I have a Rails 3 app with authentication setup using Devise with the registerable module enabled.
I want to have new users who sign up using our
outside register form to use the full Devise registerable module, which is happening now.
However, I also want the admin user to be able to create new users directly, bypassing (I think) Devise's registerable module.
With registerable disabled, my standard UsersController works as I want it to for the admin user, just like any other Rail scaffold. However, now new users can't register on their own.
With registerable enabled, my standard UsersController is never called for the new user action (calling Devise::RegistrationsController instead), and my CRUD actions don't seem to work at all (I get dumped back onto my root page with no new user created and no flash message). Here's the log from the request:
Started POST "/users" for 127.0.0.1 at 2010-12-20 11:49:31 -0500
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"?", "authenticity_token"=>"18697r4syNNWHfMTkDCwcDYphjos+68rPFsaYKVjo8Y=", "user"=>{"email"=>"
[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "role"=>"manager"}, "commit"=>"Create User"}
SQL (0.9ms) ...
User Load (0.6ms) SELECT "users".* FROM "users" WHERE ("users"."id" = 2) LIMIT 1
SQL (0.9ms) ...
Redirected to http://test-app.local/ Completed 302 Found in 192ms
... but I am able to register new users through the
outside form.
How can I get both of these methods to work together, such that my admin user can manually create new users and guest users can register on their own?
I have my Users controller setup for standard CRUD:
class UsersController < ApplicationController
load_and_authorize_resource
def index
@users = User.where("id NOT IN (?)", current_user.id) # don't display the current user in the users list; go to account management to edit current user details
end
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save
flash[:notice] = "#{ @user.email } created."
redirect_to users_path
else
render :action => 'new'
end
end
def edit
end
def update
params[:user].delete(:password) if params[:user][:password].blank?
params[:user].delete(:password_confirmation) if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
if @user.update_attributes(params[:user])
flash[:notice] = "Successfully updated User."
redirect_to users_path
else
render :action => 'edit'
end
end
def delete
end
def destroy
redirect_to users_path and return if params[:cancel]
if @user.destroy
flash[:notice] = "#{ @user.email } deleted."
redirect_to users_path
end
end
end
And my routes setup as follows:
TestApp::Application.routes.draw do
devise_for :users
devise_scope :user do
get "/login", :to => "devise/sessions#new", :as => :new_user_session
get "/logout", :to => "devise/sessions#destroy", :as => :destroy_user_session
end
resources :users do
get :delete, :on => :member
end
authenticate :user do
root :to => "application#index"
end
root :to => "devise/session#new"
end
