rails：设计没有密码的更新用户

Question

我已按照devise's wiki regarding overriding update method to update user information without adding password 中的说明进行操作，但我仍然收到通知说我不能将密码留空。我被困住了，我需要一些帮助来追踪问题。

<%= form_for(resource, :as => resource_name, :url => custom_update_user_registration_path, :html => { :method => :put }) do |f| %>
  <%= devise_error_messages! %>
    <%= f.text_field :first_name %>
    <%= f.text_field :last_name %>
    <%= f.email_field :email, :autofocus => true %>
  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>
<%= f.submit "Update" %>

在我的路线中：

  devise_for :user, :controllers => { :registrations => "registrations" }, :skip => [:registrations, :sessions] do 

    get 'signup' => 'devise/registrations#new', :as => :new_user_registration 
    post 'signup' => 'devise/registrations#create', :as => :custom_user_registration 
    get 'users/cancel' => 'devise/registrations#cancel', :as => :cancel_user_registration 
    get 'account/edit' => 'devise/registrations#edit', :as => :custom_edit_user_registration 
    put 'account' => 'devise/registrations#update', :as => :custom_update_user_registration
    delete 'users/cancel' => 'devise/registrations#destroy'   
    # devise/sessions 
    get 'signin' => 'devise/sessions#new', :as => :new_user_session 
    post 'signin' => 'devise/sessions#create', :as => :user_session 
    delete 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session

  end

这是我的控制器：

class RegistrationsController < Devise::RegistrationsController
  before_filter :check_permissions, :only => [:new, :create, :cancel]
  skip_before_filter :require_no_authentication

  def check_permissions
    authorize! :create, resource
  end

  def update
    @user.attributes = params[:user]  
    # required for settings form to submit when password is left blank
    if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
        params[:user].delete(:password)
        params[:user].delete(:password_confirmation)
    end

    @user = User.find(current_user.id)
    if @user.update_attributes(params[:user])
      set_flash_message :notice, :updated
      # Sign in the user bypassing validation in case his password changed
      sign_in @user, :bypass => true
      redirect_to after_update_path_for(@user)
    else
      render "edit"
    end

  end
end

我不知道为什么我仍然收到需要提交密码的错误？有人能看到我忽略的东西吗？

谢谢

Answer 1

你可以在你的模型中正常处理它。 只需编辑您的验证。这样你通常不需要覆盖整个控制器..只需编辑模型：

validates :password, :presence => true, :on => :create

Answer 2

我刚刚发现我错误地覆盖了我的设计注册。

这是拥有注册控制器的正确方法

Rails 3 /devise seems to ignore custom controller

Answer 3

尝试改变

if @user.update_attributes(params[:user])

到设备方法

if @user.update_without_password(params[:user])

Answer 4

在 RegistrationsController

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, ...) }
end

def update
# Get all params for :account_update
account_update_params = devise_parameter_sanitizer.sanitize(:account_update)

# Allow user to update without using password.
if account_update_params[:password].blank?
  account_update_params.delete("password")
  account_update_params.delete("password_confirmation")
end

# Set current_user
@user = User.find(current_user.id)
 if @user.update_attributes(account_update_params)
   set_flash_message :notice, :updated
   sign_in @user, :bypass => true
   redirect_to after_update_path_for(@user)
 else
   render "edit"
 end
end