You are here
Home > development >

Beginners Guide To Managing User Permissions In Rails Apps

This post shares details about Beginners Guide To Managing User Permissions In Rails Apps and User Roles Management With Devise Gem in ruby on rails. There are lot of available resources on internet about device gem, as this is widely used gem when it come to user management and authentication solution for Rails. This has been used in solidus, sinatra etc. This post mainly focuses on beginer level to advanced level on how to setup devise gem and get going with step by step examples for Rails roles and permissions gem.

Lets dwel into Devise gem.

Introduction

Ruby on Rails follows the DRY Don’t Repeat Yourself principle of software development. which means we don’t write the same piece of code over and over again. User registration, login, and sessions are part of almost every application that we build. so isn’t it will be great if we could just build this functionality for once and use it whenever we want it in a new application.

You might be thinking of generating a model with a username, some other fields, and a password field .generating registration and login views, here the device gem comes into the picture. this will provide you with everything that you need about user authentication.

today I’ll tell you how can you use the device gem in your rails application and save time and energy.

Let’s begin. Create a project first if you haven’t already.

And immediately after, add devise to the gemfile.

gem 'devise'

then run bundle install on the terminal

$ bundle install

once done, we will need to run this other command on the terminal

$ rails generate devise:install

Devise Gem

now you can see it is showing some instructions:

The first one is referring to the mailer settings. For a development environment, you need to specify your default URL. This won’t give you trouble if you are not going to send mail to your users, but let’s copy and paste the line on the development.rb file just in case we need to send mail to our users.

The second point asks us to define a root_url to something. I will leave this for later, you don’t really need anything on the root path of your application for devise to work. This is just the gem reminding you to make a home page.

The third point asks us to ensure we have flash messages on our application.html.erb file. Why? Well, this will let the users know if they are doing something wrong.

Default messages are already included on the devise gem so you don’t have to write them. Just copy and paste what the device shows you on the terminal wherever you want it to be visible.

the last message is for customizing views, we will have to copy the device views and run the following command on the terminal.

Now we can generate our model for user authentication. you can use any name for your model.I’ll use the most generic one ‘User’

$ rails generate devise User

And before we migrate our database, let’s go check the migration file.

Here, you can uncomment the fields you want to use.

Lets migrate the db.you can use

$ rails db:migrate

or

$ rake db:migrate

Either will work. After doing the migration, let’s go check the sign-up form on our app. We haven’t done anything at the moment so we will need to access it manually by typing the route in. First of all, run your server

$ rails server

Now open your browser and go to http://localhost:3000/users/sign_up 

Customizing devise views and adding additional fields to forms.

Now we want to add a name and a check box to our registration form.Lets generate migration for same.

$rails generate migration add_flagv_to_users flagv:boolean name:string

migrate db

rake db:migrate

Add these two fields to both the new and edit files. The edit file, by the way, is for old users who want to change their information, like their email or password.

We will need to update the controller for same.

class ApplicationController < ActionController::Base
    protect_from_forgery with: :exception

    before_action :update_allowed_parameters, if: :devise_controller?

    protected

    def update_allowed_parameters
        devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:name, :email, :password,:flagv)}
        devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:name, :email, :password, :current_password,:flagv)}
    end
end

we are all set up.lets check our registration and edit forms.

Controller filters and helpers :

Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action.change the model name for model name other than user .

before_action :authenticate_user!

To verify if a user is signed in, use the following helper:

user_signed_in?

For the current signed-in user, this helper is available:

current_user

You can access the session for this scope:

user_session

That’s it.you can now continue to your application
Thank you for reading!

Komal Swami
Tech Explorer

Leave a Reply

Top