Search code examples
ruby-on-rails-3deviseancestry

How to let registred users register other users with Devise?

I am creating a informationsystem for a friend of mine, where (already) registered users can register other users for use within the system. The already registered user must also act as the 'parent' of the newly registered user (which is the child). On a index page, the registered user can see the information of the users he/she registered. I already have written some code. However, when a registred user wants to register another user I get the following message from Devise: "You are already signed in." Also, the parent_id is currently not saved in the newly registred user.

My questions are:

  • How can I modify my RegistrationController#create method so that the parent_id is stored in the newly created user?
  • How can I modify Devise so that loggin in users, can register new users?

I am using Devise for registration/confirmation etc. The Ancestry gem I'm using for the parent-child relationship.

I already created my own RegistrationsController: class Devise::Registrations::RegistrationsController < Devise::RegistrationsController

  def new
    super
  end

  def create
    super
  end

  def update
    super
  end

  def index
    @user = current_user
  end
end

Registrations#new.html.erb file:

<% title "Owner registreren" %>

<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
  <%= devise_error_messages! %>

  <%= f.hidden_field :parent_id %>

  <div><%= f.label :email, "Email adres" %><br />
  <%= f.email_field :email %></div>

  <div><%= f.label :password, "Wachtwoord" %><br />
  <%= f.password_field :password %></div>

  <div><%= f.label :password_confirmation, "Wachtwoord (bevestiging)" %><br />
  <%= f.password_field :password_confirmation %></div>

  <div><%= f.submit "Registreer" %></div>
<% end %>

<%= render :partial => "devise/shared/links" %>

Registrations#index.html.erb file:

<% title "Geregistreerde owners" %>

<% if @user.blank? || !@user.has_children? %>
    <p>U heeft geen owners geregistreerd</p>
<% else %>
    <table>
        <tr>
            <th>Email adres</th>
        </tr>
        <% for user in @user.children %>
            <tr>
                <td><%= child.email %></td>
                <td><%= link_to "Weergeven", child %></td>
                <td><%= link_to "Bewerken", edit_user_registration_path(user) %></td>
                <td><%= link_to "Verwijderen", product, :confirm => 'Weet u het zeker?', :method => :delete %></td>
            </tr>
        <% end %>
    </table>
<% end %>

<p><%= link_to "Nieuwe owner registreren", new_user_registration_path %></p>
Solution

  • You don't want to pass in a parent_id value from your form to the controller because that's not very secure (could be changed by simply editing the html).

    In the create action of your custom controller, before your call to super, add this:

    params[:user][:parent_id] = current_user.id if current_user

    And, assuming you have your associations properly set up, it should work.