0

On my website I handle all membership with Devise. I have a strange situation where I only want users with a certain permission to be able to sign_up other users (create a profile for the new user), but when I try to access \users\sign_up when I am already logged on, I get redirected to root.

Should I be handling the user (customer) differently than the user (employee)? I think this is the simplest way, but maybe there is a better way.

Jeremy Thomas
  • 6,240
  • 9
  • 47
  • 92
  • Seems similar to what this question is asking. You might be able to use some of this: http://stackoverflow.com/questions/12541224/rails-devise-prevent-login-immediately-after-signup-without-using-confirmable – plainjimbo Apr 20 '16 at 20:36
  • It would be helpful but its outdated. The Devise controller no longer looks like that. – Jeremy Thomas Apr 20 '16 at 20:58

1 Answers1

0

Create your own controller to do that. Then, in that controller do all checks for roles and access. Once satisfied created new users with:

@user = User.new(:email => 'test@example.com', :password => 'password', :password_confirmation => 'password')
@user.save
Uzbekjon
  • 11,655
  • 3
  • 37
  • 54
  • Your response is a bit vague. I'm not sure what you mean by "that". To handle creating new users? I figured there is a simpler way to override Deivise's registrations controller – Jeremy Thomas Apr 20 '16 at 20:57
  • By "that", I mean managing users (CRUD). Disable devise user registration and create your own controller that will manage users. That controller will be accessible to users with specific role. Alternatively, you can simply add basic auth to `users/sign_up` uri and give username/password details to employees. They will be able to access registration page and input user details into the form. That's an easy workaround. – Uzbekjon Apr 20 '16 at 21:07
  • I added a admin authorization, and `skip_before_filter :require_no_authentication, only: [:new, :create]` to my registration controller and it seems to have done the trick – Jeremy Thomas Apr 20 '16 at 21:45