1

I want to block signup for non-admins so that only a superuser/administrator can add new users. How can I achieve that?

I tried following the method mentioned here: Devise before filter that prevents access to “new_user_registration_path” unless user is signed-in but had no results.

I have installed devise, cancan and rolify. In addition, I also don't want anyone to go to the /users/sign_up page and sign in. Only admins must have the ability to sign up new users.

Due to the devise installation there is no users controller. Please guide me through making one if needed.

routes.rb

FifthApp::Application.routes.draw do
  devise_for :users
  resources :qanotes
end

user.rb

class User < ActiveRecord::Base

  #resourcify :resources
  rolify

  has_many :qanotes

  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

end

I keep on getting redirected to the root, i.e. localhost:3000, when I try to go to sign up page (only after log in).

Community
  • 1
  • 1
aelor
  • 10,892
  • 3
  • 32
  • 48

2 Answers2

1

Remove :regesterable keyword from default devise modules from your user model. Than you should add your own form for creating new user, and thus you can add new users. Hope it will help. Thanks

Rails Guy
  • 3,836
  • 1
  • 20
  • 18
1

You could customize registration controller (e.g registrations_controller.rb), and you should add before_filter authentication and before_filter only administrator to registrations_controller.rb looks like :

class RegistrationsController < Devise::RegistrationsController
 before_filter :authenticate_user!
 before_filter :is_administratior?, only: [:new, :create]

 def new
   super
 end

 def create
   super
 end

 private

  def is_administratior?
  if user_signed_in? # if user signed
   if current_user.administrator? # if adminstrator return true
     true
   else
     redirect_to some_path
   end
  else
    redirect_to login_path
  end
end

See my answer here about Devise/cancan redirect admin

Community
  • 1
  • 1
rails_id
  • 8,120
  • 4
  • 46
  • 84