我只想允许用户在知道旧密码的情况下更新他们的密码。目前我允许用户更新他们的密码而不检查他们的旧通行证。你能为我指出正确的方向吗。
当前用户更新方法:
def update
if params[:user][:password]
if current_user
@user = User.find(params[:id])
if @user.update_attributes(params[:user])
redirect_to root_url, :notice => "Password has been changed!"
else
render "edit"
end
else
# Something else
end
end
end
(HAML) 当前形式:
= form_for @user do |f|
- if @user.errors.any?
- for message in @user.errors.full_messages
= message
.form
= f.password_field :password
= f.password_field :password_confirmation
%input{name: "commit", type: "submit", value: "SAVE CHANGES"}