Devise/Rails - How to allow only admin to create account for others?

Question

I am using devise as my authentication solution and now i am thinking about authorization. In my project I (the admin) is the only person authorized to create account for others

Answer 1

Setting :skip => :registrations also kills the ability for a user to edit their user info. If that's not what you are after you can instead create a (minimal) custom registrations controller and only remove the new_user_registration_path while preserving the edit_user_registration_path.

# app/controllers/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController

 def new
    # If you're not using CanCan, raise some other exception, or redirect as you please
    raise CanCan::AccessDenied
  end

end

# routes.rb
devise_for :users, :controllers => { :registrations => "registrations" }

Once you do this you also need to move the directory views/devise/registrations to just views/registrations.

Answer 2

It actually looks like in the later versions of Devise you can just remove the "registerable" declaration from your model and it will take care of this for you.

Answer 3

You can try the rails_admin gem in conjunction with Devise to handle any admin-specific tasks. You'll need to add more code to set it up, but at least you avoid hacking around the solution in terms of changing your interactions with Devise.