我有一个带有devise和devise_invitable的Rails 4应用程序设置。
下面列出了我的应用程序控制器以及我的用户邀请控制器。
基本上问题是我的应用程序正确地使用ActionMailer发出邀请,但是当用户收到电子邮件并点击链接将其带到accept_invitation_url设备时告诉他们他们需要登录或注册才能继续。我知道它必须是身份验证过程的一部分,我必须在这里错过,但我似乎无法找到位置。
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# Make application helpers availble within controllers
include ApplicationHelper
# enable_authorization :unless => :devise_controller? # ACl
before_filter do # ACL work around for attribute mass assignment
resource = controller_path.singularize.gsub('/', '_').to_sym
method = "#{resource}_params"
params[resource] &&= send(method) if respond_to?(method, true)
end
rescue_from CanCan::Unauthorized do |exception|
redirect_to main_app.root_path, :alert => exception.message
end
#handling redirection after login basing on the just logged in user role
def after_sign_in_path_for(user)
if user.has_role?(:director)
unless user.organization.nil?
dashboard_organization_path(user.organization.id)
else
organization_trainings_url
end
elsif user.has_role(:user)
user_path(user)
elsif user.has_role(:admin)
organization_trainings_url
else
root_url
end
end
end
class Users::InvitationsController < Devise::InvitationsController
before_filter :configure_permitted_parameters, if: :devise_controller?
load_and_authorize_resource
# Make application helpers available within controllers
include ApplicationHelper
def new
set_extra_user_info
super
end
def create
set_extra_user_info
super
end
def update
if this
redirect_to root_path
else
super
end
end
def accept_resource
resource = resource_class.accept_invitation!(update_resource_params)
## Report accepting invitation to analytics
Analytics.report('invite.accept', resource.id)
resource
end
protected
def configure_permitted_parameters
safe_params = [:first_name, :last_name, :email,
:phone, :phone, :dl, :hire_date,
:role, :leader_id, :role_ids => []];
if current_inviter.has_role?(:admin)
safe_params << :organization_id
end
devise_parameter_sanitizer.for(:invite) do |u|
u.permit(safe_params)
end
# Only add some parameters
devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :phone]
# Override accepted parameters
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit(:password, :password_confirmation, :invitation_token)
end
end
end
答案 0 :(得分:0)
奇怪的是,这个:
if current_inviter.has_role?(:admin)
safe_params << :organization_id
end
问题就在于此。我猜测,因为邀请尝试登录新用户设备是检查其他用户角色,这是导致ACL错误。但我并非百分之百确定。