What is the best way to ban/block users with Devise for Rails?
I would do it like this:
def after_sign_in_path_for(resource)
if resource.is_a?(User) && resource.banned?
sign_out resource
banned_user_path
else
super
end
end
Rails + Devise - Is there a way to BAN a user so they can't login or reset their password?
I just implemented this in my project myself. What I did was similar to Kleber above, I defined this in my app/controllers/sessions_controller.rb (overriding Devise)...
class SessionsController < Devise::SessionsController
protected
def after_sign_in_path_for(resource)
if resource.is_a?(User) && resource.banned?
sign_out resource
flash[:error] = "This account has been suspended for violation of...."
root_path
else
super
end
end
end
And then I added a boolean column to Users called 'banned,' so the moderators check the checkbox when editing the user in the backend, and the boolean will return true.
But there was one flaw...if a user was already logged in and then banned, they still had access to doing stuff on the site (comments, etc) at least until their session expired or they logged out. So I did this in the app/controllers/application_controller.rb...
class ApplicationController < ActionController::Base
before_filter :banned?
def banned?
if current_user.present? && current_user.banned?
sign_out current_user
flash[:error] = "This account has been suspended...."
root_path
end
end
end
That'll automatically log them out if a ban is detected. Anyway, not sure this whole thing is the "best" way to factor the whole thing as I'm newer to Rails, but the whole thing works for me and hope it will at least give you a good start.
Best way to implement ban system for rails app
I would go the simplest way : just get a boolean "blocked" on your User table. Then define something like :
class User
def block(other_user)
if(can_block? other_user)
other_user.block = true
other_user.save!
end
end
def can_block?(other_user)
# Your logic using the roles.
end
end
Straightforward, but I like it that way.
Devise - How do I forbid certain users from signing in?
Do it like this:
Create a column called is_active
for the User
model.
Then add the code below to the User
model:
class User < ActiveRecord::Base
#this method is called by devise to check for "active" state of the model
def active_for_authentication?
#remember to call the super
#then put our own check to determine "active" state using
#our own "is_active" column
super and self.is_active?
end
end
UPDATE
As Matt Huggins notes, the method is now called active_for_authentication?
(Documentation)
How can I block a user on my website from going to Rails_admin panel URL?
Their docs describe this use case:
Authorization can be added using the authorize_with method. If you pass a block it will be triggered through a before_action on every action in Rails Admin.
RailsAdmin.config do |config|
config.authorize_with do
redirect_to main_app.root_path unless current_user.is_admin?
end
end
This is set up in config/initializers/rails_admin.rb
Further Explanation
As mentioned in the docs, this triggers a before_action
call with the passed block before every RailsAdmin action. You can imagine it like this
before_action :authorize_admin
def authorize_admin
redirect_to main_app.root_path unless current_user.is_admin?
end
It is similar to adding a before_action
trigger to your ApplicationController - just that it automatically only triggers with RailsAdmin actions.
How to block mail.ru and 163.com emails from signing up (Devise + Rails 4)
just drop this in somewhere, you can leave your validations as-is.
class User < ActiveRecord::Base
EXCLUDE_DOMAINS = %w{163.com mail.ru}
before_validation do
domains = EXCLUDE_DOMAINS.join('|')
pattern = %r{@#{domains}$}
if matched_domain = pattern.match(self.email)
self.errors.add(:email, "can't be #{matched_domain}")
end
end
Related Topics
Remove Substring from the String
Rspec Allow/Expect VS Just Expect/And_Return
Finding What Is Common to Two Arrays
How to Get the Number of Days in a Given Month in Ruby, Accounting for Year
If Java People Go to Scala, C# Go to F#, Where Do Ruby People Go for Functional Nirvana
What's the Difference Between Request.Remote_Ip and Request.Ip in Rails
Manually Retry Job in Delayed_Job
Passing a Hash to a Function ( *Args ) and Its Meaning
How to Upgrade to the Current Version of Ruby (2.2.3) on Os X V10.6.8
Stop Rails Console from Printing Out the Object at the End of a Loop
What's the Opposite of Chr() in Ruby
Attr_Accessor on Class Variables
God VS. Monit for Process Monitoring
Failed to Build Gem Native Extension When Install Redcloth-4.2.9 Install Linux