How to soft delete user with Devise
I could advise overriding destroy method on your User model to simply do update_attribute(:deleted_at, Time.current) (instead of actually destroying), but this deviation from standard API could become burdensome in the future, so here's how to modify the controller.
Devise has a bunch of default controllers out of the box. The best way to customize them is to create your own controller inheriting the corresponding devise controller. In this case we are talking about Devise::RegistrationsController — which is easily recognized by looking at source. So create a new controller.
class RegistrationsController < Devise::RegistrationsController
end
Now we have our own controller fully inheriting all the devise-provided logic. Next step is to tell devise to use it instead of the default one. In your routes you have devise_for line. It should be changed to include registrations controller.
devise_for :users, :controllers => { :registrations => 'registrations' }
This seems strange, but it makes sense because by default it's 'devise/registrations', not simply 'registrations'.
Next step is to override the destroy action in registrations controller. When you use registration_path(:user), :method => :delete — that's where it links. To destroy action of registrations controller.
Currently devise does the following.
def destroy
resource.destroy
set_flash_message :notice, :destroyed
sign_out_and_redirect(self.resource)
end
We can instead use this code. First let's add new method to User model.
class User < ActiveRecord::Base
def soft_delete
# assuming you have deleted_at column added already
update_attribute(:deleted_at, Time.current)
end
end
# Use this for Devise 2.1.0 and newer versions
class RegistrationsController < Devise::RegistrationsController
def destroy
resource.soft_delete
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
set_flash_message :notice, :destroyed if is_navigational_format?
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
end
end
# Use this for older Devise versions
class RegistrationsController < Devise::RegistrationsController
def destroy
resource.soft_delete
set_flash_message :notice, :destroyed
sign_out_and_redirect(resource)
end
end
Now you should be all set. Use scopes to filter out deleted users.
customizing Devise's authenticate and current_user methods to work with soft delete / acts as paranoid
Thanks to a tip from the Devise group, it turns out I needed to override the serialize_from_session method, which is inside the authenticatable module and looks like this:
def serialize_from_session(key, salt)
record = to_adapter.get(key)
record if record && record.authenticatable_salt == salt
end
I'd been trying with no success to override modules using initializers (I was trying to override existing strategies, and also to try writing a new one for warden); but I kept getting weird name errors. I still haven't figured that out. However, with the tip, I went ahead and overrode the method inside my User model. Since I don't foresee using some other resource, I didn't mind just editing it like this. The code was just:
def self.serialize_from_session(key, salt)
record = with_deleted.find(key).first
record if record && record.authenticatable_salt == salt
end
This skips the to_adapter.get method altogether (which, to anyone interested, is in orm_adapter, not devise; this took me awhile to find as I was thinking I needed to override this). This probably isn't the cleanest way to do this, but it works well enough for me. And even if I do have a different resource, this should only override the User resource, so I think everything would work fine otherwise.
If problems crop up, I'll add them here. If not, hopefully this helps someone in some way. Certainly took me long enough to get to the bottom of!
Preventing user deletion in Ruby On Rails and Devise Application
To have such customization. I believe that you will have to overwrite the devise registrations controller.
The good news is that is not hard. all you have to do is generate a new controller on your app that will be the new registration controller for that user. for example.
bundle exec rails generate controller users/registrations
It will have to inherit from Devise:RegistrationsController
class Users::RegistrationsController < Devise::RegistrationsController
end
lastly you will have to reference this controller as the new registration controller at your routes.rb file just like the devise page says
devise_for :users, controllers: { registrations: "users/registrations"}
now you can implement your custom rule for that resource. i.e
class Users::RegistrationsController < Devise::RegistrationsController
def destroy
if resource.didsomething
redirect_to root_path, flash: { error: "You can't delete your account" }
else
super
end
end
end
the method above is overwriting the default destruction method of devise and calling the original one only if the condition is not met.
how to delete users on devise as an admin
You have to create a controller (or an action in a exsisting controller )to manage the user model. try to look here , strip out the cancan part.
have a nice day!
Related Topics
How to Automate Chrome Request Blocking Using Selenium-Webdriver for Ruby
Set Attribute Dynamically of Ruby Object
Why Does Array.Slice Behave Differently for (Length, N)
Is There an Expect Equivalent Gem for Ruby
Prevent Rails Test from Deleting Seed Data
Installing Jekyll on Ubuntu 14.04
Is It Possible for Rspec to Expect Change in Two Tables
How to Prevent Nokogiri from Adding <Doctype> Tags
Dynamically Set Local Variables in Ruby
Change the Binding of a Proc in Ruby
How to Debug in Rubymine 4.5 Using Ruby 1.9.3
Using Ruby Convert Numbers to Words
Project Euler 1:Find the Sum of All the Multiples of 3 or 5 Below 1000
Errno::Econnrefused: Connection Refused - Connect(2) for Action Mailer
Is There a Built-In Binary-Search in Ruby
Typing 'Rails Console' Doesn't Start