How to Ban/Block Users with Devise for Rails

What is the best way to ban/block users with Devise for Rails?

I would do it like this:

def after_sign_in_path_for(resource)
  if resource.is_a?(User) && resource.banned?
    sign_out resource
    banned_user_path
  else
   super
  end
end

Rails + Devise - Is there a way to BAN a user so they can't login or reset their password?

I just implemented this in my project myself. What I did was similar to Kleber above, I defined this in my app/controllers/sessions_controller.rb (overriding Devise)...

class SessionsController < Devise::SessionsController

protected

  def after_sign_in_path_for(resource)
    if resource.is_a?(User) && resource.banned?
      sign_out resource
      flash[:error] = "This account has been suspended for violation of...."
      root_path
    else
      super
    end
   end

end

And then I added a boolean column to Users called 'banned,' so the moderators check the checkbox when editing the user in the backend, and the boolean will return true.

But there was one flaw...if a user was already logged in and then banned, they still had access to doing stuff on the site (comments, etc) at least until their session expired or they logged out. So I did this in the app/controllers/application_controller.rb...

class ApplicationController < ActionController::Base
  before_filter :banned?

  def banned?
    if current_user.present? && current_user.banned?
      sign_out current_user
      flash[:error] = "This account has been suspended...."
      root_path
    end
  end
end

That'll automatically log them out if a ban is detected. Anyway, not sure this whole thing is the "best" way to factor the whole thing as I'm newer to Rails, but the whole thing works for me and hope it will at least give you a good start.

Best way to implement ban system for rails app

I would go the simplest way : just get a boolean "blocked" on your User table. Then define something like :

class User 
  def block(other_user)
    if(can_block? other_user)
      other_user.block = true
      other_user.save!
    end
  end

  def can_block?(other_user)
    # Your logic using the roles.
  end
end

Straightforward, but I like it that way.

Devise - How do I forbid certain users from signing in?

Do it like this:

Create a column called is_active for the User model.

Then add the code below to the User model:

class User < ActiveRecord::Base
  #this method is called by devise to check for "active" state of the model
  def active_for_authentication?
    #remember to call the super
    #then put our own check to determine "active" state using 
    #our own "is_active" column
    super and self.is_active?
  end
end

UPDATE

As Matt Huggins notes, the method is now called active_for_authentication? (Documentation)

How can I block a user on my website from going to Rails_admin panel URL?

Their docs describe this use case:

Authorization can be added using the authorize_with method. If you pass a block it will be triggered through a before_action on every action in Rails Admin.

RailsAdmin.config do |config|
  config.authorize_with do
    redirect_to main_app.root_path unless current_user.is_admin?
  end
end

This is set up in config/initializers/rails_admin.rb

Further Explanation

As mentioned in the docs, this triggers a before_action call with the passed block before every RailsAdmin action. You can imagine it like this

before_action :authorize_admin

def authorize_admin
  redirect_to main_app.root_path unless current_user.is_admin?
end

It is similar to adding a before_action trigger to your ApplicationController - just that it automatically only triggers with RailsAdmin actions.

How to block mail.ru and 163.com emails from signing up (Devise + Rails 4)

just drop this in somewhere, you can leave your validations as-is.

class User < ActiveRecord::Base

EXCLUDE_DOMAINS = %w{163.com mail.ru}

before_validation do
  domains = EXCLUDE_DOMAINS.join('|')
  pattern = %r{@#{domains}$}
  if matched_domain = pattern.match(self.email)
    self.errors.add(:email, "can't be #{matched_domain}")
  end
end