Devise/Rails - How to allow only admin to create account for others?

Question

I am using devise as my authentication solution and now i am thinking about authorization. In my project I (the admin) is the only person authorized to create account for others.

I wonder if there is a way to do it without to much hack. In fact, Devise doesn't allow user to access to the signup page if he is already logged in.

Thanks for your advice on it!

Answer 1

It actually looks like in the later versions of Devise you can just remove the "registerable" declaration from your model and it will take care of this for you.

Answer 2

Setting :skip => :registrations also kills the ability for a user to edit their user info. If that's not what you are after you can instead create a (minimal) custom registrations controller and only remove the new_user_registration_path while preserving the edit_user_registration_path.

# app/controllers/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController

 def new
    # If you're not using CanCan, raise some other exception, or redirect as you please
    raise CanCan::AccessDenied
  end

end

# routes.rb
devise_for :users, :controllers => { :registrations => "registrations" }

Once you do this you also need to move the directory views/devise/registrations to just views/registrations.

Answer 3

You can try the rails_admin gem in conjunction with Devise to handle any admin-specific tasks. You'll need to add more code to set it up, but at least you avoid hacking around the solution in terms of changing your interactions with Devise.