设备3(导轨4)无法在没有密码的情况下更新用户
我正在尝试更新用户而不必提供密码,但是在旧版本/ rails版本上工作的方法不再适用于设计3和rails 4强参数。
我正在使用我的user_controller进行更新,但我也尝试使用自定义设备注册控制器和devise_parameter_sanitizer,但没有成功。
表单不需要密码(没有密码字段),处理更新的user_controller如下所示:
# PATCH/PUT /users/1 def update if user_params[:password].blank? Rails.logger.info "entered if statement" user_params.delete :password user_params.delete :password_confirmation Rails.logger.info(user_params.inspect) end @user = current_user if @user.update(user_params) redirect_to @user, notice: 'User was successfully updated.' else Rails.logger.info(@user.errors.inspect) render action: 'edit' end end private def user_params params.require(:user).permit(:screen_name, :full_name, :email, :about, :location, :profile_pic, :password, :password_confirmation, :current_password) end ..提交后的日志如下:
Started PATCH "/users/13" for 127.0.0.1 at 2013-05-29 11:18:18 +0100 Processing by UsersController#update as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"20avah2OzaOVubAiam/SgvbYEQ4iijEWQqmNo7xD4rY=", "user"=>{"screen_name"=>"Darcbar", "full_name"=>"Barry Darcy", "about"=>"", "location"=>"", "website_url"=>"", "twitter_username"=>"", "email"=>"barry@gmail.com"}, "commit"=>"Save changes", "id"=>"13"} User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 13 ORDER BY "users"."id" ASC LIMIT 1 Entered if statement... {"screen_name"=>"Darcbar", "full_name"=>"Barry Darcy", "email"=>"barry@gmail.com", "about"=>"", "location"=>"", "twitter_username"=>"", "website_url"=>""} (0.2ms) BEGIN User Exists (0.8ms) SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'barry@gmail.com' AND "users"."id" != 13) LIMIT 1 (0.2ms) ROLLBACK #<ActiveModel::Errors:0x007fedf45bb640 @base=#, @messages={:password=>["please enter a password with at least 5 characters", "please enter a password with at least 5 characters"]}> Rendered users/edit.html.haml within layouts/application (3.0ms) Rendered partials/head/_user_options.haml (1.8ms) Completed 200 OK in 74ms (Views: 12.1ms | ActiveRecord: 1.7ms)
有谁知道为什么会出现密码错误?
密码validation来自用户模型:
validates :password, presence: true
解决方案是仅在更新时validationcreate和allow_blank上的状态:
validates :password, presence: true, length: {minimum: 5, maximum: 120}, on: :create validates :password, length: {minimum: 5, maximum: 120}, on: :update, allow_blank: true
截至2014年,您可以简单地覆盖受保护的方法并执行以下操作:
class RegistrationsController < Devise::RegistrationsController protected def update_resource(resource, params) resource.update_without_password(params) end end
您可以使用@user.update_without_password(user_params)方法更新其他字段。
例如,我在自定义users_controller.rb中有这个。 我用远程调用(ajax)更新。
#users_controller.rb def update respond_to do |format| if needs_password?(@user, user_params) if @user.update_with_password(user_params_password_update) flash[:success] = 'User was successfully updated. Password was successfully updated' format.js {render 'update'} else error = true end else if @user.update_without_password(user_params) flash[:success] = 'User was successfully updated.' format.js {render 'update'} else error = true end end if error flash[:error] = @user.errors.full_messages.join(', ') format.js {render json: @user.errors.full_messages, status: :unprocessable_entity} end end end private def needs_password?(user, user_params) !user_params[:password].blank? end def user_params params[:user].permit(:email, :password, :password_confirmation, :username, :full_name) end #Need :current_password for password update def user_params_password_update params[:user].permit(:email, :password, :password_confirmation, :current_password, :username, :full_name) end
关键是这个“user_params [:密码] .blank?”。 接下来是代码示例:
def update if user_params[:password].blank? params = user_params_without_password else params = user_params end respond_to do |format| if @user.update(params) format.html { redirect_to @user, notice: t(:user_update) } format.json { render :show, status: :ok, location: @user } else format.html { render :edit } format.json { render json: @user.errors, status: :unprocessable_entity } end end end private def set_user @user = User.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def user_params params.require(:user).permit(:email, :username, :first_name, :last_name, :admin, :locked, :password) end def user_params_without_password params.require(:user).permit(:email, :username, :first_name, :last_name, :admin, :locked) end
希望你能帮忙
我在这里玩了很多年。 答案都可以通过上面的mrstif建议得到validation。 如果您使用可validation模块Devise开箱即用(带有配置选项),允许您在不提供密码的情况下更新用户详细信息,因此请务必小心滚动您自己的密码validation。
通过创建app / controller / registrations_controller.rb简单地覆盖Devise
class RegistrationsController < Devise::RegistrationsController protected def update_resource(resource, params) resource.update(params.except(:current_password)) end end
此代码将直接更新用户参数,但:current_password
并更新config / routes.rb
devise_for :users, controllers: {registrations: 'registrations'}
我的目标是在不需要密码的情况下启用编辑用户属性,除非它正在更改电子邮件,密码或删除帐户。 这对我有用:
应用程序/控制器/ registrations_controller.rb:
class RegistrationsController < Devise::RegistrationsController before_action :configure_permitted_parameters ... def update params[:user][:team_attributes][:id] = current_user.team.id account_update_params = devise_parameter_sanitizer.sanitize(:account_update) if password_required? successfully_updated = resource.update_with_password(account_update_params) else account_update_params.delete(:current_password) successfully_updated = resource.update_without_password(account_update_params) end if successfully_updated sign_in resource, bypass: true redirect_to '/' else render :edit end end def destroy current_password = devise_parameter_sanitizer.sanitize(:account_update)[:current_password] resource.errors.add(:current_password, current_password.blank? ? :blank : :invalid) error_messages = 'Current password ' + resource.errors[:current_password].join if resource.destroy_with_password(current_password) redirect_to '/' else redirect_to delete_account_path, notice: error_messages end end protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:account_update) do |user_params| user_params.permit(:username, :email, :password, :password_confirmation, :current_password, :name, :phone_number end end private def password_required? (resource.email != params[:user][:email] if params[:user][:email].present?) || params[:user][:password].present? end end
更新config / routes.rb:
devise_for :users, controllers: { registrations: 'registrations' }
在views / devise / registrations / edit.html.haml中
# edit form ... = simple_nested_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { class: 'mo-form' }, defaults: { placeholder: false, hint: false }) do |f| ... # delete form ... = simple_form_for(resource, as: resource_name, url: user_registration_path(resource_name), method: :delete, html: { class: 'mo-form' }, defaults: { placeholder: false, hint: false }) do |f| ...
- capybara:post,在将请求名称的目录更改为function时获取方法不起作用
- rails 3.1 ActionController :: RoutingError(没有路由匹配“/assets/rails.png”):
- 如何在linux中轻松接收邮件并将其提供给Rails?
- Ruby on rails:使用belongs_to关联创建模型条目
- link_to与inheritance的Active Record类发生问题
- Rails枚举validation不起作用但引发ArgumentError
- Rails在form_for中更改提交的路由
- 使用ActiveRecord冒泡嵌套事务失败
- 将Date对象转换为TimeWithZone