Creating new users through Devise with an admin user who is already logged in

Question

I'm building a service on Rails using Devise which requires an 'admin' user to add regular users to their organization account. The default behaviour of Devise doesn't support this, as the ':require_no_authentication' method is called when a logged in admin user tries to create a regular user account.

What would be the recommended method of achieving the functionality I am looking for?

• :require_no_authentication is called by prepend_before_filter in the Devise::RegistrationsController class, rather that in one of the RegistrationsController methods, so I do not know if this can be overridden (correct me if I'm wrong).
• I believe separating the admin users from the regular users would work, however these users will share very similar properties, so I believe doing this will add unnecessary repetition.
• I am currently trying to create new admin users (who in turn create the organization that regular users belong to) using the regular Devise sign up flow with 'users#new' and 'users#create' controller actions, and allowing admins to add new users through a 'users#add' action.

If there is perhaps another good user authentication gem that would better suit my needs, I would be happy to take a look at switching to that.

Answer 1

This seems to be more of an authorization problem than an authentication problem. You can use an authorization gem, such as cancan, to assign roles to users (such as admin) and grant abilities to those roles. This works really well alongside Devise. Here's a tutorial:

http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/

EDIT: I think I may have misunderstood your problem. Maybe what you need is just another controller to handle the creating of users outside of the Devise controllers. You could use cancan to restrict access to this controller to only admins.