Ruby on rails -Devise - 需要密码才能删除帐户

时间:2016-09-07 15:15:18

标签: ruby-on-rails devise passwords destroy

目前我的用户需要输入密码才能更改自己的电子邮件地址或密码,但可以删除自己的帐户而无需输入密码。我不知道如何要求这个。

到目前为止,我有:

用户控制器:

def destroy
    @user = User.find(current_user.id)
    @user.destroy_with_password(user_params)
      if @user.destroy
          redirect_to root_url, notice: "User deleted."
      else
        redirect_to users_url
        flash[:notice] = "Couldn't delete"
      end
    end



    def user_params
         params.require(:user).permit(:username, :email, :password,
                                      :password_confirmation, :current_password, :avatar, etc....etc.... )
    end

表格:

<%= simple_form_for(@user, :method => :delete) do |f| %>
      <%= f.input :current_password, autocomplete: "off" %>
      <%= f.button :submit %>
<% end %>

即使没有输入密码,用户也会删除。删除请求正在由正确的控制器操作处理;

Processing by UsersController#destroy as HTML

Processing by UsersController#destroy as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"bla bla bla", "user"=>{"current_password"=>"[FILTERED]"}, "commit"=>"Update User", "locale"=>"en", "id"=>"ce2dc2edc"}

SQL (0.1ms)  DELETE FROM "users" WHERE "users"."id" = $1  [["id", 15]]

如何删除帐户?

我需要用户密码?

1 个答案:

答案 0 :(得分:0)

您正在调用Devise的destroy_with_password ,然后调用ActiveRecord的destroy。您只需致电destroy_with_password。代码应如下所示:

def destroy
  @user = User.find(current_user.id)
  if @user.destroy_with_password(user_params)
  # if @user.destroy      # <== remove me, don't need to destroy twice!
      redirect_to root_url, notice: "User deleted."
  else
    redirect_to users_url
    flash[:notice] = "Couldn't delete"
  end
end

destroy_with_password将返回truthy value