Changing password is not available anymore after adding 'update_without_password' feature
15 views
Skip to first unread message
J Paul LESCOUZERES
Jun 3, 2016, 11:59:07 AM6/3/16
to Devise
Hi,
I'm working on a small app, using Devise and allowing only one user.
After following the Devise How-to in order to allow the admin user to edit his profile without providing password, I noticed that I was not able to change the password anymore... It seems to be related to the "update_without_password" method, but as I'm no expert on Devise, I was wondering if it could be possible to get any help on this "issue" I have?
Ideally, I'd like to allow admin_user to edit his account without providing current_password, and keep the current_password providing for changing password.
I tried a few things, but without success till now... Any help would be greatly welcome! :)
Thanks in advance
I'm working on a small app, using Devise and allowing only one user.
After following the Devise How-to in order to allow the admin user to edit his profile without providing password, I noticed that I was not able to change the password anymore... It seems to be related to the "update_without_password" method, but as I'm no expert on Devise, I was wondering if it could be possible to get any help on this "issue" I have?
Ideally, I'd like to allow admin_user to edit his account without providing current_password, and keep the current_password providing for changing password.
I tried a few things, but without success till now... Any help would be greatly welcome! :)
Thanks in advance
Walter Lee Davis
Jun 4, 2016, 9:02:58 AM6/4/16
to plataforma...@googlegroups.com
I use the following in my users_controller to allow admins to change other users' accounts without that user's password, and to keep non-admins from "promoting" themselves:
def update
if( ! current_user.admin? )
user_params[:admin_role] = @user.admin_role
command = :update_with_password
else
command = :update_without_password
user_params.delete(:password)
user_params.delete(:password_confirmation)
user_params.delete(:current_password)
end
@user = User.accessible_by(current_ability).find(params[:id])
old_user = current_user
if @user.send(command, user_params)
sign_in 'user', old_user, :bypass => true
redirect_to users_path, :notice => "Successfully updated user."
else
render :action => 'edit'
end
end
Walter
>
> Thanks in advance
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "Devise" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to plataformatec-de...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages