我正在构建一个包含3个模型的应用(客户,积分,管理员)。客户拥有积分,积分属于客户。然后Admin将user_name和password_hash作为属性,通过Bcrypt存储密码。一旦客户通过电话号码搜索自己,他们的积分就会显示出来。但要添加积分,管理员只需使用密码(4位数代码)登录,即可访问添加点。
我无法通过密码找到管理员,而不是用户名和密码。
class AdminsController < ApplicationController
def new
@admin = Admin.new
end
def create
@Admin = Admin.new(admin_params)
if @admin.save
redirect_to root_path
else
flash[:error] = "incorrect data, please check form"
render new_admin_path
end
end
def login
@customer = Customer.find(params[:id])
# Need to get the input password
params[:password]
# Change the inputed password into a password hash
# inputed_password_hash (NEED HELP HERE)
# Compare the password hash with password hashes in the Admin model/database
# to see if it exists.
# if true, send to add points page
# if false, send back to customer page
if Admin.find_by(password_hash: inputed_password_hash)
redirect_to new_points_path
else
render customer_path
end
end
private
def admin_params
params.require(:admin).permit(:user_name, :password, :password_confirmation)
end
end