prohibit logins for certain users?

52 views
Skip to first unread message

Scott Johnson

unread,
Oct 14, 2011, 7:52:23 PM10/14/11
to Authlogic
I have a boolean 'enabled' field in my User model. I would like to
prohibit logins for any user whose enabled flag is false.

I've looked through all the config settings I could find in the rdoc
but couldn't see anything like this. Is there a setting in Authlogic
for this or is this something I'd have to code myself?

Mopac Media

unread,
Oct 15, 2011, 11:52:54 AM10/15/11
to auth...@googlegroups.com
I may be wrong, but I don't think authlogic does this, maybe because it's something the app needs to do. Makes it easy to have only one controller that handles logins.

There might be someone who can tell us a better way to do this, but here's a clumsy approach:

class UserSessionsController < ApplicationController
def new
@user_session = UserSession.new
end

def create
@user_session = UserSession.new(params[:user_session])
if @user_session.save
if current_user.enabled
redirect_back_or_default root_url
flash[:notice] = "Login successful!"
else
current_user_session.destroy
flash[:error] = "Sorry, you've been banned from Happyland!"
render :action => root_url
else
flash[:error] = "Login unsuccessful"
render :action => :new
end
end

def destroy
current_user_session.destroy
redirect_back_or_default new_user_session_url
flash[:notice] = "Logout successful!"
end
end

> --
> You received this message because you are subscribed to the Google Groups "Authlogic" group.
> To post to this group, send email to auth...@googlegroups.com.
> To unsubscribe from this group, send email to authlogic+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/authlogic?hl=en.
>

tsdbrown

unread,
Oct 16, 2011, 3:50:49 PM10/16/11
to Authlogic
If you haven't disabled the magic states by setting
disable_magic_states to true you could do this by adding an active?
method to your user model, which would just need to return the boolean
value for your custom enabled field. Authlogic tries to detect the
state of the record before creating the session, and will use your
method if you define it (Note authlogic does not do that for you). If
acitve? (or approved? or confirmed?) return false the session will not
be valid and the user will not be able to login, when active? return
false they see the message "Your account is not active" which of
course you can override.

For more details take a look at the source:

https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/session/magic_states.rb

Hope that's helpful.

mrferrys insane

unread,
Oct 16, 2011, 5:00:29 PM10/16/11
to auth...@googlegroups.com
You could  use CanCan Gem.
 CanCan is a Gem by Ryan Bates, with that Gem you can
create a Roles or Profiles for the users, like : Admin_profile,
 Editor_profile, etc....

https://github.com/ryanb/cancan

2011/10/15 Scott Johnson <sc...@scottjohnson.org>

Scott Johnson

unread,
Oct 17, 2011, 5:34:04 PM10/17/11
to Authlogic
Perfect! This is exactly what I was looking for and it worked like a
charm. Many thanks!

On Oct 16, 12:50 pm, tsdbrown <tsdbr...@gmail.com> wrote:
> If you haven't disabled the magic states by setting
> disable_magic_states to true you could do this by adding an active?
> method to your user model, which would just need to return the boolean
> value for your custom enabled field. Authlogic tries to detect the
> state of the record before creating the session, and will use your
> method if you define it (Note authlogic does not do that for you). If
> acitve? (or approved? or confirmed?) return false the session will not
> be valid and the user will not be able to login, when active? return
> false they see the message "Your account is not active" which of
> course you can override.
>
> For more details take a look at the source:
>
> https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/se...
Reply all
Reply to author
Forward
0 new messages