Rails, DEVISE - Preventing a user from changing their email address

Question

When a user registers on my app they have to confirm their email, powered by Devise + Rails 3.

The email address defines the user\'s permissions so I don\'t want the

Answer 1

attr_readonly :email

That solved the problem easily.

https://groups.google.com/forum/#!topic/plataformatec-devise/skCarCHr0p8

Answer 2

This is the perfect case for a custom validator. Since Rails3, they are much easier to do than before.

class ImmutableValidator < ActiveModel::EachValidator
  def validate_each(record, attribute, value)
    record.errors[attribute] << "cannot be changed after creation" if record.send("#{attribute}_changed?") && !record.new_record?
  end
end

class User < ActiveRecord::Base
  validates :email, :immutable => true
end

Answer 3

I would personally leave the attr_accessible for :email and just remove the email field from the edit view. Also, you will want to strip out any email param from the params hash in the update action.