The build_resource
method in the Devise::RegistrationsController( on github ),
def build_resource(hash=nil)
self.resource = resource_class.new_with_session(hash || {}, session)
end
builds a new resource by based the session. The user in the session (in this case) are the admin and are signed in.
You want to create a new User based on a new user instance of the user class, not based on a session.
Something like this should work.
class AdminsController < ApplicationController
def new_user
authorize! :manage, User
@user = Users.new
end
def create_user
@user = User.new(permitted_params.user)
authorize! :manage, User
if @user.save
#success
else
#error
end
end
end
routes.rb
get "admins/new_user" => "admins#new_user", as: :admins_new_user
post "admins/create_user/:id" = "admins/create_user", as: :admins_create_user
link to new user
<%= link_to "Create User", admins_new_user_path %>
Form
<%= form_for(@user, :url => admins_create_user_path) do |f| %>
#fields and submit
<% end %>
permitted_params.user is a method in a PermittedParams class, and it might be handy for you.
By passing current_user into the method you can allow different parameter for different users.
models/permitted_params.rb
class PermittedParams < Struct.new(:params, :current_user)
def user
params.require(:user).permit(*user_attributes)
end
def user_attributes
if current_user.admin?
[:name, :email,:password, :password_confirmation, :role ,:admin]
else
[ :name, :email, :remember_me,:password, :password_confirmation, ]
end
end
end