devise_invitable邀请不起作用

时间:2014-07-11 01:32:40

标签: ruby-on-rails ruby ruby-on-rails-4 devise

我有一个带有devise和devise_invitable的Rails 4应用程序设置。

下面列出了我的应用程序控制器以及我的用户邀请控制器。

基本上问题是我的应用程序正确地使用ActionMailer发出邀请,但是当用户收到电子邮件并点击链接将其带到accept_invitation_url设备时告诉他们他们需要登录或注册才能继续。我知道它必须是身份验证过程的一部分,我必须在这里错过,但我似乎无法找到位置。

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception


  # Make application helpers availble within controllers
  include ApplicationHelper

 # enable_authorization :unless => :devise_controller? # ACl

  before_filter do # ACL work around for attribute mass assignment
    resource = controller_path.singularize.gsub('/', '_').to_sym
    method = "#{resource}_params"
    params[resource] &&= send(method) if respond_to?(method, true)
  end

  rescue_from CanCan::Unauthorized do |exception|
    redirect_to main_app.root_path, :alert => exception.message
  end

  #handling redirection after login basing on the just logged in user role
  def after_sign_in_path_for(user)
    if user.has_role?(:director)
      unless user.organization.nil?
        dashboard_organization_path(user.organization.id) 
      else
        organization_trainings_url
      end
    elsif user.has_role(:user)
      user_path(user)
    elsif user.has_role(:admin)
      organization_trainings_url
    else
      root_url
    end
  end




end

class Users::InvitationsController < Devise::InvitationsController

  before_filter :configure_permitted_parameters, if: :devise_controller?
  load_and_authorize_resource
  # Make application helpers available within controllers
  include ApplicationHelper

  def new
    set_extra_user_info
    super
  end

  def create
    set_extra_user_info
    super
  end

   def update
     if this
      redirect_to root_path
     else
      super
     end
   end

   def accept_resource
     resource = resource_class.accept_invitation!(update_resource_params)
     ## Report accepting invitation to analytics
     Analytics.report('invite.accept', resource.id)
     resource
   end

  protected

  def configure_permitted_parameters

    safe_params = [:first_name, :last_name, :email,
                   :phone, :phone, :dl, :hire_date,
                   :role, :leader_id, :role_ids => []];

    if current_inviter.has_role?(:admin)
      safe_params << :organization_id
    end

    devise_parameter_sanitizer.for(:invite) do |u|
      u.permit(safe_params)
    end



    # Only add some parameters
    devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :phone]
    # Override accepted parameters
    devise_parameter_sanitizer.for(:accept_invitation) do |u|
      u.permit(:password, :password_confirmation, :invitation_token)
    end
  end

end

1 个答案:

答案 0 :(得分:0)

奇怪的是,这个:

if current_inviter.has_role?(:admin)
      safe_params << :organization_id
    end

问题就在于此。我猜测,因为邀请尝试登录新用户设备是检查其他用户角色,这是导致ACL错误。但我并非百分之百确定。