如何使用Devise停止软删除用户的登录 [英] How to stop soft deleted user's login with Devise

问题描述

我目前在Rails项目中使用Devise进行用户注册/身份验证. 当用户想要取消其帐户时，该用户对象将以如下所示的方式被软删除.

I currently use Devise for user registration/authentication in a Rails project. When a user wants to cancel their account, the user object is soft deleted in a way like the following.

如何软删除" Devise的用户

这种方式的实现方式有很小的不同. 用户模型具有属性"deleted_flag". 并且，soft_delete方法执行"update_attribtue(:deleted_flag，true)"

My implmenetation has a small difference this way. User model has an attribute 'deleted_flag'. And, soft_delete method executes "update_attribtue(:deleted_flag, true)"

但是，我必须实施sign_in动作. 在我的理解中，以下内容.

But, I have to implment sign_in action. In my implmenetation is the following.

class SessionsController < Devise::SessionsController
  def create
    resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")    

    if resource.deleted_flag
      p "deleted account : " + resource.deleted_flag.to_s
      sign_out(resource)
      render :controller => :users, :action => :index
    else
      if is_navigational_format?
        if resource.sign_in_count == 1
          set_flash_message(:notice, :signed_in_first_time)
        else
          set_flash_message(:notice, :signed_in)
        end
      end
      sign_in(resource_name, resource)
      respond_with resource, :location => redirect_location(resource_name, resource)
    end
  end
end

我认为这段代码有一些奇怪的地方.

I think this code has strange points.

如果删除的用户尝试唱歌， 系统允许记录并立即注销. 而且，系统无法显示flash [:alert]消息...

If deleted user tries to sing in, the system permit logging and make log out immediately. And, the system cann't display flash[:alert] message...

我想知道两点.

1. 如何实施以禁止删除的用户登录?
2. 当已删除的用户尝试登录时，如何实现显示Flash [:alert]?

推荐答案

要停止已被软件删除"的用户，最好的方法是在用户模型上覆盖find_for_authentication类方法.如:

To stop a user that has been 'soft deleted', the best way is to overwrite the find_for_authentication class method on the user model. Such as:

Class User < ActiveRecord::Base
  def self.find_for_authentication(conditions)
    super(conditions.merge(:deleted_flag => false))
  end

这将通过设计生成无效的电子邮件或密码刷新消息(因为它找不到要进行身份验证的用户)

This will generate a invalid email or password flash message by devise (because it cannot find the user to authenticate)

不过，对于第二个问题，您将需要控制器中的for方法来添加特定的即显消息.但是，我认为您应该将被软"删除的用户视为完全不存在于数据库中的用户.因此，如果他们尝试登录，则应该只获得有效的电子邮件或密码消息.

As far as your second question though, you'll need some for of method in your controller to add a particular flash message. However, in my opinion you should treat users that are 'soft' deleted the same as if they didn't exist in the database at all. Thus if they tried to log in, they should just get an valid email or password message.

这篇关于如何使用Devise停止软删除用户的登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！