Good video. Are there scenarios where you would roll out your own authentication system instead of using Devise?
Plenty of cases, but most of those revolve around building out a very custom onboarding flow. Most of the time (including OAuth) is handled well enough with Devise.
If you are intending to use an authorisation gem such as cancancan or pundit then the the other videos use 'rails generate devise User role'. Save you a couple of clicks going back to see.
Hey Chris, I saw an old post from your blog about devise session sharing between subdomains (different apps?), do you know how to achieve this with rails 4?
If you're authenticating between different apps, then you want them to share the same secret key. The cookie_store is signed with that key (I believe) so you would simply want to modify both apps to use the same SECRET_TOKEN in your application.yml files in production. That should do the trick (along with setting the domain on the cookies in the other post you mentioned).
Great video. I have a question about 'correct users'. Let's say the user who submitted the book could also edit their submission. However we would only want this user to edit it and not other users. Does devise have a way to handle correct users - or would we need to create our own?
They way you could solve the authorization problem is by updating your Edit/Update/Destroy actions to use current_user.books.find() instead of Book.find(). That will scope it to only the ones that user owns so they cannot edit other user's books.
Yeah that's what I would do. Remember to have this only: [:edit, :update, :destroy] so that it doesn't override your show action's lookup which is normally set in a before_filter as well.
can you instruct me if I need to create two devise models . Basically in my app there are 2 users. One are typical users that ask questions and the other are expert users that answer the questions posted by the typical users. The expert users account can only be created with approval from developers/admin? I posted a question on stackoverflow -http://stackoverflow.com/qu...
am trying to set up a simple blog with devise.How can i restrict users from editing the profiles of other users. so mush so that if the try something users/edit.3, there will be redirected to somewhere with flash message. Thanks
I have used Devise for authentication and it worked fine with one devise User model.
Now, I have 2 to 3 User models using 2 or 3 separate Devise functionalities.
I have having a problem with the update functionality of the second Devise. The original first one works well, but for the second one, I get this error when I click on "update" after updating the user's profile parameters:
The action 'update' could not be found for User2Controller
What does that normally mean?
Hi Chris. Any indications/directions on how to turn the edit profile into a modal like on gorails website? Best
It would been great if we could know how the alert message gets auto removed from the screen?
Join 22,346+ developers who get early access to new screencasts, articles, guides, updates, and more.