Admin approval to new user accounts

[jason]

Hello,

I'm building a new app and im using devise for authentication. I need
some extended functionality. It should be easy to implement but im new
to ruby and also rails. The thing is, after a user sign up and confirm
his/her email, admin must be approve their account (Or after
transaction complete).

I'll be glad if someone give me an idea about implement this kind of
functionality.

Thanks!

[Carlos A. da Silva]

Hello,

You'd probably need an attribute like :approved in your users table,
false by default, and then you can override a class method Devise
provides called find_for_authentication, something like:

def self.find_for_authentication(conditions={})
conditions[:approved] = true
find(:first, :conditions => conditions)
end

This way if your user is not approved, it won't be able to
authenticate.

[José Valim]

You could also overwrite the strategy, so it would set the proper error message.

--
José Valim

Director of Engineering - Plataforma Tecnologia
http://blog.plataformatec.com.br/

[kd]

José, thanks for the reply.

So, the strategy is authenticatable if im not wrong.
By default, devise sets error msg :invalid after a failed login.
When approved = false, either password is correct or wrong, it also
sets :invalid.
How can i add a proper error msg when user email&pass is true but his/
her account disabled for log in?

I'll be glad if anyone give me a clue about to implement this idea.

Thanks

[José Valim]

Hrm, actually you would need to overwrite the authenticatable strategy methods.

We should actually provide a better way to do that though. I will open a ticket and put more thoughts into it.

[José Valim]

Ok, after thinking a little, I can suggest a better option, just
create a Devise hook which has the same code as the confirmation hook
in devise/hooks/confirmable.rb.

The hook is called whenever the user is retrieved from session and
it's a better approach because it allows the Administrator to activate
and deactivate any account at any time and the user will be
immediately signed out.

If you just check the active? on sign in, after the user is signed in,
you cannot sign him out anymore.

You can have this same behavior using before_filters in your
controllers. Just choose the one which pleases you the most. :)

[José Valim]

Just pushed a new commit. I still haven't release a gem but you should be able to use it vendored.

It extracted Activatable from Confirmable, so you can have everything working  overwriting active? and inactive_message. If you have any doubts, feel free to ask!

Regards!

[kd]

Awesome!
Thanks a lot José.

Now im able to extend this strategy like confirmable right?
Like sending email after account activation or the opposite

[kd]

Wow thats nice!

I added some methods to activatable, like activate account, send user
an email to tell his/her account is activated and so on.
Im not using confirmable and i dont think that i need it but,
activatable includes to confirmable.
So that means i cant use confirmable methods anymore right?

I just tried to call "send_confirmation_instructions" to just see if
its working but what i saw is a NoMethodError.

[José Valim]

Activatable is a subset of Confirmable, it allows you to control if your users can sign in or not, but does not say anything about confirmation e-mails and so on (so such methods are not available). Fortunately, you can add them on your own.

You can use Activatable + Confirmable, but it's complicated, you would need to overwrite active? and inactive_message and call super depending on the scenario. I do not recommend it. :)

[kd]

I dont need confirmable (at least right now, but i have no idea what
im going to do when i need it) So for now activatable is exactly what
i need. I added some methods to activatable like activate!, send
activation email etc. Afterwards I just wanted to check that
confirmable still working but i saw it weren't. So no worries:)

Thanks for your help and also for Devise