Devise/Rails - 如何仅允许管理员为其他人创建帐户?
我正在使用 devise 作为我的身份验证解决方案,现在我正在考虑授权。在我的项目中,我(管理员)是唯一被授权为其他人创建帐户的人。
我想知道是否有一种方法可以做到这一点而不需要太多的黑客。事实上,如果用户已经登录,Devise 不允许用户访问注册页面。
感谢您的建议!
I am using devise as my authentication solution and now i am thinking about authorization. In my project I (the admin) is the only person authorized to create account for others.
I wonder if there is a way to do it without to much hack. In fact, Devise doesn't allow user to access to the signup page if he is already logged in.
Thanks for your advice on it!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
设置
:skip => :registrations还会终止用户编辑其用户信息的能力。如果这不是您想要的,您可以创建一个(最小)自定义注册控制器,并且仅删除new_user_registration_path,同时保留edit_user_registration_path。完成此操作后,您还需要将目录
views/devise/registrations移动到views/registrations。Setting
:skip => :registrationsalso kills the ability for a user to edit their user info. If that's not what you are after you can instead create a (minimal) custom registrations controller and only remove thenew_user_registration_pathwhile preserving theedit_user_registration_path.Once you do this you also need to move the directory
views/devise/registrationsto justviews/registrations.您可以尝试将 rails_admin gem 与 Devise 结合使用来处理任何管理 -具体任务。您需要添加更多代码来设置它,但至少您可以避免在更改与 Devise 的交互方面破坏解决方案。
You can try the rails_admin gem in conjunction with Devise to handle any admin-specific tasks. You'll need to add more code to set it up, but at least you avoid hacking around the solution in terms of changing your interactions with Devise.
实际上,在 Devise 的更高版本中,您只需从模型中删除“可注册”声明,它就会为您处理这个问题。
It actually looks like in the later versions of Devise you can just remove the "registerable" declaration from your model and it will take care of this for you.