Make a private Hobo app

Posted by Tom. This recipe answers 2 Questions

UPDATE - --invite-only added to Hobo

You can now just create your app with

hobo --invite-only my_app

and you’ll get a new Hobo app set up so that only those invited by the admin can have accounts.

That’s it : )

By a ‘private’ app, we mean that only logged in users can get access, and there is no public sign-up facility.

This recipe is a work in progress.

Require all users to be logged in

Very easy - just add the following before_filter to ApplicationController:

class ApplicationController < ActionController::Base
  ...
  before_filter :login_required
end

Note that this prevents access to the entire site to users that are not logged in. That sounds like a problem - how will the user even visit the login page? Fear not - Hobo’s user controller declared skip_before_filter :login_required for the login action and a few others

Prevent signup

Also easy! Your generated user model has the following lifecycle declaration:

lifecycle do

  initial_state :active

  create :anybody, :signup, 
         :params => [:username, :email_address, :password, :password_confirmation],
         :become => :active, :if => proc {|_, u| u.guest?}

  transition :nobody, :request_password_reset, { :active => :active }, :new_key => true do
    UserMailer.deliver_forgot_password(self, lifecycle.key)
  end

  transition :with_key, :reset_password, { :active => :active }, 
             :update => [ :password, :password_confirmation ]

end

So - just delete the :signup creator, so you’re left with

lifecycle do

  initial_state :active

  transition :nobody, :request_password_reset, { :active => :active }, :new_key => true do
    UserMailer.deliver_forgot_password(self, lifecycle.key)
  end

  transition :with_key, :reset_password, { :active => :active }, 
             :update => [ :password, :password_confirmation ]

end

That’s it. The <account-nav> tag tests for the presence of the signup route, which is now gone, so the “sign up” link will be gone too.

User contributed notes

  • On October 29, 2008 davidh said:

    I tried this out and needed a couple of extra steps to allow administrators to manage the user list.

    First I added a link in an administration page to get to the list of users: <a href="/users">Users</a>.

    Next in users_controller I changed auto_actions to "auto_actions :all".

    Finally in views/taglibs/auto/rapid/forms.dryml, I changed the field list in <def tag="form" for="User"> to include the password fields:
    <field-list fields="username, email_address, password, password_confirmation, administrator" param/>

    I haven't tested it a lot, but so far so good.

  • On November 18, 2008 robi said:

    How would you go about forcing a password reset - i.e. admin resets the password for a user?

  • On June 18, 2009 bcavileer said:

    This howto is great but it prevents users from self-enrolling.

    I wanted to make the app private, yet still allow users to signup.

    I added this to my UsersController

    skip_before_filter :login_required, :only => [:do_signup, :signup, :login]

    Seems to work so far...