Replies: 1 comment 3 replies
-
One possible solution would be to use the Regarding manual code in your Rodauth app's route block, not sure what the problem was there exactly, but my guess is that loading Yeah, using |
Beta Was this translation helpful? Give feedback.
-
Greetings everyone!
We are using Rodauth on a project and we have an additional need for additional user validation. Situation:
Customer
model and a relatedClient
model (one client can have many employees).Customer
has been deactivated, it is required to block all its employees from using the systemAt the login level I managed to implement it via
before_login
hook:rodauth_main.rb
And additionally prohibited through ApplicationPolicy similar users to have access to the corresponding resources
def require_customer
deny! unless account&.customer&.client&.active? || account&.admin?
end
However, then the following problem occurs: If a customer is logged in and then a related client is deactivated, the user just sees an error window without the ability to log out and log in with another account. I've tried other hooks (before_rodauth, around_rodauth and others) but they don't work in my case.
I also tried doing something via rodauth_app.rb, but that didn't work either - and apparently the body of the
before_login
block goes through first, no logout logic happens (even if you write it directly inbefore_login
, but I think that's how it's designed), and then the rodauth_app is executed, where my code loops aroundrodauth_app.rb
At the end, I tried solving this via
after_login
instead ofbefore_login
by callinglogout
directly:And it worked! However, I was wondering if there isn't a better solution for this? Thanks in advance
Beta Was this translation helpful? Give feedback.
All reactions