我将devise 用于authentication,并且我为每个用户使用role,并且我允许具有admin 角色的用户创建新用户,并且我希望管理员用户使用edit the password 其余的如果用户忘记密码。但是我无法在没有当前密码的情况下更改密码。那么我怎样才能允许管理员用户通过编辑用户密码来更改密码并像我们对其余值一样保存。
【问题讨论】:
标签: ruby-on-rails ruby-on-rails-3 devise
由于update_without_password 仍然需要current_password 来更新密码,因此您必须拥有这样的update:
def update
# required for settings form to submit when password is left blank
if params[:user][:password].blank?
params[:user].delete("password")
params[:user].delete("password_confirmation")
end
@user = User.find(current_user.id)
if @user.update_attributes(params[:user])
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
此示例用于更新当前用户(包括用户密码),但您可以根据需要对其进行修改。
【讨论】:
@user.update_attributes(password: params[:user][:password])
【讨论】:
有一个内置的设计方法叫做update_without_password。
这是我在更新方法中使用的内容:
# PUT /manage_users/1
# PUT /manage_users/1.json
def update
@user = User.find(params[:id])
able_to_edit_profile?
# required for settings form to submit when password is left blank
if params[:user][:password].blank?
params[:user].delete("password")
params[:user].delete("password_confirmation")
end
respond_to do |format|
if @user.update_attributes(params[:user])
@user.save
# sign the user in with their new password so it doesn't redirect to the login screen
sign_in @user, :bypass => true
format.html {
flash[:notice] = 'User was successfully updated.'
redirect_to session.delete(:return_to)
}
format.json { head :no_content }
else
format.html { render action: "edit", notice: 'Error updating user.' }
format.json { render json: @user.errors, status: :unprocessable_entity }
end
end
end
private
# If the user is not an admin and trying to edit someone else's profile, redirect them
def able_to_edit_profile?
if !current_user.try(:admin?) && current_user.id != @user.id
flash[:alert] = "That area is for administrators only."
redirect_to :root
end
end
【讨论】: