I have a Rails 3 app with authentication setup using Devise with
the registerable module enabled.
I want to have
new users who sign up using our outside register form to use
the full Devise registerable module, which is happening now.
However, I also want
the admin user to be able to create
new users directly, bypassing (I think) Devise's registerable module.
With registerable disabled, my standard UsersController works as I want it to for
the admin user, just like any other Rail scaffold. However, now
new users can't register on their own.
With registerable enabled, my standard UsersController is never called for
the new user action (calling Devise::RegistrationsController instead), and my CRUD actions don't seem to work at all (I get dumped back onto my root page with no
new user created and no flash message). Here's
the log from
the request:
Started POST "/users" for 127.0.0.1 at 2010-12-20 11:49:31 -0500
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"?", "authenticity_token"=>"18697r4syNNWHfMTkDCwcDYphjos+68rPFsaYKVjo8Y=", "user"=>{"email"=>"
[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "role"=>"manager"}, "commit"=>"Create User"}
SQL (0.9ms) ...
User Load (0.6ms) SELECT "users".* FROM "users" WHERE ("users"."id" = 2) LIMIT 1
SQL (0.9ms) ...
Redirected to http://test-app.local/ Completed 302 Found in 192ms
... but I am able to register
new users through
the outside form.
How can I get both of these methods to work together, such that my admin user can manually create
new users and guest users can register on their own?
I have my Users controller setup for standard CRUD:
class UsersController < ApplicationController
load_and_authorize_resource
def index
@users = User.where("id NOT IN (?)", current_user.id) # don't display
the current user in
the users list; go to account management to edit current user details
end
def
new
@user = User.
new
end
def create
@user = User.new(params[:user])
if @user.save
flash[:notice] = "#{ @user.email } created."
redirect_to users_path
else
render :action => '
new'
end
end
def edit
end
def update
params[:user].delete(:password) if params[:user][:password].blank?
params[:user].delete(:password_confirmation) if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
if @user.update_attributes(params[:user])
flash[:notice] = "Successfully updated User."
redirect_to users_path
else
render :action => 'edit'
end
end
def delete
end
def destroy
redirect_to users_path and return if params[:cancel]
if @user.destroy
flash[:notice] = "#{ @user.email } deleted."
redirect_to users_path
end
end
end
And my routes setup as follows:
TestApp::Application.routes.draw do
devise_for :users
devise_scope :user do
get "/login", :to => "devise/sessions#new", :as => :new_user_session
get "/logout", :to => "devise/sessions#destroy", :as => :destroy_user_session
end
resources :users do
get :delete, :on => :member
end
authenticate :user do
root :to => "application#index"
end
root :to => "devise/session#new"
end