devise_invitable邀请不起作用

Question

我有一个使用devise和devise_invitable的Rails 4应用程序设置。

我的应用程序控制器与我的用户邀请控制器一起在下面列出。

基本上问题在于我的应用程序使用ActionMailer正确发出邀请，但是当用户收到电子邮件并单击链接将它们带到accept_invitation_url时，设计告诉他们需要先登录或注册才能继续。我知道它必须是验证过程的一部分，我必须在这里丢失，但我似乎无法找到在哪里。

class ApplicationController < ActionController::Base 
    # Prevent CSRF attacks by raising an exception. 
    # For APIs, you may want to use :null_session instead. 
    protect_from_forgery with: :exception 


    # Make application helpers availble within controllers 
    include ApplicationHelper 

# enable_authorization :unless => :devise_controller? # ACl 

    before_filter do # ACL work around for attribute mass assignment 
    resource = controller_path.singularize.gsub('/', '_').to_sym 
    method = "#{resource}_params" 
    params[resource] &&= send(method) if respond_to?(method, true) 
    end 

    rescue_from CanCan::Unauthorized do |exception| 
    redirect_to main_app.root_path, :alert => exception.message 
    end 

    #handling redirection after login basing on the just logged in user role 
    def after_sign_in_path_for(user) 
    if user.has_role?(:director) 
     unless user.organization.nil? 
     dashboard_organization_path(user.organization.id) 
     else 
     organization_trainings_url 
     end 
    elsif user.has_role(:user) 
     user_path(user) 
    elsif user.has_role(:admin) 
     organization_trainings_url 
    else 
     root_url 
    end 
    end 




end 

class Users::InvitationsController < Devise::InvitationsController 

    before_filter :configure_permitted_parameters, if: :devise_controller? 
    load_and_authorize_resource 
    # Make application helpers available within controllers 
    include ApplicationHelper 

    def new 
    set_extra_user_info 
    super 
    end 

    def create 
    set_extra_user_info 
    super 
    end 

    def update 
    if this 
     redirect_to root_path 
    else 
     super 
    end 
    end 

    def accept_resource 
    resource = resource_class.accept_invitation!(update_resource_params) 
    ## Report accepting invitation to analytics 
    Analytics.report('invite.accept', resource.id) 
    resource 
    end 

    protected 

    def configure_permitted_parameters 

    safe_params = [:first_name, :last_name, :email, 
        :phone, :phone, :dl, :hire_date, 
        :role, :leader_id, :role_ids => []]; 

    if current_inviter.has_role?(:admin) 
     safe_params << :organization_id 
    end 

    devise_parameter_sanitizer.for(:invite) do |u| 
     u.permit(safe_params) 
    end 



    # Only add some parameters 
    devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :phone] 
    # Override accepted parameters 
    devise_parameter_sanitizer.for(:accept_invitation) do |u| 
     u.permit(:password, :password_confirmation, :invitation_token) 
    end 
    end 

end 

Answer 1

奇怪的是，这样的：

if current_inviter.has_role?(:admin) 
     safe_params << :organization_id 
    end 

是问题行。我猜测，由于邀请是试图登录新用户devise检查其他用户角色，并导致ACL错误。但我不是100％肯定的。