Rails的设计禁用某些用户类型的密码恢复 [英] Rails devise disable password recovery for certain user types

问题描述

在我的Rails项目我有不同类型的用户，其中一个有 user_status：管理员，它有充分的权利来编辑不像其余用户的内容。由于显而易见的原因我想增加额外的安全性对于这些类型的用户，特别是完全禁用密码恢复。

In my Rails project I have different types of users one of which has the user_status :admin, which has full rights to edit content unlike the rest of the users. For obvious reasons I want to add additional security for these types of users, in particular, completely disable password recovery.

什么是压倒一切的标准制定的正确方法密码恢复（：采设计模块），这样当用户试图获得重置密码链接，为用户的方法哪个是一个管理员用户（ user_status ==管理员）系统给出后面的未找到标准的电子邮件的信息？

What is the correct way of overriding standard Devise password recovery (:recoverable Devise module) methods so that when a user tries to get a reset password link for a user which is an admin user (user_status == "admin") the system gives back the "standard email not found" message?

这是有点像没有答案的问题：<一href=\"http://stackoverflow.com/questions/25856582/restrict-devise-password-recovery-to-only-certain-users\">Restrict制定密码恢复到只有特定的用户

This is somewhat like the unanswered question: Restrict Devise password recovery to only certain users

感谢您提前。

推荐答案

我选择，并且为我工作，通过加入覆盖用户模型的 send_reset_password_instructions 方法的方法以下为模型/ user.rb ：

The method I chose and that worked for me was overriding the send_reset_password_instructions method of the User model by adding the following to models/user.rb:

def send_reset_password_instructions
  return false if self.user_status == 'admin'
  super
end

这使得设计无计可施的情况下，电子邮件属于一个管理员帐户。

This makes Devise not do anything in case the email belongs to an admin account.

这篇关于Rails的设计禁用某些用户类型的密码恢复的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！