-
Notifications
You must be signed in to change notification settings - Fork 5.5k
How To: Set up devise as a single user system
Rational: Some projects might come across the need for an authentication solution to which devise is supremely suited for-- but without the need (or want) to have public viewers trying to register.
The example of a private weblog comes to mind, so we will use it as an example. This, along with How to: add an admin role (Especially using Option 2 of just using an :admin attribute), and lastly How To: Restrict access to specific actions gives a pretty robust authentication and authorization abilities to your app/website in mere minutes.
In general, you want the drop-in functionality devise give us, sans "allowing the general public to register". You could Require admin to activate account before sign in, but that's only dealing with the issue after they have registered. Same issue comes with just hiding the links to the pages you are trying to block.
Depending on how you deploy out your application, you may wish to create the sole user before you make the needed changes. I'll leave that to the reader how they want to do it, but most likely it will be via rails console
or via a migration file, if not done in development before you remove the functionality.
Alter the devise_for
line in routes.rb to skip the registration controller
devise_for :users, :skip => :registrations
Since the base devise controllers (and views) assume you have registrations enabled, you'll have to override the default views to not show links to the :sign_up route (in particular). Otherwise, the log in page will throw errors about the routes we skipped in step 1 not existing. In a terminal:
mkdir app/views/devise
mkdir app/views/devise/shared
touch app/views/devise/shared/_links.html.erb
You may wish to keep the link to the forgot_password functionality (in case you do forget your password), in which case just add the following to _links.html.erb
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to "Forgot your password?", new_password_path(resource_name) %>
<% end -%>
Thats It.
The /users/sign_in path still gives you a login form, and /users/sign_out still logs you out.
You can add this to you application.html.erb to make some quick and easy links.
<% if user_signed_in? %>
<%= link_to('logout', destroy_user_session_path) %>
<% else %>
<%= link_to('login', new_user_session_path) %>
<% end %>