devise_invitable invitations not working

1
votes

I have a Rails 4 application setup with devise and devise_invitable.

My application controller is listed below along with my user invitations controller.

Basically the problem is that my application sends out the invitations using ActionMailer correctly but when the user receives the email and clicks the link to take them to the accept_invitation_url devise tells them that they need to sign in or sign up before continuing. I know it must be a part of the authentication process that I must be missing right here but I can't seem to find where.

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception


  # Make application helpers availble within controllers
  include ApplicationHelper

 # enable_authorization :unless => :devise_controller? # ACl

  before_filter do # ACL work around for attribute mass assignment
    resource = controller_path.singularize.gsub('/', '_').to_sym
    method = "#{resource}_params"
    params[resource] &&= send(method) if respond_to?(method, true)
  end

  rescue_from CanCan::Unauthorized do |exception|
    redirect_to main_app.root_path, :alert => exception.message
  end

  #handling redirection after login basing on the just logged in user role
  def after_sign_in_path_for(user)
    if user.has_role?(:director)
      unless user.organization.nil?
        dashboard_organization_path(user.organization.id) 
      else
        organization_trainings_url
      end
    elsif user.has_role(:user)
      user_path(user)
    elsif user.has_role(:admin)
      organization_trainings_url
    else
      root_url
    end
  end




end

class Users::InvitationsController < Devise::InvitationsController

  before_filter :configure_permitted_parameters, if: :devise_controller?
  load_and_authorize_resource
  # Make application helpers available within controllers
  include ApplicationHelper

  def new
    set_extra_user_info
    super
  end

  def create
    set_extra_user_info
    super
  end

   def update
     if this
      redirect_to root_path
     else
      super
     end
   end

   def accept_resource
     resource = resource_class.accept_invitation!(update_resource_params)
     ## Report accepting invitation to analytics
     Analytics.report('invite.accept', resource.id)
     resource
   end

  protected

  def configure_permitted_parameters

    safe_params = [:first_name, :last_name, :email,
                   :phone, :phone, :dl, :hire_date,
                   :role, :leader_id, :role_ids => []];

    if current_inviter.has_role?(:admin)
      safe_params << :organization_id
    end

    devise_parameter_sanitizer.for(:invite) do |u|
      u.permit(safe_params)
    end



    # Only add some parameters
    devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :phone]
    # Override accepted parameters
    devise_parameter_sanitizer.for(:accept_invitation) do |u|
      u.permit(:password, :password_confirmation, :invitation_token)
    end
  end

end
1
ruby-on-railsrubyruby-on-rails-4devise

1 Answers

0
votes

Oddly enough, this:

if current_inviter.has_role?(:admin)
      safe_params << :organization_id
    end

was the problem line. I'm guessing that since the invitation was trying to log in the new user devise was checking the other users role and that was causing an ACL error. But I'm not 100% sure.