Rails: How to restrict signup to admin using Devise

Question

I am trying to restrict signups to a Devise admin. If possible, I would like to avoid using CanCan for now. I have created a separate Devise Admin model as described in option #1 here: https://github.com/plataformatec/devise/wiki/How-To:-Add-an-Admin-Role.

Next, I set up a CRUD interface for users as described here: https://github.com/plataformatec/devise/wiki/How-To:-Manage-users-through-a-CRUD-interface.

I would like to restrict new signups by using something like before_filter :authenticate_admin! in the Users controller, but for some reason it is not restricting new signups.

My routes.rb looks like this:

devise_for :admins
devise_for :users, :path_prefix => 'd'
resources :admins
resources :users, :controller => "users"

Any ideas why before_filter :authenticate_admin! is not restricting new signups?

Answer 1

You can't use before_filter :authenticate_admin! in Users controller because admin and user are two different models in your app.

I don't know if I fully understand what you mean, but you can do this if you don't want to accept new registrations for User (or Admin):

# in your User(Admin) model
devise :registerable # remove :registerable

Hope this helps!

Answer 2

I was looking for something similar; disabling new registrations altogether. I dug this up on a mailing list somewhere and while it solved my problem it might be a decent starting point for yours:

class RegistrationsController < Devise::RegistrationsController 
  def new
    flash[:failure] = t('registrations.registrations_disabled')
    redirect_to root_path
  end
end

Maybe something similar but add a check to see if the current_user is an admin then redirect based on that...