使用has_secure_password的Rails update_attributes [英] Rails update_attributes using has_secure_password

问题描述

我正在一个用户可以拥有admin: true / false的项目中工作.该应用程序将仅允许管理员用户登录系统，其他用户仅是其管理员只能编辑设置的客户端.这是某种商业应用程序.( Rails 3.2.13 )

I am working in a project where users can either have admin: true / false. The application will only let admin users login in to the system, the other users are just clients whose settings only admins can edit. This is some sort of commerce application.(Rails 3.2.13)

我想将这两个概念保存在同一表中，因为将来可能会有非管理员用户登录并与他们的个人资料进行交互的选项，因此所有逻辑都已经实现.

I would like to keep both concepts in the same table since in the future there will possibly be the option of logging in for non-admin users and interact with their profiles, so all the logic will be already implemented.

我有这个User资源:

ActiveRecord::Schema.define(:version => 20131204200554) do

  create_table "users", :force => true do |t|
    t.string   "name"
    t.string   "surname"
    t.boolean  "admin"
    t.string   "password_digest"
    t.string   "email"
    t.string   "auth_token"
  end

end

这是用户模型:

class User < ActiveRecord::Base
    has_secure_password
    attr_accessible :name, :surname,:email, :password, :password_confirmation

    validates :name, presence:true, length: { maximum:50}
    validates :first_surname, presence:true, length: { maximum:50}
    VALID_EMAIL_REGEX= /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i 
    validates :email, presence: true,format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive:false}
    validates :password, length:{minimum:6}
    validates :password_confirmation, presence:true
    before_save{ self.email.downcase! }
    before_save :generate_auth_token
    private
    def generate_auth_token
        self.auth_token=SecureRandom.urlsafe_base64
    end
end

并且我正在尝试实现User编辑的功能，但是我只想允许编辑name，surname和email.因此，我只以以下形式显示这些字段:

And I am trying to implement the functionality of User editing, however I only want to allow the editing of name, surname and email. Hence, I present only those fields in the form:

<%= form_for(@user) do |f| %>
  <%= f.label :name,"Name" %>
  <%= f.text_field :name %>
  <%= f.label :surname,"Surname" %>
  <%= f.text_field :surname %>
  <%= f.label :email,"Email" %>
  <%= f.text_field :email %>
  <%= f.submit "Save" %>

我正在尝试通过以下代码实现目标:

I am trying to accomplish the goal with this code:

def update
  @user = User.find(params[:id])
  if @user.update_attributes(params[:user])
    # Handle a successful update.
    flash[:success]="User updated successfully"
    redirect_to @user
  else
    flash[:danger]="Error updating user"
    render 'edit'
  end
end

我的问题是，当尝试update_attributes时，我意外地得到 not 的错误，该错误验证password/password_confirmation，但是由于我使用的是has_secure_password，因此数据库中不存在这些字段，仅password_digest.我正在考虑完成所有这些操作的最佳选择:

My problem is that when trying to update_attributes I get not unexpectedly an error validating password/password_confirmation, but since I'm using has_secure_password, these fields do not exist in the database, only password_digest. I am thinking about the best option to accomplish all this:

1. 使用新的字段值更新@user对象.
2. 在User表中反映此更改.
3. 运行验证，即电子邮件验证.

1. Update @user object with new field values.
2. Reflect this change in User table.
3. Run the validations, i.e. email validation.

使用has_secure_password时.到目前为止，这些选项是:

While using has_secure_password. These are the options so far:

1. 使用update_attribute(迄今为止最好).
   1.1 Pro :更新User表
   1.2缺点:对于每个字段，我都必须update_attribute(field1)，所以需要更多行代码
   1.3 Con :显然，Rails 4中不再存在此方法，以防将来需要升级.
   1.4 CON :无验证
   
2. 在控制器方法中使用@user.attributes=params[:user]
   2.1专业版:一次更新多个字段.
   2.2缺点:不更新User表.
   
3. update_attributes
   的用户 3.1专业版:多个字段和表均更新
   3.2骗子:不起作用(嗯！)
   

1. Use of update_attribute(best so far).
   1.1 Pro: updates the User table
   1.2 Con: I have to update_attribute(field1) for each of the fields, so more lines of code
   1.3 Con: Apparently this method no longer exists in Rails 4, problem in case an upgrade is desirable in the future.
   1.4 Con: No validations
   
2. Use of @user.attributes=params[:user] in the controller method
   2.1 Pro: Updates multiple fields at once.
   2.2 Con: Does not update the User table.
   
3. User of update_attributes
   3.1 Pro: Both multiple fields and table update
   3.2 Con: Not working ( duh!)
   

建议?

推荐答案

您似乎只想在创建时验证密码的存在(还请注意更简单的验证密码确认的方法):

It looks like you want to validate the presence of password on create only (also notice more concise way to validate password confirmation):

validates :password, length:{minimum:6}, confirmation: true, on: :create

然后您可以使用update_attributes

您可能想通过使用强参数来限制可以提交哪些参数:

You may want to restrict what params can be submitted by using strong params:

• 宝石: https://github.com/rails/strong_parameters
• 也包含在Rails 4中 http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html

• Gem: https://github.com/rails/strong_parameters
• also included in Rails 4 http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html

这篇关于使用has_secure_password的Rails update_attributes的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！