您的位置: 首页  >  技术问答  >  在设计可注册的自定义视图上更新无密码的嵌套属性

在设计可注册的自定义视图上更新无密码的嵌套属性

分类: 技术问答 2022-06-23 19:08:43
问题描述:

我有设计,用户和配置文件的两个模型设置,设计4.2。我已经使用自定义视图实现了嵌套属性,如下所示:Rails 4.0 with Devise. Nested attributes Unpermited parameters在设计可注册的自定义视图上更新无密码的嵌套属性

在我的registrations/edit.html.haml视图中,当用户提交表单时,他们必须默认提供其当前密码。但是,如果编辑了嵌套属性,并且未提供密码,则表单仍会更新嵌套属性。我如何防止这种情况发生?

registrations_controller.rb:

class RegistrationsController < Devise::RegistrationsController 
before_filter :configure_permitted_parameters 

def new 
    build_resource({}) 
    self.resource.profile = Profile.new 
    respond_with self.resource 
end 

protected 


def configure_permitted_parameters 
    devise_parameter_sanitizer.permit(:account_update) do |u| 
     u.permit(<user fields>, profile_attributes: [<:profile_fields>]) 
    end 
    devise_parameter_sanitizer.permit(:sign_up) do |u| 
     u.permit(<user_fields>, profile_attributes: [<profile_fields>]) 
    end 
end

注册/ edit.html.haml:

.authform 
    %h3 
    Edit #{resource_name.to_s.humanize} 
    = form_for(resource, :as => resource_name, :url => user_registration_path, :html => { :method => :patch, :role => 'form'}) do |f| 
    = devise_error_messages! 
    .form-group 
     = f.label :email 
     = f.email_field :email, class: 'form-control' 
     - if devise_mapping.confirmable? && resource.pending_reconfirmation? 
     %div 
      Currently waiting confirmation for: #{resource.unconfirmed_email} 
    %fieldset 
     %p Leave these fields blank if you don't want to change your password. 
     .form-group 
     = f.label :password 
     = f.password_field :password, :autocomplete => 'off', class: 'form-control' 
     .form-group 
     = f.label :password_confirmation 
     = f.password_field :password_confirmation, class: 'form-control' 
    %fieldset 
     = f.fields_for :profile do |profile_fields| 
     .form-group 
      = profile_fields.label :a_field_1 
      = profile_fields.number_field :a_field_1, min: 0, max: 8 
     .form-group 
      = profile_fields.label :a_field_2 
      = profile_fields.number_field :a_field_2, min: 0, max: 8 
     .form-group 
      = profile_fields.label :a_field_1 
      = profile_fields.text_field :a_field_2, class: 'form-control' 
    %fieldset 
     %p You must enter your current password to make changes. 
     .form-group 
     = f.label :current_password 
     = f.password_field :current_password, class: 'form-control' 

    = f.submit 'Update', :class => 'button right'

原来的根本原因是一个内部呼叫到导轨assign_attributes方法即使密码无效,也会分配嵌套属性。此修复程序是过度乘坐update_resource方法在注册控制器用下面的代码

def update_resource(resource, params)incorrect 
    unless resource.valid_password?(params[:current_password]) 
    resource.errors.add(:current_password, params[:current_password] ? :blank : :invalid) 
    return resource 
    end 

    resource.update_with_password(params) 
end

如果密码是有效的,如果不是停止的分配处理,其检查。

相关推荐