Devise/Rails - How to allow only admin to create account for others?

Question

I am using devise as my authentication solution and now i am thinking about authorization. In my project I (the admin) is the only person authorized to create account for others

Answer 1

Setting :skip => :registrations also kills the ability for a user to edit their user info. If that's not what you are after you can instead create a (minimal) custom registrations controller and only remove the new_user_registration_path while preserving the edit_user_registration_path.

# app/controllers/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController

 def new
    # If you're not using CanCan, raise some other exception, or redirect as you please
    raise CanCan::AccessDenied
  end

end

# routes.rb
devise_for :users, :controllers => { :registrations => "registrations" }

Once you do this you also need to move the directory views/devise/registrations to just views/registrations.