首先,我非常非常新的導軌。所以忍受我的任何錯誤。仍在努力尋找可靠信息的最佳來源。很多事情都有點過時了。導軌密碼驗證
我在跟蹤Rails tutorial並使用密碼驗證。在我的應用程序中,我有通過它們之間的關係的用戶和具有has_many的部門。這種關係被稱爲管理者關係。我的用戶驗證和授權工作。管理和取消管理按鈕用於創建經理關係。我還使用安全密碼設置了每個部門。我希望在創建經理關係之前要求用戶輸入部門的密碼。我在管理按鈕旁邊添加了一個密碼字段。
型號:
department.rb
class Department < ActiveRecord::Base
attr_accessible :department_name, :password, :password_confirmation
has_many :manager_relationships, dependent: :destroy
has_many :users, through: :manager_relationships
has_secure_password
manager_relationship.rb
class ManagerRelationship < ActiveRecord::Base
attr_accessible :department_id
belongs_to :user
belongs_to :department
validates :user_id, presence: true
validates :department_id, presence: true
end
user.rb
class User < ActiveRecord::Base
attr_accessible :name, :email, :password, :password_confirmation
has_many :manager_relationships, dependent: :destroy
has_many :departments, through: :manager_relationships
has_secure_password
查看 部門/ show.html.erb
...
<div class="span8">
<%= render 'manage_form' if signed_in? %>
</div>
</div>
departmnet/_manage.html.erb
<%= form_for(current_user.manager_relationships.build(department_id: @department.id), remote: true) do |f| %>
<div><%= f.hidden_field :bdepartment_id %></div>
<%= f.submit "Manage Department", class: "btn btn-large btn-primary" %>
<% end %>
控制器:ManagerRelationshipsController
class ManagerRelationshipsController < ApplicationController
before_filter :signed_in_user
def create
@department = Department.find(params[:manager_relationship][:department_id])
current_user.manage!(@department)
respond_to do |format|
format.html { redirect_to @department }
format.js
end
end
上述代碼工作。它成功地創造並摧毀了管理者關係。但是沒有認證。任何用戶都可以管理任何部門。我想要求管理用戶輸入部門密碼來創建manager_relationship
這是我已經嘗試過。
departmnet/_manage.html.erb
<%= form_for(current_user.manager_relationships.build(department_id: @department.id),
remote: true) do |f| %>
##################This Was Added ##############
<div>
<%= f.label :password %>
<%= f.password_field :password %>
</div>
################################################
<div><%= f.hidden_field :department_id %></div>
<%= f.submit "Manage Department", class: "btn btn-large btn-primary" %>
<% end %>
ManagerRelationshipsController
class ManagerRelationshipsController < ApplicationController
before_filter :signed_in_user
def create
@department = Department.find(params[:manager_relationship][:department_id])
########################The line below was Added ##########################
if @department.authenticate(params[:manager_relationship][:password])
###########################################################################
current_user.manage!(@department)
respond_to do |format|
format.html { redirect_to @department }
format.js
end
####################I added this##################
else
flash.now[:error] = 'Invalid password'
render 'new'
end
############################################################
一個快速的問題是你正在使用會話變量加載當前用戶嗎? – Amar 2013-03-23 17:59:51
管理員關係控制器上實際上有一個過濾器,需要用戶在創建或銷燬管理者關係之前登錄。 – doubleA 2013-03-23 18:01:40
so current_user存在嗎?所以每個manager_relationships行都有密碼字段?你想添加一些密碼到manager_relationships表是你想要的嗎? – Amar 2013-03-23 18:05:30