Devise - How do I forbid certain users from signing in?
Do it like this:
Create a column called is_active for the User model.
Then add the code below to the User model:
class User < ActiveRecord::Base #this method is called by devise to check for "active" state of the model def active_for_authentication? #remember to call the super #then put our own check to determine "active" state using #our own "is_active" column super and self.is_active? endendUPDATE
As Matt Huggins notes, the method is now called active_for_authentication? (Documentation)
Add a column to the User model: allowed_to_log_in.
Then add this to /app/models/user.rb:
def active_for_authentication? super and self.allowed_to_log_in?endIf you want to inform the user with a custom message you can add this as well:
def inactive_message "You are not allowed to log in."endI think that is quite important because the standard message from Devise says:
"Your account is not activated yet."
That is confusing for users and the real reason is that you have "banned" them from logging in.
You want to do authorization, not authentication. Devise only does authetication, though.
I.e. devise only tells you that a user is who he says he is.
You need something else to forbid him from using the site.
Authorization is a popular topic and there's a whole list of gems that can help you with it:
http://ruby-toolbox.com/categories/rails_authorization.html
Take your pick.