4

我有一个非常标准的User模型与设计。管理员:admin由模型上的布尔值控制,非管理员用户无法管理自己(即,只有管理员可以对用户进行更改)。

我想要的是允许用户在忘记密码时重置密码。他们将输入他们的电子邮件地址,然后通过电子邮件发送一个令牌,该令牌将授予他们更改它的权限。我已经开始了一个解决方案,但我真的不知道如何进行。

用户.rb

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
  attr_accessor :current_password
  attr_accessible :name, :password, :password_confirmation, :current_password, :email, :remember_me, :ftp, :colour1, :colour2, :logo, :logo2, :address, :url, :disclosure, :general_advice, :facebook, :twitter, :brand_id, :analytics
  attr_protected :admin
  validates_uniqueness_of :email, :ftp
  belongs_to :brand
  has_many :docs
  has_many :orders, :through => :docs
  has_attached_file :logo
  has_attached_file :logo2
end

class Ability
  include CanCan::Ability
  def initialize(user)
    user ||= User.new #guesting
    if user.admin?
      can :manage, :all
    else
      can :manage, :recoverable
    end
  end
end

这是方法:

def reset
  @idiot = User.where(:email => params[:email]).first
    unless @idiot.nil?
      Notifier.send_reset_notice(@idiot).deliver
      @idiot.send_reset_password_instructions
      redirect_to new_user_session_url
    else
      redirect_to new_user_session_url, :flash => { :error => "That email address matches no user." }
    end
end

用户收到设计电子邮件,但单击链接会将用户带到应用程序根目录,而不是密码重置表单。我不知道如何从这里开始。有什么想法吗?干杯!

更新

相关路线:

devise_for :users, :path => "d"
devise_scope :user do
  get '/sign_in' => 'devise/sessions#new'
  get '/sign_out' => 'devise/sessions#destroy'
end
4

1 回答 1

4

首先,为句柄 Devise::PasswordsController 创建控制器

class PasswordusersController < Devise::PasswordsController 
  prepend_before_filter :require_no_authentication
  append_before_filter :assert_reset_token_passed, :only => :edit

  def new
    super
  end

  def create
    self.resource = resource_class.send_reset_password_instructions(resource_params)

    if successfully_sent?(resource)
      redirect_to root_path, :notice => "Instruction has been send to your email"
    else
      respond_with(resource)
    end
  end

  def edit
    super
  end

  def update
    self.resource = resource_class.reset_password_by_token(resource_params)

    if resource.errors.empty?
      resource.unlock_access! if unlockable?(resource)
      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
      set_flash_message(:notice, flash_message) if is_navigational_format?
      sign_in(resource_name, resource)
      redirect_to login_path, :notice => "Password has been change"
    else
      respond_with resource
    end
  end

  protected

    def after_sending_reset_password_instructions_path_for(resource_name)
      root_path
    end

    def assert_reset_token_passed
      super
    end

    def unlockable?(resource)
      super
    end

end

然后,为设计运行生成视图

复制new.html.erbedit.html.erbviews/devise/passwordsviews/passwordusers

你可以routes.rb配置如:

devise_scope :user do
get '/reset_password' => "passowrdusers#new", :as => :reset_password
get '/new_password' => "passwordusers#edit", :as => :new_password
end

编辑链接devise/mailer/reset_password_instructions.html.erb

<p><%= link_to 'Change My Password', new_password_path(@resource, :reset_password_token => @resource.reset_password_token) %></p>

最后,在查看表单登录时添加这个

<%= link_to "Forgot Password?", reset_password_url(resource_name) %>

更新

你可以routes.rb配置如:

devise_scope :user do
get '/reset_password' => "passowrdusers#new", :as => :reset_password
get '/new_password' => "passwordusers#edit", :as => :new_password
post '/send_email' => 'passwordusers#create', :as => :create_password
put '/change' =>  'passwordusers#update', :as => :update_password
end

views/passwordusers/new.html.erb

  <%= form_for("user", :url => create_password_path(resource_name), :html => { :method => :post }) do |f| %>

views/passwordusers/edit.html.erb

<%= form_for("user", :url => update_password_path(resource_name), :html => { :method => :put }) do |f| %>
于 2013-04-10T05:38:49.730 回答