1

I'm using Devise and I want allow Only Admins to create new users. I've already reviewed This answer but it looks outdated. I've tried so many possible answer but nothing worked. I'm looking for a bit detailed answer as I'm still a newbie.

Admins are labeled with Boolean value in the users table I'm trying to keep things minimal.

Community
  • 1
  • 1
Opapadaia
  • 35
  • 6

3 Answers3

1

Well the simplest way to do that is to add a before_action to your users controller limit the create and edit and anyother action you want to specific criteria 

before_action :create_user , only: [:edit , :update , :new, :correct_user]

and then you can define a create user private method 

def create_user

    @user=User.find(params[:id])
    redirect_to @user unless @user.criteria == criteria
  end

Hope this is what you are looking for. If not please comment with further details.

Shahin
  • 2,507
  • 1
  • 13
  • 17
  • but devise doesn't have a user controller – Opapadaia Aug 17 '16 at 08:09
  • This might help you to find where is the controller. http://stackoverflow.com/questions/6234045/how-do-you-access-devise-controllers – Shahin Aug 17 '16 at 08:13
  • every time i click on the link_to create new user, It returns with an error message "You are already signed in" – Opapadaia Aug 17 '16 at 08:22
  • 1
    reviewing your answer, noticed that the create_user method code was written for find recorders not saving it, Please review your answer. – Opapadaia Aug 17 '16 at 08:43
  • buddy i really recommend reading rails tutorials by michale hurtle. It will be helpful and will introduce you to new features. – Shahin Aug 17 '16 at 08:45
  • what features you're talking about are find method can save users now? – Opapadaia Aug 17 '16 at 08:51
1
#
# In Users_Controller
#
before_action :check_user_role , only: [:edit , :update , :new, :create] 

def check_user_role
  redirect_to home_path if current_user.role != "Your Role"
end
bk chovatiya
  • 343
  • 2
  • 8
1

You could achieve this numerous ways. What I have done in the past is a combination of showing\hiding the links in the views and checking the user in the controller. I've assumed you have a form with the user details that you will submit to the user controller.

I've included a controller from one app I worked on below.

The first thing I do is to check to see if the user is authenticated (we use google for this but if you have set up devise you won't need this and probably have your own authentication in place). Devise will have created the current_user object if you have logged in which should include your "role" attribute. In the standard user create you can check the current user.role and simply redirect if the current_user.role is not 1 (I assumed 1 means admin). 

class UsersController < ApplicationController

  # Set the user record before each action
  before_action :set_user, only: [:show, :edit, :update, :destroy]

  # User must authenticate to use all actions in the users controller  
  before_filter :authenticate_user!

  def create
    if current_user.role = 1 then
      @user = User.new(user_params)
      @user.password = Devise.friendly_token[0,20]

      respond_to do |format|
        if @user.save
          format.html { redirect_to @user, notice: 'User was successfully created.' }
          format.json { render action: 'show', status: :created, location: @user }
        else
          format.html { render action: 'new' }
          format.json { render json: @user.errors, status: :unprocessable_entity }
        end
      end
    else
      format.html { redirect_to @user, notice: 'You do not have sufficient rights to set up a new user.' }
    end
  end

  private

  # Use callbacks to share common setup or constraints between actions.
  def set_user
    @user = User.find(params[:id])

    rescue ActiveRecord::RecordNotFound  
    flash[:notice] = "User record does not exist"
    redirect_to users_url
  end
end
Mark Davies
  • 736
  • 1
  • 7
  • 26
  • I've added the user params myself, and it did worked, I thought it would inherit it from the devise controller then i realized that this class is inheriting from Application controller class. anyway thanks you. but your answer is not complete yet, respond_to is missing an end tag. edit it to mark it as right answer – Opapadaia Aug 17 '16 at 12:12