设计:什么时候定制太多了?

时间:2011-06-30 09:33:53

标签: ruby-on-rails devise customization ruby-on-rails-3.1

我正在为自己写一个应用程序,所以我没有急于求成,我唯一的目标是正确地做事。 对于身份验证我使用设计,但我结果是定制它很多。 我已经看到Rails 3.1中出现了一些很好的功能,可以更容易地实现auth。

一般来说,什么时候Devise会停止使用并开始妨碍你? 这是我目前的定制列表,当然除了视图,但我仍然想实现至少SEO友好的URL。

# model/User.rb
  #this method is called by devise to check for "active" state of the model
  def active?
    #remember to call the super
    #then put our own check to determine "active" state using 
    #our own "is_active" column
    super and self.is_active?
  end


protected #====================================================================

  # find in db the user with username or email login
  def self.find_record(login)
    where(attributes).where(["name = :value OR email = :value", { :value => login }]).first
  end

  # allow no case sensitive email
  # (saved downcase, fetched downcase)
  def self.find_for_authentication(conditions)
    conditions[:email].downcase!
    super(conditions)
  end

  # find the user in the db by username or email
  def self.find_for_database_authentication(conditions)
    login = conditions.delete(:login)
    where(conditions).where(["name = :value OR email = :value", { :value => login }]).first
  end

  # Attempt to find a user by it's email. If a record is found, send new
  # password instructions to it. If not user is found, returns a new user
  # with an email not found error.
  def self.send_reset_password_instructions(attributes={})
    recoverable = find_recoverable_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
    recoverable.send_reset_password_instructions if recoverable.persisted?
    recoverable
  end

  def self.find_recoverable_or_initialize_with_errors(required_attributes, attributes, error=:invalid)
    case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }

    attributes = attributes.slice(*required_attributes)
    attributes.delete_if { |key, value| value.blank? }

    if attributes.size == required_attributes.size
      if attributes.has_key?(:login)
        login = attributes.delete(:login)
        record = find_record(login)
      else
        record = where(attributes).first
      end
    end

    unless record
      record = new

      required_attributes.each do |key|
        value = attributes[key]
        record.send("#{key}=", value)
        record.errors.add(key, value.present? ? error : :blank)
      end
    end
    record
  end

  # password not required on edit
  # see: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
  def password_required?
    new_record?
  end


# controllers/registrations_controller.rb
# devise controller for registration
class RegistrationsController < Devise::RegistrationsController

  # update_attributes (with final S) without providing password
  # overrides devise
  # see: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
  def update
    # Devise use update_with_password instead of update_attributes.
    # This is the only change we make.
    if resource.update_attributes(params[resource_name])
      set_flash_message :notice, :updated
      # Line below required if using Devise >= 1.2.0
      sign_in resource_name, resource, :bypass => true
      redirect_to after_update_path_for(resource)
    else
      clean_up_passwords(resource)
      render_with_scope :edit
    end
  end

end

谢谢

2 个答案:

答案 0 :(得分:4)

我暂时坚持设计,你的变化并不大。但是,我会设计并将您所做的更改提取到新功能中。然后尝试让他们自己设计。这样维护它们不会落在你身上,它可能落在许多人身上。

维护一个完整的身份验证系统可能是一个真正令人头痛的问题,并最终重新发明轮子。只需要一个错误就可以让你大开眼界。

此外,您的新find_for_authentication方法,现在已经在设计中得到支持,放入您的设计初始化程序......

config.case_insensitive_keys = [ :email ]

答案 1 :(得分:0)

好问题 - 我的观点可能是,只要它使事情变得更容易,它就是有用的。您总是可以在github上进行fork设计并在某种程度上将您的自定义放在那里 - 这就是我在一个项目中所做的。我对自己的身份验证感到有些紧张,因为正确认证是非常重要的,特别是如果其他人想看到他们不应该看到的东西。但我有兴趣看看别人的想法。