-
Notifications
You must be signed in to change notification settings - Fork 5.5k
How To: Require admin to activate account before sign_in
Instead of using the confirmable module (to allow users to activate their own accounts), you may want to require an admin or moderator to activate new accounts.
Create a migration as follows (in this case, I'm assuming the model is called User):
$ rails g migration add_approved_to_user approved:boolean
class AddAdminActivationToUsers < ActiveRecord::Migration
def self.up
add_column :users, :approved, :boolean, :default => false, :null => false
add_index :users, :approved
end
def self.down
remove_index :users, :approved
remove_column :users, :approved
end
end
Note: You may want to add approved to your 'attr_accessible' in your user model so that you can do bulk assignment when creating new users.
Then, override the following methods in your model (User.rb):
def active_for_authentication?
super && approved?
end
def inactive_message
if !approved?
:not_approved
else
super # Use whatever other message
end
end
You will need to create an entry for :not_approved in the i18n file, located at config/locales/devise.##.yml
:
devise:
failure:
not_approved: 'Your account has not been approved by your administrator yet.'
You'll want to create a controller method that is admin-accessible only, that lists the unapproved users and provides a simple way to approve them.
I added a simple link in my index.html.haml page to filter the results to show 'Users awaiting approval'
%h1 Users
= link_to "All Users", :action => "index"
|
= link_to "Users awaiting approval", :action => "index", :approved => "false"
%table
- @users.each do |user|
%tr
%td= user.email
%td= user.approved
%td= link_to "Edit", edit_user_path(user)
Then in my users controller I have this:
def index
if params[:approved] == "false"
@users = User.find_all_by_approved(false)
else
@users = User.all
end
end
(NOTE: still to come)
In the model (app/model/user.rb):
def self.send_reset_password_instructions(attributes={})
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
if !recoverable.approved?
recoverable.errors[:base] << I18n.t("devise.failure.not_approved")
elsif recoverable.persisted?
recoverable.send_reset_password_instructions
end
recoverable
end