Admin user administration with Devise

Question

I am trying out Devise for the first time. One of the things that I wanted to do is provide an interface for Admin users to create, find and edit users. Here's where I may have gone wrong.

I created a PeopleController class which inherits from ApplicationController that lists people and provides methods and views for creating and updating users. Everything works fine with one exception. When the admin user updates their own record, the session is cleared and they have to login again after saving it.

In this application I'm not using the registerable module. Only an admin user can create new users. What is the right way in devise to provide user management tools. Creating my own controller seems to have been the wrong path to take.

Thanks in advance for your help.

Answer 1

Thank you very much for the help. This is essentially exactly what I am doing. I discovered a clue that helped me solve the problem of the user's session being cleared when they edit their own record in this wiki:

https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password

This is the line I needed:

sign_in resource_name, resource, :bypass => true

This method is located in Devise::Controllers::Helpers so I did this in my controller.

class PeopleController < ApplicationController
   include Devise::Controllers::Helpers

Then in my update method I call it only if the current_user.id equals the id that is being edited:

def update
  @person = User.find(params[:id])
  if @person.update_attributes(params[:user])
    sign_in @person, :bypass => true if current_user.id == @person.id
    redirect_to  person_path(@person), :notice  => "Successfully updated user."
  else
    render :action => 'edit'
  end
end

Now if the current user edits their own record, the session is restored after it is saved.

Thanks again for your responses.