Menu
I'm developing an app using Rails and Devise for user's authentication. I wonder if there is a way to ask the password only for some changes.
For instance, I want the password to be asked when:
And I want the user to be free to edit other fields without any password, such as:
So, I'd like a way to swap between this two methods. How can I solve this?
EDIT:
In Devise's documentation I found this and it works fine, it only allows changing password and email if I enter the password:
def update
@user = User.find(current_user.id)
successfully_updated = if needs_password?(@user, params)
@user.update_with_password(params[:user])
else
# remove the virtual current_password attribute update_without_password
# doesn't know how to ignore it
params[:user].delete(:current_password)
@user.update_without_password(params[:user])
end
if successfully_updated
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
private
# check if we need password to update user data
# ie if password or email was changed
# extend this as needed
def needs_password?(user, params)
user.email != params[:user][:email] ||
!params[:user][:password].blank?
#HERE
end
Now, what could i put in #HERE to also require the password when I'm deleting the account?
474
due to question edit:
def destroy
if current_user.valid_password?(params[:user][:password])
current_user.destroy
else
render "destroy" # or what ever
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
