在设计可注册的自定义视图上更新无密码的嵌套属性
问题描述:
我有设计,用户和配置文件的两个模型设置,设计4.2。我已经使用自定义视图实现了嵌套属性,如下所示:Rails 4.0 with Devise. Nested attributes Unpermited parameters在设计可注册的自定义视图上更新无密码的嵌套属性
在我的registrations/edit.html.haml视图中,当用户提交表单时,他们必须默认提供其当前密码。但是,如果编辑了嵌套属性,并且未提供密码,则表单仍会更新嵌套属性。我如何防止这种情况发生?
registrations_controller.rb:
class RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
def new
build_resource({})
self.resource.profile = Profile.new
respond_with self.resource
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:account_update) do |u|
u.permit(<user fields>, profile_attributes: [<:profile_fields>])
end
devise_parameter_sanitizer.permit(:sign_up) do |u|
u.permit(<user_fields>, profile_attributes: [<profile_fields>])
end
end
端
注册/ edit.html.haml:
.authform
%h3
Edit #{resource_name.to_s.humanize}
= form_for(resource, :as => resource_name, :url => user_registration_path, :html => { :method => :patch, :role => 'form'}) do |f|
= devise_error_messages!
.form-group
= f.label :email
= f.email_field :email, class: 'form-control'
- if devise_mapping.confirmable? && resource.pending_reconfirmation?
%div
Currently waiting confirmation for: #{resource.unconfirmed_email}
%fieldset
%p Leave these fields blank if you don't want to change your password.
.form-group
= f.label :password
= f.password_field :password, :autocomplete => 'off', class: 'form-control'
.form-group
= f.label :password_confirmation
= f.password_field :password_confirmation, class: 'form-control'
%fieldset
= f.fields_for :profile do |profile_fields|
.form-group
= profile_fields.label :a_field_1
= profile_fields.number_field :a_field_1, min: 0, max: 8
.form-group
= profile_fields.label :a_field_2
= profile_fields.number_field :a_field_2, min: 0, max: 8
.form-group
= profile_fields.label :a_field_1
= profile_fields.text_field :a_field_2, class: 'form-control'
%fieldset
%p You must enter your current password to make changes.
.form-group
= f.label :current_password
= f.password_field :current_password, class: 'form-control'
= f.submit 'Update', :class => 'button right'
答
原来的根本原因是一个内部呼叫到导轨assign_attributes方法即使密码无效,也会分配嵌套属性。此修复程序是过度乘坐update_resource方法在注册控制器用下面的代码
def update_resource(resource, params)incorrect
unless resource.valid_password?(params[:current_password])
resource.errors.add(:current_password, params[:current_password] ? :blank : :invalid)
return resource
end
resource.update_with_password(params)
end
如果密码是有效的,如果不是停止的分配处理,其检查。