Hello,
I want to use Devise for authecation.
The only thing I need is that I as admin can register user with a
password.
If the user looses her/his password then I get a mail and I as admin can
make a new one.
Which modules can I use the best ?
Roelof
On Aug 29, 2014, at 4:24 PM, Roelof W. wrote:
Hello,
I want to use Devise for authecation.
The only thing I need is that I as admin can register user with a password.
If the user looses her/his password then I get a mail and I as admin can make a
new one.Which modules can I use the best ?
Take a look at devise_invitable. That lets you invite a new user to your
site (and if you close off the registration module, then you can’t just
sign up yourself). The user gets to set her own password when she
accepts the invitation mail, and then use the password reset system if
she forgets it later.
Walter
Op zaterdag 30 augustus 2014 07:18:55 UTC+2 schreef Walter Lee D.:
make a new one.
My app does not invite people,
I trying to make a financial app.
The problem is that I have customers which are also a staff member.
Staff members need a password which I will provide but customers will
and
must not log into my app,
Roelof
On Aug 30, 2014, at 3:22 AM, Roelof W. wrote:
If the user looses her/his password then I get a mail and I as admin can make
a new one.
My app does not invite people,I trying to make a financial app.
The problem is that I have customers which are also a staff member.Staff members need a password which I will provide but customers will and must
not log into my app,Roelof
I’m not aware of any authentication design pattern where the user does
not get to set their own password, either through initial registration
or through automated reset later. Why do you want to know their password
at all, even initially? If the word invitation sets you off, think of it
as sending someone their initial account credentials. The first thing
they will do is set their own password, and from then on, it’s just
another account. It doesn’t matter if that account is for a customer or
a staff person.
I’ve used invitable in several applications that had multiple user
levels (authorization) but that’s getting outside of Devise’s wheelhouse
(authentication). Can you widen the frame a little and explain why you
need to set the password for the staff members?
Walter
Op zaterdag 30 augustus 2014 16:52:26 UTC+2 schreef Walter Lee D.:
Hello,
site (and if you close off the registration module, then you can’t justthrough automated reset later. Why do you want to know their password at
What I have in mind is a app for a toy library.
So the customers chooses a plan and get yearly a invoice.
but some customers are work for the toy library.
Later on I will try to implement payments by cash or by bank.
Also later on I will try to implement that we know which customer has
borrowed which toy and when he/she has to bring it bac
Why I need a password for staff members so they can only see which
invoice
is not payed or add a payment.
I do not want that customers can see the financial thing of thier own of
from another person.
All the data in my 'accounting" system is private for staff members.
Maybe your suggestion about invite can work.
Do you have a project where I can look how things are working then ?
Roelof
Op zaterdag 30 augustus 2014 17:05:11 UTC+2 schreef Roelof W.:
On Sat, Aug 30, 2014 at 8:05 AM, Roelof W. [email protected]
wrote:
The only thing I need is that I as admin can register user with a
password.
If the user looses her/his password then I get a mail and I as admin
can make a new one.
Why I need a password for staff members so they can only see which invoice
is not payed or add a payment.
Requiring staff to authenticate makes sense.
Having you set the password for each staff member does not.
For one thing, it doesn’t scale. More importantly, how do you plan
to communicate this password to the person? By email? Extremely
insecure. By phone? In person? Not always convenient.
Enabling each staff member to set/reset their own password is a
far more efficient (and common) pattern.
–
Hassan S. ------------------------ [email protected]
twitter: @hassan
On Sat, Aug 30, 2014 at 9:28 AM, Roelof W. [email protected]
wrote:
Anyone suggestions how I can make it work with invites or another way ?
There are a ton of resources available for using devise. Besides
the README, I’d recommend spending some time here:
Hassan S. ------------------------ [email protected]
twitter: @hassan
I agree generally with the sentiment that self-directed password
resetting (involving email) is generally best practice.
However, I would defend the user experience convenience of having
another way to have their password reset. For example, a company I
worked for had a call center where you could reach customer support
agents. Although there was a password reset on the site, the customer
support agents could also reset someone’s password on the phone (Yes, I
know – this makes them responsible for verifying that the person
calling is really the person whose account it is, and could abused).
On the back-end, I’m pretty sure the code was as simple as
@user.update_attributes(:password => @new_password,
:password_confirmation => @new_password)
OF course, this was called from an Admin controller that only the
customer support agents themselves had access to.
Did you try that in the latest version of Devise? I’m pretty sure it
works technically speaking (leaving aside the question of whether it’s a
good idea).
-Jason
Op zaterdag 30 augustus 2014 18:22:14 UTC+2 schreef Hassan S.:
Why I need a password for staff members so they can only see which
Enabling each staff member to set/reset their own password is a
far more efficient (and common) pattern.–
Hassan S. ------------------------ [email protected]
<javascript:>
Hassan Schroeder | about.me
twitter: @hassan
Oke, So im on the wrong path. That is why I could not make it work.
Anyone suggestions how I can make it work with invites or another way ?
Roelof
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs