3

I have struggling with this for hours now. I have looked at many solutions online but none seem to be working for me.

I have a class, Admin, that registers Users. Users can not sign up themselves. However, after an Admin creates a User, Devise automatically creates a session for that user, effectively having a User and an Admin logged in at once!

I have tried, among others, these solutions: Rails Devise prevent login immediately after Signup without using Confirmable Override devise registrations controller

However, they do not make a difference

Here is the pertinent part of rake routes

     new_user_session GET    /users/sign_in(.:format)          devise/sessions#new
           user_session POST   /users/sign_in(.:format)          devise/sessions#create
   destroy_user_session DELETE /users/sign_out(.:format)         devise/sessions#destroy
          user_password POST   /users/password(.:format)         devise/passwords#create
      new_user_password GET    /users/password/new(.:format)     devise/passwords#new
     edit_user_password GET    /users/password/edit(.:format)    devise/passwords#edit
                        PATCH  /users/password(.:format)         devise/passwords#update
                        PUT    /users/password(.:format)         devise/passwords#update
cancel_user_registration GET    /users/cancel(.:format)           devise/registrations#cancel
      user_registration POST   /users(.:format)                  devise/registrations#create
  new_user_registration GET    /users/sign_up(.:format)          devise/registrations#new
 edit_user_registration GET    /users/edit(.:format)             devise/registrations#edit
                        PATCH  /users(.:format)                  devise/registrations#update
                        PUT    /users(.:format)                  devise/registrations#update
                        DELETE /users(.:format)                  devise/registrations#destroy
                  users GET    /users(.:format)                  users#index
                        POST   /users(.:format)                  users#create
               new_user GET    /users/new(.:format)              users#new
              edit_user GET    /users/:id/edit(.:format)         users#edit
                   user GET    /users/:id(.:format)              users#show
                        PATCH  /users/:id(.:format)              users#update
                        PUT    /users/:id(.:format)              users#update
                        DELETE /users/:id(.:format)              users#destroy
Community
  • 1
  • 1
Oscar Courchaine
  • 346
  • 3
  • 14

1 Answers1

2

There is no point in using the Devise sign up functionality in this case. Devise registrations are a ready-made solution for providing end user sign up which is very different from what you want.

Instead the logical solution would be to just use a plain controller action.

# config/routes.rb
resources :users

class UsersController < ApplicationController

  before_action :authenticate_user!

  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)
    if @user.save
     redirect_to @user, notice: 'User created successfully.'
    else
     render :new
    end 
  end

  def user_params
    params.require(:user).permit(:email, :password, :password_confirmation)
  end
end

Admins would create users via /users/new.

added

The route created by devise_for :users has a higher priority than the one that leads to UsersController#create.

user_registration  POST /users(.:format)  devise/registrations#create

This is because routes have priority in the order they are defined.

A basic fix would be:

Rails.application.routes.draw do
  # Recreatetes the Devise registrations routes
  # They act on a singular user (the signed in user)
  # "as: :user_registration" gives us the same named routes as devise_for
  resource :users,
    only: [:edit, :update, :delete],
    controller: 'devise/registrations',
    as: :user_registration do
    get 'cancel'
  end

  devise_for :users, skip: [:registrations]
  resources :users # creates the "normal" CRUD routes for users
end
max
  • 96,212
  • 14
  • 104
  • 165
  • Hi, I tried this but it made no difference. When I, logged in as an Admin, create a user using the devise sign up form, it still auto-logs that user in. – Oscar Courchaine Aug 03 '15 at 02:13
  • You really missed the whole point - **You should not be using the devise sign up form!** Instead you would be creating users via `/users/new` – max Aug 03 '15 at 02:17
  • okay, I tried that as well, but it is still logging that user in – Oscar Courchaine Aug 03 '15 at 02:22
  • Then something in your app is really messed up. Check the output from your rails server or `log/development.log` - the request should have hit `UsersController`. And the only possible way that the controller above is signing in a user is if you have some really weird shit in your ApplicationController. – max Aug 03 '15 at 02:29
  • Looking at the console, I see that right after the POST occurs, there is a line saying "Processing by Devise::RegistrationsController#create as HTML" My controller for User does not inherit from Devise, so I am not quite sure why this is happening. – Oscar Courchaine Aug 03 '15 at 02:34
  • Have you checked your routes? `$ rake routes` – max Aug 03 '15 at 02:36
  • Nothing seems out of place to me: I added it to the original post – Oscar Courchaine Aug 03 '15 at 03:02
  • great, It worked with the example I provided as well as my other relations. Thanks for your help! – Oscar Courchaine Aug 03 '15 at 20:25