I've followed the directions in devise's wiki regarding overriding update method to update user information without adding password, but I'm still getting notice saying that I can't leave password blank. I'm stuck and I need some assistance on tracking the problem down.
<%= form_for(resource, :as => resource_name, :url => custom_update_user_registration_path, :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<%= f.text_field :first_name %>
<%= f.text_field :last_name %>
<%= f.email_field :email, :autofocus => true %>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
<% end %>
<%= f.submit "Update" %>
in my routes :
devise_for :user, :controllers => { :registrations => "registrations" }, :skip => [:registrations, :sessions] do
get 'signup' => 'devise/registrations#new', :as => :new_user_registration
post 'signup' => 'devise/registrations#create', :as => :custom_user_registration
get 'users/cancel' => 'devise/registrations#cancel', :as => :cancel_user_registration
get 'account/edit' => 'devise/registrations#edit', :as => :custom_edit_user_registration
put 'account' => 'devise/registrations#update', :as => :custom_update_user_registration
delete 'users/cancel' => 'devise/registrations#destroy'
# devise/sessions
get 'signin' => 'devise/sessions#new', :as => :new_user_session
post 'signin' => 'devise/sessions#create', :as => :user_session
delete 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session
end
Here's my controller:
class RegistrationsController < Devise::RegistrationsController
before_filter :check_permissions, :only => [:new, :create, :cancel]
skip_before_filter :require_no_authentication
def check_permissions
authorize! :create, resource
end
def update
@user.attributes = params[:user]
# required for settings form to submit when password is left blank
if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
end
@user = User.find(current_user.id)
if @user.update_attributes(params[:user])
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
end
I'm not sure why I'm getting the error that I need to submit password still? Can someone see something that I'm overlooking?
Thanks
I just found out that I've been overriding my devise registration incorrectly.
This was the correct way of having registration controller
You could handle that in your model normally. Just edit your valdiations. This way you normally do not need to override the whole controller..just edit the model:
validates :password, :presence => true, :on => :create
Try to change
if @user.update_attributes(params[:user])
to device method
if @user.update_without_password(params[:user])
In class RegistrationsController < Devise::RegistrationsController you are missing update parameters for devise.
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, ...) }
end
def update
# Get all params for :account_update
account_update_params = devise_parameter_sanitizer.sanitize(:account_update)
# Allow user to update without using password.
if account_update_params[:password].blank?
account_update_params.delete("password")
account_update_params.delete("password_confirmation")
end
# Set current_user
@user = User.find(current_user.id)
if @user.update_attributes(account_update_params)
set_flash_message :notice, :updated
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
来源:https://stackoverflow.com/questions/18036121/rails-devise-update-user-without-password