Beginners Guide To Managing User Permissions In Rails Apps development by Komal Swami - May 27, 20220 This post shares details about Beginners Guide To Managing User Permissions In Rails Apps and User Roles Management With Devise Gem in ruby on rails. There are lot of available resources on internet about device gem, as this is widely used gem when it come to user management and authentication solution for Rails. This has been used in solidus, sinatra etc. This post mainly focuses on beginer level to advanced level on how to setup devise gem and get going with step by step examples for Rails roles and permissions gem. Lets dwel into Devise gem. Contents Introduction Ruby on Rails follows the DRY Don’t Repeat Yourself principle of software development. which means we don’t write the same piece of code over and over again. User registration, login, and sessions are part of almost every application that we build. so isn’t it will be great if we could just build this functionality for once and use it whenever we want it in a new application. You might be thinking of generating a model with a username, some other fields, and a password field .generating registration and login views, here the device gem comes into the picture. this will provide you with everything that you need about user authentication. today I’ll tell you how can you use the device gem in your rails application and save time and energy. Let’s begin. Create a project first if you haven’t already. And immediately after, add devise to the gemfile. gem 'devise' then run bundle install on the terminal $ bundle install once done, we will need to run this other command on the terminal $ rails generate devise:install Devise Gem now you can see it is showing some instructions: The first one is referring to the mailer settings. For a development environment, you need to specify your default URL. This won’t give you trouble if you are not going to send mail to your users, but let’s copy and paste the line on the development.rb file just in case we need to send mail to our users. The second point asks us to define a root_url to something. I will leave this for later, you don’t really need anything on the root path of your application for devise to work. This is just the gem reminding you to make a home page. The third point asks us to ensure we have flash messages on our application.html.erb file. Why? Well, this will let the users know if they are doing something wrong. Default messages are already included on the devise gem so you don’t have to write them. Just copy and paste what the device shows you on the terminal wherever you want it to be visible. the last message is for customizing views, we will have to copy the device views and run the following command on the terminal. Now we can generate our model for user authentication. you can use any name for your model.I’ll use the most generic one ‘User’ $ rails generate devise User And before we migrate our database, let’s go check the migration file. Here, you can uncomment the fields you want to use. Lets migrate the db.you can use $ rails db:migrate or $ rake db:migrate Either will work. After doing the migration, let’s go check the sign-up form on our app. We haven’t done anything at the moment so we will need to access it manually by typing the route in. First of all, run your server $ rails server Now open your browser and go to http://localhost:3000/users/sign_up Customizing devise views and adding additional fields to forms. Now we want to add a name and a check box to our registration form.Lets generate migration for same. $rails generate migration add_flagv_to_users flagv:boolean name:string migrate db rake db:migrate Add these two fields to both the new and edit files. The edit file, by the way, is for old users who want to change their information, like their email or password. We will need to update the controller for same. class ApplicationController < ActionController::Base protect_from_forgery with: :exception before_action :update_allowed_parameters, if: :devise_controller? protected def update_allowed_parameters devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:name, :email, :password,:flagv)} devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:name, :email, :password, :current_password,:flagv)} end end we are all set up.lets check our registration and edit forms. Controller filters and helpers : Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action.change the model name for model name other than user . before_action :authenticate_user! To verify if a user is signed in, use the following helper: user_signed_in? For the current signed-in user, this helper is available: current_user You can access the session for this scope: user_session That’s it.you can now continue to your applicationThank you for reading!