目前我的用户需要输入密码才能更改自己的电子邮件地址或密码,但可以删除自己的帐户而无需输入密码。我不知道如何要求这个。
到目前为止,我有:
用户控制器:
def destroy
@user = User.find(current_user.id)
@user.destroy_with_password(user_params)
if @user.destroy
redirect_to root_url, notice: "User deleted."
else
redirect_to users_url
flash[:notice] = "Couldn't delete"
end
end
def user_params
params.require(:user).permit(:username, :email, :password,
:password_confirmation, :current_password, :avatar, etc....etc.... )
end
表格:
<%= simple_form_for(@user, :method => :delete) do |f| %>
<%= f.input :current_password, autocomplete: "off" %>
<%= f.button :submit %>
<% end %>
即使没有输入密码,用户也会删除。删除请求正在由正确的控制器操作处理;
Processing by UsersController#destroy as HTML
Processing by UsersController#destroy as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"bla bla bla", "user"=>{"current_password"=>"[FILTERED]"}, "commit"=>"Update User", "locale"=>"en", "id"=>"ce2dc2edc"}
SQL (0.1ms) DELETE FROM "users" WHERE "users"."id" = $1 [["id", 15]]
如何删除帐户?
我需要用户密码?答案 0 :(得分:0)
您正在调用Devise的destroy_with_password
和,然后调用ActiveRecord的destroy
。您只需致电destroy_with_password
。代码应如下所示:
def destroy
@user = User.find(current_user.id)
if @user.destroy_with_password(user_params)
# if @user.destroy # <== remove me, don't need to destroy twice!
redirect_to root_url, notice: "User deleted."
else
redirect_to users_url
flash[:notice] = "Couldn't delete"
end
end
destroy_with_password
将返回truthy value。