3

while doing admin work, i'd like to disable user logins -- is there some way to use devise for this -- I don't THINK this is suitable for rolify -- because this is a temporary disablement -- thanks in advance for any help, rick

user2155272
  • 63
  • 7
  • Hi Rick, do you want to keep access for the admin or do you want simply every user disabled? – smile2day Oct 16 '15 at 17:37
  • keep access for the admin -- i notice the turnout gem -- but that has to be run from the command line -- hoping for something like the drupal maintenance mode. – user2155272 Oct 16 '15 at 18:06

3 Answers3

1

Here's what I'd do:

1. Create a method for your User model. It could be something like active, or able_to_login.

2. Set this attribute to :boolean.

3. Use rails console. Use the console to set the active method to true or false, enabling or disabling your users to access your application:

user = User.all
   user.each do |u|
     u.active = false # or
     u.able_to_login = false
     u.save
   end

I don't think this is the best method, but it should work without installing another gem or heavy code.

Vinicius Martinson
  • 95
  • 10
1

In your /models/user.rb add this method

def active_for_authentication? 
  super && is_admin?
end

def is_admin?
  # returns true if user is admin
end

This is the "Devise way" of doing this :)

Hassan Ahmed
  • 168
  • 2
  • 9
  • I'm not sure why people recommend putting this feature on the user object. I created a maintenance object -- only editable by the admin user -- before logging check for existence of a maintenance object -- and not allow if it exists. – user2155272 Oct 21 '15 at 22:27
1

Back-End

If you wanted to create a "maintenance" mode, you'll be best doing something like this:

#app/models/user.rb
class User < ActiveRecord::Base
end

#app/models/admin.rb
class Admin < User
   def maintainance!
     self.toggle! :maintainance
   end
end

This will need a maintenance column in the users table, and you'll have to add a type column in the users table, too.

You could get away with keeping this in the User model, however, you'd need some conditions to determine whether the user is an admin. Since you didn't specify how you're differentiating, above is how we do it.

--

You'd be able to call it like this:

#app/controllers/users_controller.rb
class SettingsController < ApplicationController
   before_action :authenticate_user!
   def maintenance
      current_user.maintenance! #-> toggles so you'll just be able to call this as you need.
   end
end

#config/routes.rb
resources :settings, only: [] do
    put :maintenance #-> url.com/settings/maintenance (considering current_user present)
end

This will allow you to set the "maintenance" mode through your user settings area. If you don't have one, you'll be able to use the above code to get it working.

Front-End

With the backend in place, you'll be able to then manage the front-end.

To do this, you'll need a helper to determine if any user has set the "maintenance" mode...

#app/helpers/application_helper.rb
class ApplicationHelper
   def maintenance_mode?
      Admin.exists? maintenance: true
   end
end

This will allow you to use this helper to determine whether you should allow Devise to accept logins or not:

#app/views/devise/sessions/new.html.erb
<% unless maintenance_mode? %>
  ... devise form ...
<% end %>

The helper will execute a DB request, but keeping it in the devise areas only (IE it's not "site wide") should make it okay.

#app/controllers/devise/sessions_controller.rb
class SessionsController < Devise::SessionsController
   before_action :check_maintenance

   private

   def check_maintenance 
       redirect_to root_path, notice: "Sorry, maintenance mode is in effect; no logins." if maintenance_mode?
   end
end

This will prevent any controller-based actions from firing.

Finally, if you want to get rid of any logged-in users, you'll need to do something quirky, like resetting the sessions or something similar:

Community
  • 1
  • 1
Richard Peck
  • 76,116
  • 9
  • 93
  • 147
  • thanks! I'll give this a try on Monday -- i have already created an 'admin' flag on users to indicate whether they have admin permissions -- this all looks good. thanks! – user2155272 Oct 17 '15 at 15:46
  • 1
    This worked -- I was getting a circular dependency though for SessionsController < Devise::SessionsController so i renamed that MaintSessionsController, put it in the controllers directory, not controllers/devise, and put this into config.rb: devise_for :users, controllers: {registrations: "registrations", sessions: "maint_sessions" } – user2155272 Oct 20 '15 at 18:02