开始使用小型新Rails应用程序(为了便于学习),我在关注this Devise How-to之后遇到问题,因为它允许用户在没有密码确认的情况下编辑帐户。我还关注了其他一些Devise How-tos,以获得如下功能: - 只允许一个用户 - 用户可以使用密码,电子邮件或用户名登录 - 用户可以编辑他的帐户而无需密码确认(错误?) - 用户可以拥有一个头像(仍在进行中......似乎也有错误:/)
这最终是我的代码的样子:
registrations_controller.rb
class Admin::RegistrationsController < ::Devise::RegistrationsController
before_action :one_user_registered?
protected
def one_user_registered?
if ((User.count == 1) & (!admin_user_signed_in?))
redirect_to new_admin_user_session_path
end
end
def after_update_path_for(resource)
admin_profile_index_path
end
def update_resource(resource, params)
resource.update_without_password(admin_params)
end
private
def admin_params
params.require(:admin_user).permit(
:firstname,
:lastname,
:username,
:email,
:password,
:password_confirmation,
:sitename,
:twitter_id,
:github_id,
:avatar
)
end
end
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit :sign_up, keys: [:username, :email, :password, :password_confirmation, :remember_me, :avatar, :avatar_cache]
devise_parameter_sanitizer.permit :account_update, keys: [:username, :email, :password, :password_confirmation, :avatar, :avatar_cache]
end
end
user.rb
class User < ActiveRecord::Base
mount_uploader :avatar, AvatarUploader
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:registerable,
:recoverable,
:rememberable,
:trackable,
:validatable,
:confirmable,
:authentication_keys => [:login]
# Virtual attribute for authenticating by either username or email
# This is in addition to a real persisted field like 'username'
attr_accessor :login, :password, :password_confirmation
validate :validate_username
def self.find_for_database_authentication(warden_conditions)
conditions = warden_conditions.dup
if login = conditions.delete(:login)
where(conditions.to_hash).where(["lower(username) = :value OR lower(email) = :value", { :value => login.downcase }]).first
elsif conditions.has_key?(:username) || conditions.has_key?(:email)
where(conditions.to_hash).first
end
end
def validate_username
if User.where(email: username).exists?
errors.add(:username, :invalid)
end
end
end
的routes.rb
Rails.application.routes.draw do
# Admin space
namespace :admin do
# Devise (auth)
devise_for :users, module: 'admin', path: '', path_names: {
sign_in: 'login',
sign_out: 'logout',
sign_up: 'signup',
password: 'password'
}
resources :dashboard, only: [:index]
resources :profile
resources :articles
resources :images, path: 'library'
root to: 'dashboard#index'
end
# Public space
resources :flux, only: [:index]
root to: 'flux#index'
end
如果我在 registrations_controller.rb 上评论 update_without_password 部分,事情似乎再次起作用,所以我猜这是我以错误的方式使用该方法,因为缺乏知识...所以提前,谢谢你的帮助!