sandergroen
commented
8 years ago This is more a Devise question then a Devise security extension question but I wil give you an answer no problem.
I assume you created models for each role (Candidates, Managers, and Admins).
The functionality you describe does not make much sense because before a user signs in you cant tell if the user is a candidate, manager or admin. You can tell the difference after sign in. What you could do is override the Devise::SessionsController and tell devise to use this controller for each role. You can have a combine controller for the manager/admin role. Then you should make a different sign in form as well.
`class ManagerSessionsController < Devise::SessionsController def new super end
def create
do your captcha magic here
end end `
For the candidates you can use the default SessionsController:
devise_for :candidates
Use the same controller for managers and admins. Add to following to your routes file:
devise_for :managers, :controllers => {:sessions => 'manager_sessions'} devise_for :admins, :controllers => {:sessions => 'manager_sessions'}
You can add different routes for the manager/admin login. You can read the following docs to see how that can be done:
https://github.com/plataformatec/devise/wiki/How-To:-Change-the-default-sign_in-and-sign_out-routes
I havent tested it but I think something like this should work.
PhilBrockman
Hello,
I have a project with Devise Candidates, Managers, and Admins. I want managers and admins to be forced to enter a captcha on each sign in attempt, while candidates must complete a captcha on signup.
I would like something like
config.captcha_for_sign_in = true, except: [:candidates]. Is there an elegant way to achieve this functionality?