Skip to content

How To: Set up devise as a single user system

Jump to bottom Edit New page
bquorning edited this page Aug 17, 2011 · 12 revisions

Rationale: Some projects might come across the need for an authentication solution to which devise is supremely suited for -- but without the need (or want) to have public viewers trying to register.

The example of a private weblog comes to mind, so we will use it as an example. This, along with How to: add an admin role (Especially using Option 2 of just using an :admin attribute), and lastly How To: Restrict access to specific actions gives a pretty robust authentication and authorization abilities to your app/website in mere minutes.

In general, you want the drop-in functionality Devise give us, sans "allowing the general public to register". You could Require admin to activate account before sign in, but that's only dealing with the issue after they have registered. Same issue comes with just hiding the links to the pages you are trying to block.

Depending on how you deploy out your application, you may wish to create the sole user before you make the needed changes. I'll leave that to the reader how they want to do it, but most likely it will be via rails console or via a migration file, if not done in development before you remove the functionality.

Step 1

Alter the devise_for line in config/routes.rb to skip the registration controller:

devise_for :users, :skip => :registrations

Step 2

Since the base Devise controllers (and views) assume you have registrations enabled, you'll have to override the default views to not show links to the :sign_up route (in particular). Otherwise, the log in page will throw errors about the routes we skipped in step 1 not existing.

In a terminal:

mkdir -p app/views/devise/shared
touch app/views/devise/shared/_links.html.erb

You may wish to keep the link to the forgot_password functionality (in case you do forget your password), in which case just add the following to app/views/devise/shared/_links.html.erb:

<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
  <%= link_to "Forgot your password?", new_password_path(resource_name) %>
<% end -%>

That's it

The /users/sign_in path still gives you a login form, and /users/sign_out still logs you out.

You can add this to your application.html.erb to make some quick and easy links:

<% if user_signed_in? %>
  <%= link_to('logout', destroy_user_session_path) %>
<% else %>
  <%= link_to('login', new_user_session_path) %>
<% end %>

Getting Started

MIT License. Copyright 2009-2020 Plataformatec. http://plataformatec.com.br

Add a custom sidebar
Clone this wiki locally