Rails 2.3.9
Devise 1.0.8
I’m trying to restrict registrations for a Devise User model to users with an admin role.
Unfortunately I’m stuck with Devise 1.0.8 and Rails 2.3.9.
I’ve read the methods outlined in the Devise wiki about namespacing seperate Users::Registrations controller, and so far I’ve managed to get to the stage were the Users::Registrations controller is rendering a new user form – however on submission the form goes to the original Devise Registrations controller and the [:require_no_authentication] filter (which is skipped in the Users::Registrations controller) fires and redirects to the home page (due to the User already being logged in as an Admin).
I think this is an issue with the routes but I’m kinda stumped – most of the Google’d answers and suggestions are for Devise with Rails 3. Any ideas?
Processing Users::RegistrationsController#new (for 158.119.147.40 at 2011-03-28 15:00:15) [GET]
[4;36;1mUser Load (1.6ms)[0m [0;1mSELECT * FROM "users" WHERE ("users"."id" = 1) LIMIT 1[0m
[4;35;1mRole Load (0.9ms)[0m [0mSELECT "roles".* FROM "roles" INNER JOIN "roles_users" ON "roles".id = "roles_users".role_id WHERE ("roles"."name" = E'admin') AND ("roles_users".user_id = 1 ) LIMIT 1[0m
Rendering template within layouts/registrations
Rendering users/registrations/new
[4;36;1mRole Load (0.3ms)[0m [0;1mSELECT * FROM "roles" [0m
[4;35;1mCACHE (0.0ms)[0m [0mSELECT "roles".* FROM "roles" INNER JOIN "roles_users" ON "roles".id = "roles_users".role_id WHERE ("roles"."name" = E'admin') AND ("roles_users".user_id = 1 ) LIMIT 1[0m
Rendered shards/_login_bar (2.6ms)
Rendered shards/_header (3.5ms)
Rendered shards/_menu (1.4ms)
Completed in 66ms (View: 21, DB: 3) | 200 OK [http://158.119.147.40/efoss/users/registrations]
[4;36;1mSQL (0.2ms)[0m [0;1mSET client_min_messages TO 'panic'[0m
[4;35;1mSQL (0.2ms)[0m [0mSET client_min_messages TO 'notice'[0m
Processing RegistrationsController#create (for 158.119.147.40 at 2011-03-28 15:00:35) [POST]
Parameters: {"user"=>{"roles"=>"1", "password_confirmation"=>"zomgapsw0rd", "lname"=>"Ee", "fname"=>"Mr", "password"=>"zomgapsw0rd", "email"=>"mree@notanemail.com"}, "commit"=>"Sign up", "authenticity_token"=>"AViEsObUf5Dadeb0pygJ5BoO8YS9EyURW0vJeBDHiRw="}
[4;36;1mUser Load (1.7ms)[0m [0;1mSELECT * FROM "users" WHERE ("users"."id" = 1) LIMIT 1[0m
Redirected to http://158.119.147.40/efoss/
Filter chain halted as [:require_no_authentication] rendered_or_redirected.
config/routes.rb
map.devise_for :users
map.new_user_registration 'users/registrations', :controller => 'users/registrations', :action => 'new'
#map.connect 'users/registrations', :controller => 'users/registrations', :action => 'create', :conditions => {:method => :post}
controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
#prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
skip_before_filter :require_no_authentication
prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
include Devise::Controllers::InternalHelpers
#before_filter :check_permissions, :only => [:new, :create, :cancel]
# GET /resource/sign_up
def new
build_resource
render_with_scope :new
end
# POST /resource
def create
build_resource
if resource.save
set_flash_message :notice, :signed_up
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
# GET /resource/edit
def edit
render_with_scope :edit
end
# PUT /resource
def update
if self.resource.update_with_password(params[resource_name])
set_flash_message :notice, :updated
redirect_to after_sign_in_path_for(self.resource)
else
render_with_scope :edit
end
end
# DELETE /resource
def destroy
self.resource.destroy
set_flash_message :notice, :destroyed
sign_out_and_redirect(self.resource)
end
def check_permissions
authorize! :create, resource
end
end
views/users/registrations/new.html.erb
<h2>Sign up</h2>
<% form_for @user do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :fname, "First name" %></p>
<p><%= f.text_field :fname %></p>
<p><%= f.label :lname, "Last name" %></p>
<p><%= f.text_field :lname %></p>
<p><%= f.label :roles %></p>
<p><%= f.select :roles, Role.all.collect{|r| [r.name, r.id]} %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password, {:class => "password_check"} %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation, {:class => "password_check"} %></p>
<p><%= f.submit "Sign up" %></p>
<% end -%>
In the end I ended up defining the url to submit the form to in the form itself – not ideal and uses abit of a hack – if anyone can suggest a cleaner way of doing this I’ll save the tick for that answer;
routes.rb
views/users/registrations/new.html.erb
ugly hack with ‘../../users/registrations’ otherwise the form is routed to ‘users/registrations/users/registrations’ – if the :url modifier is left out then the form is submitted to the default Devise registrations controller action ‘create’ not ‘Users/Registrations’