0

I am working on a rails application using rails administrate. I have an admin interface with a resource called admin_users that is controlled by devise. Right now, users are really only made in the rails console, and devise was added to allow an omniauth ability on users. On that dashboard, I want an option to create admin_users for additional users I want to invite into the application, as this is easier than doing it from the rails console in production.

I have a controller, Admin::AdminUsersController to handle this functionality to match the dashboard. right now, it lists the current admin_users in the system that have been created from the rails console and that works fine.

Now, I am adding the option to create admin users from the rails administrate interface. However, when filling out the form at admin/admin_users/new, devise seems to intercept the request and seems like it attempts to log me out. Looking in my rails server, here are the logs

app_1  | Started POST "/admin/admin_users" for 192.168.96.1 at 2020-02-25 02:38:41 +0000
app_1  | Cannot render console from 192.168.96.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1
app_1  | Processing by Devise::RegistrationsController#create as HTML
app_1  |   Parameters: {"authenticity_token"=>"LPbT7OCx8upC5ehWIZ1JV/o/UKttciyoThOgi06B4AUw8ve3x/stbjUT7Trvb9u0YMEoyEBobbbni0g7LNWvBg==", "admin_user"=>{"email"=>"test@somemail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "reset_password_token"=>"[FILTERED]", "reset_password_sent_at"=>"[FILTERED]", "remember_created_at"=>""}, "commit"=>"Create Admin user"}
app_1  |   AdminUser Load (0.6ms)  SELECT "admin_users".* FROM "admin_users" WHERE "admin_users"."id" = $1 ORDER BY "admin_users"."id" ASC LIMIT $2  [["id", "2d795b9d-2b6f-4745-a58d-775076100c60"], ["LIMIT", 1]]
app_1  | Redirected to http://localhost:3000/
app_1  | Filter chain halted as :require_no_authentication rendered or redirected
app_1  | Completed 302 Found in 6ms (ActiveRecord: 0.6ms | Allocations: 2088)
app_1  | 
app_1  | 
app_1  | Started GET "/" for 192.168.96.1 at 2020-02-25 02:38:41 +0000
app_1  | Cannot render console from 192.168.96.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1
app_1  | Processing by Rails::WelcomeController#index as HTML
app_1  |   Rendering /usr/local/bundle/gems/railties-6.0.2.1/lib/rails/templates/rails/welcome/index.html.erb
app_1  |   Rendered /usr/local/bundle/gems/railties-6.0.2.1/lib/rails/templates/rails/welcome/index.html.erb (Duration: 3.6ms | Allocations: 201)
app_1  | Completed 200 OK in 6ms (Views: 5.4ms | ActiveRecord: 0.0ms | Allocations: 1004)
app_1  |

And I cannot get the controller to hit my Admin::AdminUsersController#create action. Looking at the logs it looks like it hits my post route at /admin/admin_users, devise intercepts it at Devise::RegistrationsController#create, it gets stopped from Filter chain halted as :require_no_authentication, and then redirects to my root route which is similar to when I logout.

I even added a view to override administrate's default views at app/views/admin/admin_users/new.html.erb to trigger the form to go to the controller action I'm looking for, like so

<section class="main-content__body">
  <%= form_for([namespace, page.resource], :url => url_for(:controller => 'admin/admin_users', :action => 'create'), html: { class: "form" }) do |f| %>
    <% if page.resource.errors.any? %>
      <div id="error_explanation">
        <h2>
          <%= pluralize(page.resource.errors.count, "error") %>
          prohibited this <%= page.resource_name %> from being saved:
        </h2>

        <ul>
          <% page.resource.errors.full_messages.each do |message| %>
            <li class="flash-error"><%= message %></li>
          <% end %>
        </ul>
      </div>
    <% end %>

    <% page.attributes.each do |attribute| -%>
      <div class="field-unit field-unit--<%= attribute.html_class %>">
        <%= render_field attribute, f: f %>
      </div>
    <% end -%>

    <div class="form-actions">
      <%= f.submit %>
    </div>
  <% end %>

</section>

I have also tried adding to my devise_scope :admin_user in my routes like

devise_scope :admin_user do
  post "/admin/admin_users", to: 'admin/admin_users#create'
end

Which didn't do anything.

The functionality I'm looking for is when I am on my admin_users dashboard, to create an admin_user using my Admin::AdminUsersController#create action instead of Devise::RegistrationsController#create action.

Does anyone know what I need to add to enable this?

James N
  • 523
  • 1
  • 8
  • 30
  • I have created an app as you describe, but haven't been able to reproduce the problem. Questions: what version of Rails are you using? What class does `Admin::AdminUsersController` inherit from? (it should be `Admin::ApplicationController`, and in turn `Administrate::ApplicationController`. If instead you inherit from `Devise::RegistrationsController`, you'll have to replicate the functionality from `Administrate::ApplicationController`). Are you able to provide an repo with a reproduction? – pablobm Feb 29 '20 at 19:09

1 Answers1

0

Have you tried with namespace?

namespace :admin do 
  devise_for :users
  # if the above doesn't work 
  # devise_for :admin_users
end

In addition you could try overriding the Administrate base controller like described here: https://stackoverflow.com/a/59824297/1737811 with the necessary fields.

mutantkeyboard
  • 1,614
  • 1
  • 16
  • 44
  • 1
    related to that stackoverflow thread you posted, my dashboard for my `admin_user` resource looks exactly like that one, which is puzzling. In my `routes.rb` I have a `devise_for :admin_users, path: 'admin/admin_users'` above my `namespace :admin`. The problem seems to be when I `post` my form, the `post` is being sent to `Devise::RegistrationsController#create` instead of `Admin::AdminUsersController#create`. from adding in routes, to a custom form hitting the URL, etc, devise still seems to be intercepting my post instead of it going to my Admin::AdminUsersController – James N Feb 25 '20 at 08:34
  • 1
    Hmm. That's very interesting indeed. But did you try`devise_for :admin_users, controllers: {registrations: 'admin/admin_users/registrations`}` as described on their wiki: https://github.com/heartcombo/devise/wiki/Tool:-Generate-and-customize-controllers – mutantkeyboard Feb 25 '20 at 08:39
  • 1
    adding `controllers: { registrations: 'admin/admin_users' }` to my `devise_for :admin_users` in my `routes.rb` worked for me. thanks! – James N Feb 25 '20 at 19:49