Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to "soft delete" user with Devise

I currently use Devise for user registration/authentication in a Rails project. When a user wants to cancel their account, the user object is destroyed, which leaves my application in an undesired state.

What is the easiest way to implement a "soft delete", i.e. only removing personal data and marking the user as deleted? I still want to keep all record associations.

I assume I will have to first introduce a new "deleted" column for users. But then I am stuck with this default code in the user's profile view:

<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>

Where can I find the :delete method? How should I overwrite the default Devise methods?

like image 850
slhck Avatar asked Feb 28 '11 10:02

slhck


People also ask

How do I delete a soft user?

Overview. Soft delete hides information from end-user or flags data as deleted while it still remains visible or active in your database. To perform soft delete in Laravel, you need to have a deleted_at column that should be set to default null , as it should be of timestamp data type in the model.

How do I delete a devise model?

In your config/routes. rb where there is any reference for device_for , delete it. This should fix that error. Show activity on this post.


4 Answers

I could advise overriding destroy method on your User model to simply do update_attribute(:deleted_at, Time.current) (instead of actually destroying), but this deviation from standard API could become burdensome in the future, so here's how to modify the controller.

Devise has a bunch of default controllers out of the box. The best way to customize them is to create your own controller inheriting the corresponding devise controller. In this case we are talking about Devise::RegistrationsController — which is easily recognized by looking at source. So create a new controller.

class RegistrationsController < Devise::RegistrationsController
end

Now we have our own controller fully inheriting all the devise-provided logic. Next step is to tell devise to use it instead of the default one. In your routes you have devise_for line. It should be changed to include registrations controller.

devise_for :users, :controllers => { :registrations => 'registrations' } 

This seems strange, but it makes sense because by default it's 'devise/registrations', not simply 'registrations'.

Next step is to override the destroy action in registrations controller. When you use registration_path(:user), :method => :delete — that's where it links. To destroy action of registrations controller.

Currently devise does the following.

def destroy
  resource.destroy
  set_flash_message :notice, :destroyed
  sign_out_and_redirect(self.resource)
end

We can instead use this code. First let's add new method to User model.

class User < ActiveRecord::Base
  def soft_delete
    # assuming you have deleted_at column added already
    update_attribute(:deleted_at, Time.current)
  end
end

# Use this for Devise 2.1.0 and newer versions
class RegistrationsController < Devise::RegistrationsController

  def destroy
    resource.soft_delete
    Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
    set_flash_message :notice, :destroyed if is_navigational_format?
    respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
  end
end

# Use this for older Devise versions
class RegistrationsController < Devise::RegistrationsController
  def destroy
    resource.soft_delete
    set_flash_message :notice, :destroyed
    sign_out_and_redirect(resource)
  end
end

Now you should be all set. Use scopes to filter out deleted users.

like image 190
Max Chernyak Avatar answered Oct 18 '22 22:10

Max Chernyak


Adding onto hakunin's answer:

To prevent "soft deleted" users from signing in, override active_for_authentication? on your User model:

def active_for_authentication?
  super && !deleted_at
end
like image 45
Peyman Avatar answered Oct 18 '22 22:10

Peyman


You could use acts_as_paranoid for your User model, which sets a deleted_at instead of deleting the object.

like image 10
rausch Avatar answered Oct 18 '22 23:10

rausch


A complete tutorial can be found at Soft Delete a Devise User Account on the Devise wiki page.

Summary:
1. Add a "deleted_at" DATETIME column
2. Override users/registrations#destroy in your routes
3. Override users/registrations#destroy in the registrations controller
4. Update user model with a soft_delete & check if user is active on authentication
5. Add a custom delete message

like image 7
csi Avatar answered Oct 18 '22 22:10

csi