Devise/CanCanCan - Allow Admin To Create New Users

Question

The build_resource method in the Devise::RegistrationsController( on github ),

def build_resource(hash=nil)
  self.resource = resource_class.new_with_session(hash || {}, session)
end

builds a new resource by based the session. The user in the session (in this case) are the admin and are signed in.

You want to create a new User based on a new user instance of the user class, not based on a session.

Something like this should work.

class AdminsController < ApplicationController
 def new_user
  authorize! :manage, User
   @user = Users.new
 end
 def create_user
    @user = User.new(permitted_params.user)
    authorize! :manage, User
    if @user.save
     #success
    else
     #error
    end

 end
end

routes.rb

get "admins/new_user" => "admins#new_user", as: :admins_new_user
post "admins/create_user/:id" = "admins/create_user", as: :admins_create_user

link to new user

<%= link_to "Create User", admins_new_user_path %>

Form

  <%= form_for(@user, :url => admins_create_user_path) do |f| %>
  #fields and submit
  <% end %>

permitted_params.user is a method in a PermittedParams class, and it might be handy for you.

By passing current_user into the method you can allow different parameter for different users.

models/permitted_params.rb

class PermittedParams < Struct.new(:params, :current_user)
  def user
    params.require(:user).permit(*user_attributes)
  end
  def user_attributes
    if current_user.admin?
      [:name, :email,:password, :password_confirmation, :role ,:admin]
    else
      [ :name, :email, :remember_me,:password, :password_confirmation, ]
    end
  end
end