Devise in Rails 3.1.1, adding an admin user via seed?

I have a sample Rails 3.1.1 app开发者_运维问答lication that I have set devise up to manage the user accounts etc.

I ran the following steps to add an admin attribute to the user table:

$ rails generate migration add_admin_to_user admin:boolean

Added the following to my migration:

class AddAdminToUser < ActiveRecord::Migration
  def self.up
    add_column :users, :admin, :boolean, :default => false
  end

  def self.down
    remove_column :users, :admin
  end
end

I then ran the db:migrate and added the following to my layout file:

<% if current_user.admin? %>
  You are ADMIN.
<%end %>

Then, to add the first admin user I used the following seed file:

puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password'
puts 'New user created: ' << user.name

That worked, so I then adapted it with the admin field:

puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password', :admin => 'true'
puts 'New user created: ' << user.name

The above seed file worked, but the admin flag isn't being shown.

Have I missed something?

Update: model/user/rb

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :name, :email, :password, :password_confirmation, :remember_me
end

Don't add admin to attr_accessible. This could lead to a major security breach. A malicious user could send a PUT request as follows:

put /users/17?admin=1

which would grant user with id 17 admin privileges. The whole point of attr_accessible is to define which attributes are accessible to your model. This one in particular is probably not one you want available.

Instead, I suggest that you create your sample user with a rake file. Place a file (user_data.rake) in lib/tasks with the following and it should do the trick.

namespace :db do
  desc "Fill database with sample data"
  task populate: :environment do
    admin = User.create!(name: "Test User",
                 email: "test@test.com",
                 password: "password",
                 password_confirmation: "password")
    admin.toggle!(:admin)
  end
end

This defines a task db:populate and should be all you need for creating your sample user.

Having already done a db:migrate, just run db:reset, db:populate.

Note the admin.toggle!. That is where the magic happens.

The toggle method should be used with caution since it bypasses callbacks and validations you have defined for your model. In the case I've mentioned, since you are using it from a rake task manually there is no risk that it could be used maliciously in mass-assignment. You can find more information on the toggle method here: http://apidock.com/rails/ActiveRecord/Base/toggle

I agree don't add :admin to attr_accessible, that advice was crazy. As for saneshark, Why create a task when that is the purpose of seed? Just put the toggle inside your db/migrate/seeds.rb file. In your seed file change:

puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password', :admin => 'true'
puts 'New user created: ' << user.name

to:

puts 'SETTING UP DEFAULT USER LOGIN'
user = User.create! :name => 'Test User', :email => 'test@test.com', :password => 'password', :password_confirmation => 'password'
user.toggle!(:admin)
puts 'New user created: ' << user.name