2

I'm building a service on Rails using Devise which requires an 'admin' user to add regular users to their organization account. The default behaviour of Devise doesn't support this, as the ':require_no_authentication' method is called when a logged in admin user tries to create a regular user account.

What would be the recommended method of achieving the functionality I am looking for?

  • :require_no_authentication is called by prepend_before_filter in the Devise::RegistrationsController class, rather that in one of the RegistrationsController methods, so I do not know if this can be overridden (correct me if I'm wrong).
  • I believe separating the admin users from the regular users would work, however these users will share very similar properties, so I believe doing this will add unnecessary repetition.
  • I am currently trying to create new admin users (who in turn create the organization that regular users belong to) using the regular Devise sign up flow with 'users#new' and 'users#create' controller actions, and allowing admins to add new users through a 'users#add' action.

If there is perhaps another good user authentication gem that would better suit my needs, I would be happy to take a look at switching to that.

Jason
  • 420
  • 5
  • 11

1 Answers1

3

This seems to be more of an authorization problem than an authentication problem. You can use an authorization gem, such as cancan, to assign roles to users (such as admin) and grant abilities to those roles. This works really well alongside Devise. Here's a tutorial:

http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/

EDIT: I think I may have misunderstood your problem. Maybe what you need is just another controller to handle the creating of users outside of the Devise controllers. You could use cancan to restrict access to this controller to only admins.

Josh Rieken
  • 2,256
  • 1
  • 19
  • 23
  • Thanks for the quick response! If I were to do this, do you know if it is still possible to use Devise authentication for users created in this way? I would still like these users created by the admin to be able to log in and access their accounts, and using Devise to control this would be ideal. – Jason Jan 19 '13 at 22:40
  • Yeah, absolutely. As long as you're creating records of the same User model used by Devise, they'll be able to log in just fine. You'll need to create your own controller and views, though, to do this. Think of this as user management (including creating users), whereas the built-in Devise forms are for registration (users creating themselves). – Josh Rieken Jan 19 '13 at 22:46
  • 1
    I don't think I'll ever get over how nice Rails is to develop with! I looked into adding a second 'admin' controller and ran across three blog posts from Aaron Sumner at http://everydayrails.com The code in "Creating your own admin dashboard from scratch" works in a very similar to Devise, and with a bit of hacking I managed to get my desired functionality. Thanks for the suggestions Joshua! http://everydayrails.com/2012/08/19/rails-admin-panel-from-scratch-3.markdown.html – Jason Jan 20 '13 at 00:36