devise_invitable邀請不起作用

Question

我有一個使用devise和devise_invitable的Rails 4應用程序設置。

我的應用程序控制器與我的用戶邀請控制器一起在下面列出。

基本上問題在於我的應用程序使用ActionMailer正確發出邀請，但是當用戶收到電子郵件並單擊鏈接將它們帶到accept_invitation_url時，設計告訴他們需要先登錄或註冊才能繼續。我知道它必須是驗證過程的一部分，我必須在這裏丟失，但我似乎無法找到在哪裏。

class ApplicationController < ActionController::Base 
    # Prevent CSRF attacks by raising an exception. 
    # For APIs, you may want to use :null_session instead. 
    protect_from_forgery with: :exception 


    # Make application helpers availble within controllers 
    include ApplicationHelper 

# enable_authorization :unless => :devise_controller? # ACl 

    before_filter do # ACL work around for attribute mass assignment 
    resource = controller_path.singularize.gsub('/', '_').to_sym 
    method = "#{resource}_params" 
    params[resource] &&= send(method) if respond_to?(method, true) 
    end 

    rescue_from CanCan::Unauthorized do |exception| 
    redirect_to main_app.root_path, :alert => exception.message 
    end 

    #handling redirection after login basing on the just logged in user role 
    def after_sign_in_path_for(user) 
    if user.has_role?(:director) 
     unless user.organization.nil? 
     dashboard_organization_path(user.organization.id) 
     else 
     organization_trainings_url 
     end 
    elsif user.has_role(:user) 
     user_path(user) 
    elsif user.has_role(:admin) 
     organization_trainings_url 
    else 
     root_url 
    end 
    end 




end 

class Users::InvitationsController < Devise::InvitationsController 

    before_filter :configure_permitted_parameters, if: :devise_controller? 
    load_and_authorize_resource 
    # Make application helpers available within controllers 
    include ApplicationHelper 

    def new 
    set_extra_user_info 
    super 
    end 

    def create 
    set_extra_user_info 
    super 
    end 

    def update 
    if this 
     redirect_to root_path 
    else 
     super 
    end 
    end 

    def accept_resource 
    resource = resource_class.accept_invitation!(update_resource_params) 
    ## Report accepting invitation to analytics 
    Analytics.report('invite.accept', resource.id) 
    resource 
    end 

    protected 

    def configure_permitted_parameters 

    safe_params = [:first_name, :last_name, :email, 
        :phone, :phone, :dl, :hire_date, 
        :role, :leader_id, :role_ids => []]; 

    if current_inviter.has_role?(:admin) 
     safe_params << :organization_id 
    end 

    devise_parameter_sanitizer.for(:invite) do |u| 
     u.permit(safe_params) 
    end 



    # Only add some parameters 
    devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :phone] 
    # Override accepted parameters 
    devise_parameter_sanitizer.for(:accept_invitation) do |u| 
     u.permit(:password, :password_confirmation, :invitation_token) 
    end 
    end 

end 

Answer 1

奇怪的是，這樣的：

if current_inviter.has_role?(:admin) 
     safe_params << :organization_id 
    end 

是問題行。我猜測，由於邀請是試圖登錄新用戶devise檢查其他用戶角色，並導致ACL錯誤。但我不是100％肯定的。