Do it like this:

Create a column called `is_active` for the `User` model.

Then add the code below to the `User` model:


    class User &lt; ActiveRecord::Base
      #this method is called by devise to check for &quot;active&quot; state of the model
      def active_for_authentication?
        #remember to call the super
        #then put our own check to determine &quot;active&quot; state using 
        #our own &quot;is_active&quot; column
        super and self.is_active?
      end
    end


*UPDATE*

As Matt Huggins notes, the method is now called `active_for_authentication?` ([Documentation](http://rdoc.info/github/plataformatec/devise/master/Devise/Models/Authenticatable))

Add a column to the `User` model: `allowed_to_log_in`.

Then add this to `/app/models/user.rb`:

    def active_for_authentication?
        super and self.allowed_to_log_in?
    end

If you want to inform the user with a custom message you can add this as well:

    def inactive_message
        &quot;You are not allowed to log in.&quot;
    end

I think that is quite important because the standard message from Devise says: 

&gt; &quot;Your account is not activated yet.&quot;

 That is confusing for users and the real reason is that you have &quot;banned&quot; them from logging in.

You want to do authorization, not authentication. Devise only does authetication, though.  
I.e. devise only tells you that a user is who he says he is.  
You need something else to forbid him from using the site.  

Authorization is a popular topic and there&#39;s a whole list of gems that can help you with it:  
http://ruby-toolbox.com/categories/rails_authorization.html  
Take your pick.



Sounds like you may be interested in cancan

 - https://github.com/ryanb/cancan
 - http://railscasts.com/episodes/192-authorization-with-cancan



From what I have understood so far, an NFC phone will act as an NFC reader which will read data from an NFC tag. Now my question is, can we switch this around? Can we make an Android NFC phone behave as the tag which an NFC reader will get data from?

Thanks for your assistance.

Can an Android NFC phone act as an NFC tag?

I&#39;m trying to generate QR codes on my website. All they have to do is have a URL in them, which a variable on my site will provide. What would be the easiest way to do this?

Dynamically generating a QR code with PHP

I am using Devise for authentication in my application.

How do I forbid certain users from signing in - kind of disable a user?



Devise - How do I forbid certain users from signing in?

<p>I am using Devise for authentication in my application.</p>
<p>How do I forbid certain users from signing in - kind of disable a user?</p>


Having a hard time figuring out how to make SASS, not SCSS, as the default for stylesheets.

I&#39;ve tried making a `sass_config.rb` file with this:


    Sass::Plugin.options[:syntax] = :sass
    Sass::Plugin.options[:style] = :compressed

I&#39;ve also tried adding that to the environment.rb file. Either way I get this error:

    .../config/environment.rb:7:in `&lt;top (required)&gt;&#39;: 
      uninitialized constant Sass::Plugin (NameError)

How to make Rails 3.1 use SASS (Over SCSS) as the default?

Here&#39;s what I&#39;m using. The token doesn&#39;t necessarily have to be heard to guess, it&#39;s more like a short url identifier than anything else, and I want to keep it short. I&#39;ve followed some examples I&#39;ve found online and in the event of a collision, _I think_ the code below will recreate the token, but I&#39;m not real sure. I&#39;m curious to see better suggestions, though, as this feels a little rough around the edges.

    def self.create_token
        random_number = SecureRandom.hex(3)
        &quot;1X#{random_number}&quot;
        
        while Tracker.find_by_token(&quot;1X#{random_number}&quot;) != nil
          random_number = SecureRandom.hex(3)
          &quot;1X#{random_number}&quot;
        end
        &quot;1X#{random_number}&quot;
      end

My database column for the token is a unique index and I&#39;m also using `validates_uniqueness_of :token` on the model, but because these are created in batches automatically based on a user&#39;s actions in the app (they place an order and buy the tokens, essentially), it&#39;s not feasible to have the app throw an error.

I could also, I guess, to reduce the chance of collisions, append another string at the end, something generated based on the time or something like that, but I don&#39;t want the token to get too long.

Best way to create unique token in Rails?

How do you test `redirect_to :back` in rspec?

I get 

&gt;`ActionController::RedirectBackError`:&lt;br&gt;
&gt;No `HTTP_REFERER` was set in the request to this action, so `redirect_to :back` could not be called successfully. If this is a test, make sure to specify `request.env[&quot;HTTP_REFERER&quot;]`.

How do I go about setting the `HTTP_REFERER` in my test?
 


Rspec testing redirect_to :back

I am using the Ruby on Rails 3.1 pre version. I like to use PostgreSQL, but the problem is installing the `pg` gem. It gives me the following error:

    $ gem install pg
    Building native extensions.  This could take a while...
    ERROR:  Error installing pg:
        ERROR: Failed to build gem native extension.

            /home/u/.rvm/rubies/ruby-1.9.2-p0/bin/ruby extconf.rb
    checking for pg_config... no
    No pg_config... trying anyway. If building fails, please try again with
     --with-pg-config=/path/to/pg_config
    checking for libpq-fe.h... no
    Can&#39;t find the &#39;libpq-fe.h header
    *** extconf.rb failed ***
    Could not create Makefile due to some reason, probably lack of
    necessary libraries and/or headers.  Check the mkmf.log file for more
    details.  You may need configuration options.

    Provided configuration options:
        --with-opt-dir
        --without-opt-dir
        --with-opt-include
        --without-opt-include=${opt-dir}/include
        --with-opt-lib
        --without-opt-lib=${opt-dir}/lib
        --with-make-prog
        --without-make-prog
        --srcdir=.
        --curdir
        --ruby=/home/u/.rvm/rubies/ruby-1.9.2-p0/bin/ruby
        --with-pg
        --without-pg
        --with-pg-dir
        --without-pg-dir
        --with-pg-include
        --without-pg-include=${pg-dir}/include
        --with-pg-lib
        --without-pg-lib=${pg-dir}/lib
        --with-pg-config
        --without-pg-config
        --with-pg_config
        --without-pg_config


    Gem files will remain installed in /home/u/.rvm/gems/ruby-1.9.2-p0/gems/pg-0.11.0 for inspection.
    Results logged to /home/u/.rvm/gems/ruby-1.9.2-p0/gems/pg-0.11.0/ext/gem_make.out

How do I solve this problem?


Can&#39;t find the &#39;libpq-fe.h header when trying to install pg gem

If I&#39;m in an RHTML view in Rails, it is easy to URL-escape something:

    &lt;a href=&quot;/redirect?href=&lt;%=u target %&gt;&quot;&gt;Foo&lt;/a&gt;

How do I do this in a string? I&#39;d like to do something like this:

    &lt;% redirect_href = &quot;/redirect?#{url_escape target}&amp;amp;foo=bar&amp;amp;baz=some_other_stuff&quot; -%&gt;
    &lt;a href=&quot;&lt;%= redirect_href =&gt;&quot;&gt;Foo&lt;/a&gt;

This must be trivial, right?

How do I URL-escape a string in Rails?

I&#39;ve installed devise on my app and applied the following in my `application.html.erb` file:

    &lt;div id=&quot;user_nav&quot;&gt;
		&lt;% if user_signed_in? %&gt;
			Signed in as &lt;%= current_user.email %&gt;. This cannot be cheese?
			&lt;%= link_to &#39;Sign out&#39;, destroy_user_session_path %&gt;
		&lt;% else %&gt;
			&lt;%= link_to &#39;Register&#39;, new_user_registration_path %&gt; or &lt;%= link_to &#39;Sign in&#39;, new_user_session_path %&gt;
		&lt;% end %&gt;
	&lt;/div&gt;

I ran `rake routes` and confirmed that all the routes are valid.

Also, in my `routes.rb` file I have `devise_for :users` and `root :to =&gt; &quot;home#index&quot;`. 

I get the following routing error when clicking the &quot;Sign out&quot; link:

    No route matches &quot;/users/sign_out&quot;

Any ideas what&#39;s causing the error?

No route matches &quot;/users/sign_out&quot; devise rails 3

I&#39;m using devise for user auth, but I have nice mockups for the signup, login, etc. pages.
I&#39;ve already done the `rails generate devise:views User` command and have all of the views in the views folder, however, when I replaced the registration/new.html.erb with my own new.html.erb, nothing changes nor looks different. It&#39;s as if I had done anything.

Anyone know what I&#39;m doing wrong or at least how to successfully customize devise views

P.S. Is it important to note that I changed the route of devise/registration#new to /signup?

Customizing Devise views in Rails

I&#39;m using Devise in a Rails 3 app, but in this case, a user must be created by an existing user, who determines what permissions he/she will have.

Because of this, I want:

- To **remove the route for users to sign up**. 
- To **still allow users to edit their profiles** (change email address and password) **after** they have signed up

How can I do this?

Currently, I&#39;m effectively removing this route by placing the following before `devise_for :users`:

    match &#39;users/sign_up&#39; =&gt; redirect(&#39;/404.html&#39;)

That works, but I imagine there&#39;s a better way, right?

## Update


As Benoit Garret said, the best solution in my case is to skip creating the registrations routes en masse and just create the ones I actually want. 

To do that, I first ran `rake routes`, then used the output to re-create the ones I wanted. The end result was this:

    devise_for :users, :skip =&gt; [:registrations] 
    as :user do
      get &#39;users/edit&#39; =&gt; &#39;devise/registrations#edit&#39;, :as =&gt; &#39;edit_user_registration&#39;
      put &#39;users&#39; =&gt; &#39;devise/registrations#update&#39;, :as =&gt; &#39;user_registration&#39;
    end

Note that:

- I still have `:registerable` in my `User` model
- `devise/registrations` handles updating email and password
- Updating other user attributes - permissions, etc - is handled by a different controller

## Actual answer:

Remove the route for the default Devise paths; i.e.:

    devise_for :users, path_names: {
      sign_up: &#39;&#39;
    }


How do I remove the Devise route to sign up?

My app is using Rails 3.0.4 and Devise 1.1.7.

I&#39;m looking for a way to prevent users from sharing accounts as the app is a subscription based service.  I&#39;ve been searching for over a week, and I still don&#39;t know how to implement a solution.  I&#39;m hoping someone has implemented a solution and can point me in the right direction.   

**Solution** (Thank you everyone for your answers and insight!)

In application controller.rb

    before_filter :check_concurrent_session

    def check_concurrent_session
      if is_already_logged_in?
        sign_out_and_redirect(current_user)
      end
    end

    def is_already_logged_in?
      current_user &amp;&amp; !(session[:token] == current_user.login_token)
    end

In session_controller that overrides Devise Sessions controller:

    skip_before_filter :check_concurrent_session
    
    def create
      super
      set_login_token
    end
    
    private
    def set_login_token
      token = Devise.friendly_token
      session[:token] = token
      current_user.login_token = token
      current_user.save
    end

In migration AddLoginTokenToUsers

    def self.up
      change_table &quot;users&quot; do |t|
        t.string &quot;login_token&quot;
      end
    end

    def self.down
      change_table &quot;users&quot; do |t|
        t.remove &quot;login_token&quot;
      end
    end


Devise limit one session per user at a time

I integrated devise with facebook. Now when I create a user account after the user has logged in with his/her facebook account,

      user = User.create(:email =&gt; data[&quot;email&quot;], 
                         :password =&gt; Devise.friendly_token[0,20]) 
      user.confirmed_at = DateTime.now
      user.save!

even though the account has been confirmed, an confirmation email is still fired. Any idea how I can turn the email firing off? 



Content Type	Original Author	Original Content on Stackoverflow
Question	Dimitar Vouldjeff	View Question on Stackoverflow
Solution 1 - Ruby on-Rails	Zabba	View Answer on Stackoverflow
Solution 2 - Ruby on-Rails	Oyvkva	View Answer on Stackoverflow
Solution 3 - Ruby on-Rails	x10	View Answer on Stackoverflow
Solution 4 - Ruby on-Rails	ecoologic	View Answer on Stackoverflow

Devise - How do I forbid certain users from signing in?

Ruby on-Rails Problem Overview

Ruby on-Rails Solutions

Solution 1 - Ruby on-Rails

Solution 2 - Ruby on-Rails

Solution 3 - Ruby on-Rails

Solution 4 - Ruby on-Rails

Dynamically generating a QR code with PHP

Can an Android NFC phone act as an NFC tag?

Attributions