From 12b5f08685036885036fc9bb093a70019e7212ba Mon Sep 17 00:00:00 2001 From: Damien Le Thiec Date: Thu, 8 Aug 2024 17:07:39 +0200 Subject: [PATCH] Add caution message for working with roles with devise invitable --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2c89102d..dc2e8dc7 100644 --- a/README.md +++ b/README.md @@ -312,6 +312,8 @@ authentication keys (like `email`) Here is an example of the steps needed to add a first_name, last_name and role to invited Users. +Caution: Adding roles requires additional security measures, such as preventing a standard user from inviting an administrator. Implement appropriate access controls to ensure system security. + ### Configuring your application controller to accept :first_name, :last_name, and :role for a User Note: These modifications can be applied directly in the InvitationsController if not needed for other Devise actions.