Reputation: 111626
Rails Devise, how to make "sign up" only for superuser
I am using Devise for Rails 3.2.1 app. I want to block the sign_up so that only a superuser/administrator can add new users. How do i achieve that?
(Update) I tried the tip suggested in Devise before filter that prevents access to "new_user_registration_path" unless user is signed-in
but it does not work, since the added controller is apparently not password-protecting the new route "/users/registrations":
Create a Controller with class Devise::RegistrationsController heriting. After you can add your filter. You just need define this controller like registration controller
class RegistrationsController < Devise::RegistrationsController before_filter :authenticate_user! endIn your routes.rb
devise_for :users, :controllers => { :registrations => 'registrations'}
Upvotes: 3
Views: 3917
Answers (2)
Reputation: 143
Check this solution from Tony Amoyal
I tested and it works like a charm...
http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/
He uses cancan, but the hooks are easily customized for other mechanisms.
copied here to future reference if his blog gets broken:
..."you want to protect user registrations. This requires us to use CanCan to check for permissions but customize the Devise Registrations controller to restrict access.
One way to do this is to copy the devise controllers into your controllers directory and start customizing. That may be the best way to go and it’s certainly an obvious path, but all I want to do restrict registration. Should I really have to re-implement the registrations controller to do that? For now, I will not. It might make sense when there are more customizations. Instead I inherit from the Devise Registrations controller. Here are the steps:
Step 1 – Create the controller
$ mkdir app/controllers/users
$ touch app/controllers/users/registrations_controller.rb
Step 2 – Add the custom functionality
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :check_permissions, :only => [:new, :create, :cancel]
skip_before_filter :require_no_authentication
def check_permissions
authorize! :create, resource
end
end
The check permissions method is really simple. It calls the CanCan method, authorize!, and checks if the current user can create users. We use resource here because devise uses resource to refer to the model that can be authenticated. Also notice how I removed the require_no_authentication filter, a Devise filter which allows access to actions without authentication."
Upvotes: 1
Reputation: 2461
I would suggest that you create a CRUD only available to the super user and he will be able to create users instead of restricting access to the registration path to only the super user. You can find help for it here: https://github.com/plataformatec/devise/wiki/How-To:-Manage-users-through-a-CRUD-interface.
In case you want to use the registration, I would do almost the same you put on your answer but the before_filter should be something like this:
before_filter :authenticate_user!, :redirect_unless_admin
# (...)
private
def redirect_unless_admin
unless current_user.admin
redirect_to root_path
end
end
Upvotes: 3
Related Questions
- Rails: How to restrict signup to admin using Devise
- Devise: Allow only admin to sign in
- How to restrict registration and create own sign up in devise?
- Devise root - disable must sign-in
- Trying to prevent non admins from signing up for admin
- Don't allow sign in after sign up in devise
- Devise super user
- rails devise only allow existing users to register new users?
- Modify Devise to check for permission to register?
- Devise restrict sign up to Admin