What would be the best way to allow a logged-in user only access to a certain controller#action if condition X is met?
- for example a user has deactivated his account ( user.is_deleted == true )
- if the user logs in I want to redirect him to /reactivate
- if the user tried any other url like /profiles /search it should redirect to /reactivate
I have tried before_filters in applicationcontroller with exceptions for the login and logout methods but they don’t work correctly messup with other actions so im really looking for a clean way to do this, anyone a suggestion?
Currently im using the
def after_sign_in_path_for(resource)
@user = User.where(:id => current_user.id).first
if @user.is_deleted == true
"/reactivate"
end
end
BUT *this only works on user login*
afterwards they can just do someting like /home /search etc
So i want to “lock-down” the app. I have thought perhaps instead of custom code one would need to do this with something like can can.
Do you know a working maintainable clean way to do this?
EDIT:
Did something like this ( you see to messy and breaks )
def welcome_redirect
if user_signed_in?
if not current_user.welcome == 0
if not params[:controller] == "home" && params[:action] == "welcome"
if not params[:controller] == "modal"
if not params[:controller] == "profiles"
redirect_to profiles_path
end
end
end
end
end
end
EDIT 2:
This seems to work:
def ensure_account_not_deleted
if user_signed_in?
@user = User.where(:id => current_user.id).first
if params[:controller] != "users" && params[:action] != "reactivate" && @user.is_deleted == true
redirect_to '/reactivate'
end
end
end
- another before filter was messing with some values causing this not to work I just found out ! thx all for the suggestions leading to this solution *
What’s wrong with:
EDIT:
I wrote the code to exclude the reactivation from redirecting over and over again.
I assumed here two things:
The controllers which deals with reactivating is UsersController.
The action is called “reactivate”