使用has_secure_password的Rails update_attributes [英] Rails update_attributes using has_secure_password
问题描述
我正在一个用户可以拥有admin: true / false
的项目中工作.该应用程序将仅允许管理员用户登录系统,其他用户仅是其管理员只能编辑设置的客户端.这是某种商业应用程序.( Rails 3.2.13 )
I am working in a project where users can either have admin: true / false
. The application will only let admin users login in to the system, the other users are just clients whose settings only admins can edit. This is some sort of commerce application.(Rails 3.2.13)
我想将这两个概念保存在同一表中,因为将来可能会有非管理员用户登录并与他们的个人资料进行交互的选项,因此所有逻辑都已经实现.
I would like to keep both concepts in the same table since in the future there will possibly be the option of logging in for non-admin users and interact with their profiles, so all the logic will be already implemented.
我有这个User
资源:
ActiveRecord::Schema.define(:version => 20131204200554) do
create_table "users", :force => true do |t|
t.string "name"
t.string "surname"
t.boolean "admin"
t.string "password_digest"
t.string "email"
t.string "auth_token"
end
end
这是用户模型:
class User < ActiveRecord::Base
has_secure_password
attr_accessible :name, :surname,:email, :password, :password_confirmation
validates :name, presence:true, length: { maximum:50}
validates :first_surname, presence:true, length: { maximum:50}
VALID_EMAIL_REGEX= /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true,format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive:false}
validates :password, length:{minimum:6}
validates :password_confirmation, presence:true
before_save{ self.email.downcase! }
before_save :generate_auth_token
private
def generate_auth_token
self.auth_token=SecureRandom.urlsafe_base64
end
end
并且我正在尝试实现User
编辑的功能,但是我只想允许编辑name
,surname
和email
.因此,我只以以下形式显示这些字段:
And I am trying to implement the functionality of User
editing, however I only want to allow the editing of name
, surname
and email
. Hence, I present only those fields in the form:
<%= form_for(@user) do |f| %>
<%= f.label :name,"Name" %>
<%= f.text_field :name %>
<%= f.label :surname,"Surname" %>
<%= f.text_field :surname %>
<%= f.label :email,"Email" %>
<%= f.text_field :email %>
<%= f.submit "Save" %>
我正在尝试通过以下代码实现目标:
I am trying to accomplish the goal with this code:
def update
@user = User.find(params[:id])
if @user.update_attributes(params[:user])
# Handle a successful update.
flash[:success]="User updated successfully"
redirect_to @user
else
flash[:danger]="Error updating user"
render 'edit'
end
end
我的问题是,当尝试update_attributes
时,我意外地得到 not 的错误,该错误验证password/password_confirmation
,但是由于我使用的是has_secure_password
,因此数据库中不存在这些字段,仅password_digest
.我正在考虑完成所有这些操作的最佳选择:
My problem is that when trying to update_attributes
I get not unexpectedly an error validating password/password_confirmation
, but since I'm using has_secure_password
, these fields do not exist in the database, only password_digest
. I am thinking about the best option to accomplish all this:
- 使用新的字段值更新
@user
对象. - 在
User
表中反映此更改. - 运行验证,即电子邮件验证.
- Update
@user
object with new field values. - Reflect this change in
User
table. - Run the validations, i.e. email validation.
使用has_secure_password
时.到目前为止,这些选项是:
While using has_secure_password
. These are the options so far:
- 使用
update_attribute
(迄今为止最好).
1.1 Pro :更新User
表
1.2缺点:对于每个字段,我都必须update_attribute(field1)
,所以需要更多行代码
1.3 Con :显然,Rails 4中不再存在此方法,以防将来需要升级.
1.4 CON :无验证
- 在控制器方法中使用
@user.attributes=params[:user]
2.1专业版:一次更新多个字段.
2.2缺点:不更新User
表.
-
update_attributes
的用户 3.1专业版:多个字段和表均更新
3.2骗子:不起作用(嗯!)
- Use of
update_attribute
(best so far).
1.1 Pro: updates theUser
table
1.2 Con: I have toupdate_attribute(field1)
for each of the fields, so more lines of code
1.3 Con: Apparently this method no longer exists in Rails 4, problem in case an upgrade is desirable in the future.
1.4 Con: No validations - Use of
@user.attributes=params[:user]
in the controller method
2.1 Pro: Updates multiple fields at once.
2.2 Con: Does not update theUser
table. - User of
update_attributes
3.1 Pro: Both multiple fields and table update
3.2 Con: Not working ( duh!)
建议?
推荐答案
您似乎只想在创建时验证密码的存在(还请注意更简单的验证密码确认的方法):
It looks like you want to validate the presence of password on create only (also notice more concise way to validate password confirmation):
validates :password, length:{minimum:6}, confirmation: true, on: :create
然后您可以使用update_attributes
您可能想通过使用强参数来限制可以提交哪些参数:
You may want to restrict what params can be submitted by using strong params:
- 宝石: https://github.com/rails/strong_parameters
- 也包含在Rails 4中 http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html
- Gem: https://github.com/rails/strong_parameters
- also included in Rails 4 http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html
这篇关于使用has_secure_password的Rails update_attributes的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!