0

I'm looking for a solution that does not involve an extra library/module, only Devise. How can I make the admin the only one who can create new users?

I have my model Users, created by the Devise, and I included the column Admin (boolean) with the default value set to false. After that, I generated the devise controllers with this command:

rails generate devise:controllers Users

But now I don't know what to do really...

I already found some stackoverflow questions that are quite similar, but none answered my question. I'm trying to accomplish this without generating a new controller, only using the subclass generated by the command above. Hope you can help me.

Thank you!

UPDATE:

I want to do something similar to the last answer of this stackoverflow question but I can't put that to work :/

Proz1g
  • 1,177
  • 4
  • 16
  • 36
  • you need to create views and make sure that only admin have access to those pages by using something like `gem 'pundit'` or `gem 'cancancan'`. Try something of that and update your question – seethrough Jun 14 '18 at 12:37

2 Answers2

0

You should probably create your custom controller as such, in routes.rb:

devise_for :users, :controllers => {:registrations => "registrations"}

https://github.com/plataformatec/devise/wiki/Tool:-Generate-and-customize-controllers Override devise registrations controller

Then you should run a migration to add an admin field to your user table:

def change
  add_column :users, :admin, :boolean, default: false
end

And finally in your controller logic, allow only the admin to create user, for instance:

if user.admin == false
  flash[:alert] = "You are not allowed to create a user"
  redirect_to whatever_path
end

I think this should do the job.

Guillaume Bihet
  • 625
  • 1
  • 9
  • 17
  • thank you for your answer. What I want is something like the last answer of this post: https://stackoverflow.com/questions/24875403/only-allow-admin-user-to-create-new-users-in-rails-with-devise-no-external-modu?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa - but I can't put that to work properly, maybe you can tweak it a bit, dunno.. – Proz1g Jun 14 '18 at 13:40
  • You're welcome, well the last answer of this post looks quite elegant to me, not sure why it doesn't work in your case, no time to test/tweak it for now unfortunately. But note also that you can restrain access to the user creation page to anyone who is not an admin (and not signed in), with a similar logic in the controller related to this view, something like "unless user.admin" flash message "not allowed" and redirect. That would be a first step. For the rest, I think my solution would work but the other one seems nice, hope you manage to make either of them work for you. – Guillaume Bihet Jun 14 '18 at 14:37
  • Thank you again. I end up using the other answer, the problem was that I needed to create a custom controller. Best regards ;) – Proz1g Jun 14 '18 at 14:59
  • Great to hear you made it! Cheers :) – Guillaume Bihet Jun 14 '18 at 15:30
0

I end up solving my problem with the last answer of this question (Nuclearmans): Only allow admin user to create new users in Rails with Devise (No external modules)

BTW, I had to create a custom controller (registration).

Proz1g
  • 1,177
  • 4
  • 16
  • 36