Ruby on Rails

Op zaterdag 30 augustus 2014 16:52:26 UTC+2 schreef Walter Lee Davis:

On Aug 30, 2014, at 3:22 AM, Roelof Wobben wrote:

>
>
> Op zaterdag 30 augustus 2014 07:18:55 UTC+2 schreef Walter Lee Davis:
>
> On Aug 29, 2014, at 4:24 PM, Roelof Wobben wrote:
>
> > Hello,
> >
> > I want to use Devise for authecation.
> > The only thing I need is that I as admin can register user with a password.
> > If the user looses her/his password then I get a mail and I as admin can make a new one.
> >
> > Which modules can I use the best ?
>
> Take a look at devise_invitable. That lets you invite a new user to your site (and if you close off the registration module, then you can't just sign up yourself). The user gets to set her own password when she accepts the invitation mail, and then use the password reset system if she forgets it later.
>
> Walter
>  
>
>
>
> My app does not invite people,
>
> I trying to make a financial app.
> The problem is that I have customers which are also a staff member.
>
> Staff members need a password which I will provide but customers will and must not log into my app,
>
> Roelof

I'm not aware of any authentication design pattern where the user does not get to set their own password, either through initial registration or through automated reset later. Why do you want to know their password at all, even initially? If the word invitation sets you off, think of it as sending someone their initial account credentials. The first thing they will do is set their own password, and from then on, it's just another account. It doesn't matter if that account is for a customer or a staff person.

I've used invitable in several applications that had multiple user levels (authorization) but that's getting outside of Devise's wheelhouse (authentication). Can you widen the frame a little and explain why you need to set the password for the staff members?

What  I have in mind is a app for a toy library.

So the customers chooses a plan and get yearly a invoice.

but some customers are work for the toy library.

Later on I will try to implement payments by cash or by bank.

Also later on I will try to implement that we know which customer has borrowed which toy and when he/she has to bring it bac

Why I need a password for staff members so they can only see which invoice is not payed or add a payment.

I do not want that customers can see the financial thing of thier own of from another person.

All the data in my 'accounting" system is private for staff members.