel", "", class: "btn btn-danger" %>
   <%= f.submit "Submit", class: "btn btn-success" %>
<% end %>

以及相关的控制器方法controllers/users_controller.rb：

class UsersController < ApplicationController
  before_action :get_company_and_locations

  def new
    if current_user.is_account_owner
      @user = User.new
    else
      flash[:danger] = "You do not have permission to do this action!"
    end
  end

  def create
    @user = User.new(user_params)
    @user.company_id = current_user.company.id
    if @user.save
      flash[:success] = "User succesfully created!"
      redirect_to :back
    else
      render :new
    end
  end



  private

  def user_params
    params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
  end
end

由于我也在为我的User 模型使用设计，我需要将以下内容添加到我的routes.rb：

resources :users_admin, :controller => 'users'

Answer 1

您是否考虑过使用 devise_invitable？

https://github.com/scambra/devise_invitable

这将允许您使用表单来创建额外的用户数据，然后向您的新用户发送邀请 - gem 本身有一个已删除的电子邮件，其中只有一个链接返回到带有令牌的站点，这让他们设置了密码

这种方式并不复杂。

1 将 gem 添加到您的 Gemfile 并运行 bundle install

gem 'devise_invitable'

2 运行初始化程序的安装生成器

rails generate devise_invitable:install

3 运行模型的生成器

rails generate devise_invitable User

4 将邀请添加到您的模型中

  # your list of mods might be different, it will depend on what you're using
  devise  :database_authenticatable, :registerable, :omniauthable,  :recoverable, :rememberable, :trackable , :validatable , :confirmable, :invitable

5 创建迁移以添加邀请字段

rails g migration add_invitable_to_user 

打开迁移并将其添加到其中

def change
    add_column :users, :invitation_token, :string
    add_column :users, :invitation_created_at, :datetime
    add_column :users, :invitation_sent_at, :datetime
    add_column :users, :invitation_accepted_at, :datetime
    add_column :users, :invitation_limit, :integer
    add_column :users, :invited_by_id, :integer
    add_column :users, :invited_by_type, :string
    add_index :users, :invitation_token, :unique => true

    # Allow null encrypted_password
    change_column_null :users, :encrypted_password, :string, true
    # Allow null password_salt (add it if you are using Devise's encryptable module)
    change_column_null :users, :password_salt, :string, true
end

6 生成视图，以便您可以编辑邀请页面

rails generate devise_invitable:views

7 添加设计邀请路线

# you might have other controllers or put them in a different directory, but it will be similar to this
devise_for :users, :controllers => { :invitations => 'users/invitations' }

8 添加邀请控制器

class Users::InvitationsController < Devise::InvitationsController
  protected

  def invite_params
    params.permit(user: [:email, :first_name, :last_name, :phone_number, :invitation_token, :provider, :skip_invitation])
  end

  def accept_invitation_params
    params.permit(:password, :password_confirmation, :invitation_token, :first_name, :last_name, :phone_number )
  end

end

9 更改邀请表格

<%= form_for @user, url: user_invitation_path(@user) do |f| %>
   <%= f.label :first_name, "First Name", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.text_field :first_name, class: "form-control", :required => true, required: "" %>

   <%= f.label :last_name, "Last Name", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.text_field :last_name, class: "form-control", :required => true, required: "" %>

   <%= f.label :email, "Email", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.email_field :email, class: "form-control", :required => true, required: "" %>

   <%= f.label :phone_number, "Phone Number", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.text_field :phone_number, class: "form-control", :required => true, required: "" %>

   <%= f.label :password, "Password", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.password_field :password, class: "form-control", :required => true, required: "" %>

   <%= f.label :password_confirmation, "Password Confirmation", class: "control-label col-md-2 col-sm-2 col-xs-12" %>
   <%= f.password_field :password_confirmation, class: "form-control", :required => true, required: "" %>

   <%= link_to "Cancel", "", class: "btn btn-danger" %>
   <%= f.submit "Submit", class: "btn btn-success" %>
<% end %>