I have a Rails 3 app with authentication setup using Devise with the registerable module enabled.
I want to have new users who sign up using our outside register form to use the full Devise registerable module, which is happening now.
However, I also want the admin user to be able to create new users directly, bypassing (I think) Devise’s registerable module.
-
With
registerabledisabled, my standard UsersController works as I want it to for theadminuser, just like any other Rail scaffold. However, now new users can’t register on their own. -
With
registerableenabled, my standard UsersController is never called for the new user action (callingDevise::RegistrationsControllerinstead), and my CRUD actions don’t seem to work at all (I get dumped back onto my root page with no new user created and no flash message). Here’s the log from the request:Started POST "/users" for 127.0.0.1 at 2010-12-20 11:49:31 -0500 Processing by Devise::RegistrationsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"18697r4syNNWHfMTkDCwcDYphjos+68rPFsaYKVjo8Y=", "user"=>{"email"=>"test@test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "role"=>"manager"}, "commit"=>"Create User"} SQL (0.9ms) ... User Load (0.6ms) SELECT "users".* FROM "users" WHERE ("users"."id" = 2) LIMIT 1 SQL (0.9ms) ... Redirected to http://test-app.local/ Completed 302 Found in 192ms
… but I am able to register new users through the outside form.
How can I get both of these methods to work together, such that my admin user can manually create new users and guest users can register on their own?
I have my Users controller setup for standard CRUD:
class UsersController < ApplicationController
load_and_authorize_resource
def index
@users = User.where("id NOT IN (?)", current_user.id) # don't display the current user in the users list; go to account management to edit current user details
end
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save
flash[:notice] = "#{ @user.email } created."
redirect_to users_path
else
render :action => 'new'
end
end
def edit
end
def update
params[:user].delete(:password) if params[:user][:password].blank?
params[:user].delete(:password_confirmation) if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
if @user.update_attributes(params[:user])
flash[:notice] = "Successfully updated User."
redirect_to users_path
else
render :action => 'edit'
end
end
def delete
end
def destroy
redirect_to users_path and return if params[:cancel]
if @user.destroy
flash[:notice] = "#{ @user.email } deleted."
redirect_to users_path
end
end
end
And my routes setup as follows:
TestApp::Application.routes.draw do
devise_for :users
devise_scope :user do
get "/login", :to => "devise/sessions#new", :as => :new_user_session
get "/logout", :to => "devise/sessions#destroy", :as => :destroy_user_session
end
resources :users do
get :delete, :on => :member
end
authenticate :user do
root :to => "application#index"
end
root :to => "devise/session#new"
end
You should create a separate controller to manage your users. I always create administrator users and give them a special namespace to work in. Let me illustrate that:
config/routes.rb