0

Im using an Omniauth + Devise authentication system, where the user can register with his e-mail + password or with his Google+ account.

Now I need to use CanCanCan gem to check if the user that is loging in has permissions to go to the after login area, but I dont know where i can do that condition, in which file Devise stores the redirect after sucessfull login function?

Miguel Rebola
  • 120
  • 1
  • 2
  • 12
  • A better approach is to add the authorization to the controller which handles your "after login area". – max May 21 '15 at 11:24

2 Answers2

0

You have to override Devise registration controller. 

class RegistrationsController < Devise::RegistrationsController
  protected

  def after_sign_up_path_for(resource)
    '/home' # your path to redirect after signup
  end
end

You can define the access permissions in abilities.rb file. 

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= user.new

    # Here you can define the permissions for home page for user
  end
end
Kamesh
  • 1,435
  • 1
  • 14
  • 27
0

You can implement the after_sign_in_path method in your Application Controller, where resource is your user: 

class ApplicationController < ActionController::Base
  def after_sign_in_path_for(resource)
    if resource.can? :show, ProtectedResource
      protected_area_path
    else
      denied_access_path
    end
  end
end

This will tell Devise where to redirect your user.

Luc
  • 143
  • 6