问题描述
当前,我的用户需要输入密码才能更改其电子邮件地址或密码,但是可以删除其帐户而无需输入.我不确定如何要求.
Currently my users need to enter their password in order to change their email address or password, but can delete their account without entering it. I am not sure how to require this.
到目前为止,我有:
用户控制器:
def destroy
@user = User.find(current_user.id)
@user.destroy_with_password(user_params)
if @user.destroy
redirect_to root_url, notice: "User deleted."
else
redirect_to users_url
flash[:notice] = "Couldn't delete"
end
end
def user_params
params.require(:user).permit(:username, :email, :password,
:password_confirmation, :current_password, :avatar, etc....etc.... )
end
一种形式:
<%= simple_form_for(@user, :method => :delete) do |f| %>
<%= f.input :current_password, autocomplete: "off" %>
<%= f.button :submit %>
<% end %>
即使没有输入密码,用户也将在此处删除.删除请求正在由正确的控制器操作处理;
Here the user deletes even if no password is inputted. The delete request is being processed by the correct controller action ;
Processing by UsersController#destroy as HTML
Processing by UsersController#destroy as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"bla bla bla", "user"=>{"current_password"=>"[FILTERED]"}, "commit"=>"Update User", "locale"=>"en", "id"=>"ce2dc2edc"}
SQL (0.1ms) DELETE FROM "users" WHERE "users"."id" = $1 [["id", 15]]
我如何要求用户密码才能删除帐户?
How can I require the user's password in order to delete the account?
推荐答案
您要呼叫Devise的 destroy_with_password ,然后,然后呼叫ActiveRecord的 destroy .您只需要调用 destroy_with_password .代码应如下所示:
You're calling Devise's destroy_with_password and then calling ActiveRecord's destroy. You only need to call destroy_with_password. Code should read as follows:
def destroy
@user = User.find(current_user.id)
if @user.destroy_with_password(user_params)
# if @user.destroy # <== remove me, don't need to destroy twice!
redirect_to root_url, notice: "User deleted."
else
redirect_to users_url
flash[:notice] = "Couldn't delete"
end
end
destroy_with_password 将返回真实值.
这篇关于Ruby on Rails -Devise-要求密码才能删除帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!