I'm using devise as registration engine in my rails 3.1 app. How can i prevent users from accessing some pages when they are logged in? I need to disable devise registration and some custom pages? Is there any way to implement this?
Devise automatically handles redirecting logged in users away from the sign in and sign up actions. If you would like to do this for other pages you would need to use controller before filters or an authorization solution such as CanCan.
You could quickly do a controller filter to redirect logged in users like so in a controller:
def SomeController < ApplicationController
before_filter :redirect_logged_in_user, :only => :action_to_prevent
private
def redirect_logged_in_user
redirect_to your_redirect_path if current_user
end
end
Devise is authentication system. To control users access to some pages you need authorization. For example, https://github.com/ryanb/cancan
Related
I am creating a website using rails and I have started using the devise gem. I have added a sign out link to my homepage which works, but I want to route the user back to the login page after they sign out. At this moment after the user signs in they are offered a sign out link which signs them out but they remain at the page. How do I make it so that they are sent back to the login page after they sign out? Thanks.
You can change the redirect path in ApplicationController using Devise's after_sign_out_path_for method...
class ApplicationController < ActionController::Base
private
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
end
I need to check if there is a logged user and of course if the user is an admin. I want to use the current_user and user_signed_in? methods but to use this methods I need to add
before_action :authenticate_user!
in my application controller.
The authentication at this moment works in the admin namespace, I use it for the admin panel and I have that line in my admin_controller that inherit from application_controller. If I add
before_action :authenticate_user!
in the application controller the user is redirected to the login page.
How can I use user_logged_in? without the redirect to the user login / registration page?
I have three possible permissions for a User to be in my Rails app, they are User.is_admin, User.is_school, and User.is_security. Based on the nature of my app I need to have a separate home screen for each of these users that do radically different things, which I have working. The problem that I'm having has to do with how Devise auto redirects to root_path after login for all users, regardless of the permissions I have set.
I generated the Devise Sessions controllers into the Users namespace and I have overwritten it to default to my controller, but now when I try to do a redirect, based on the conditional permissions, I get a DoubleRenderError (The obvious reason being that Devise is redirecting elsewhere when creating the session).
I have tried running it as an after_action and even tried overwriting the after_sign_in_path_for method, as per the direction of the Devise docs on the matter, but I still can't get it working. Any help would be appreciated, thank you!
You can do something like this
class ApplicationController < ActionController::Base
def after_sign_in_path_for(resource)
if resource.role == 'admin'
admin_root_path
else
user_root_path
end
end
end
you can read more about this https://github.com/plataformatec/devise/wiki/How-To:-redirect-to-a-specific-page-on-successful-sign-in
I've been looking for a way to redirect all requests of my app to the sign_in page if the user is not signed in, but I haven't found a way to do it (I could do it verifying a system variable and then redirect_to, but it does sound like the bad way)
I'm using ldap_authenticatable (devise) to authenticate, and then use Cancancan (for Access Control List), is there a way to use those tools (Cancancan) to do this ? , or how should I do it?
Thanks for your time
You can just add before_filter :authenticate_user! to your base ApplicationController. Devise Docs
Devise uses "authenticate_user!" filter to authenticate users. For authenticating users you can do something like this:
before_action :authenticate_user!
It will trigger authentication for all methods and if you want authentication only for some specific actions then you can use only or except options like:
before_action :authenticate_user!, :only => [your actions].
For more detail click here
add
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
in the application controller, this will automatically authenticate the user, if he is not logged in then he will be redirected to the sign_in page automatically
I have a standard devise implementation and throughout other models there seems to be no redirect if the session is expired, leaving the user with a error message.
For example on the user profile page if not logged in it will just show an error because the current_user does not exist.
Do i set in each model stating to authorise. Or a better solution, can I set it in the app controller and do it application wide and simply set any public pages wherever necessary?
If you want a particular controller to check if a user is logged in then you want to use Devise's authenticate_user! function. See example below
class StuffController < ApplicationController
before_filter :authenticate_user!
def index
..... more implementation
end
end
If the user is not logged in they will be redirected to the login form and then to the required page after a successful login
Use a before filter such as before_filter :authenticate_user!. Place this in your application controller. authenticate_user! is a devise helper so if you want custom behavior you can overload the method or simply write your own filter using their user_signed_in? helper method.