Devise: how to disallow logging different roles from the same session, at the same time

Question

I created three different roles (User, Admin, Manager) using devise's rails generator, they are stored in different tables and models...

How can I forbid someone to to login two different roles during the same session?

Can you elaborate on what you mean? Devise will create different session variables based on the name of the model. — Ant, Oct 31 '12 at 14:14
I don't want the same person to log in as User and as Admin in the same browser window. — Fuffinii, Dec 30 '12 at 14:46

score 0 · Answer 1 · edited May 23 '17 at 12:03

When a user tries to log in you can verify he isn't logged in as another role. To do that you will have to override devise SessionsController. It is explained here for RegistrationsController but the same can be done with SessionsController. Next add a before filter to your new SessionsController:

before_filter :require_not_authenticated_in_other_scopes, :only => [:new, :create]

Then just implement the filter in the controller:

def require_not_authenticated_in_other_scopes
  other_types = [:user, :admin, :manager] - [resource_name]
  other_types.each do |type|
    if self.send("#{type}_signed_in?") 
      resource = warden.user(type)
      redirect_to after_sign_in_path_for(resource)
    end
  end
end

I've taken parts of the implementations from Devise's SessionsController itself you can find it in their GitHub repository.

Devise: how to disallow logging different roles from the same session, at the same time

1 Answers1