with_options :if => Proc.new { |user| !Authorization.current_user ||
!Authorization.current_user.role_symbols.include?(:admin) } do |v|
v.validates_inclusion_of :accepted_tos, :in => [true, false]
v.validates_acceptance_of :accepted_tos, :accept => true
end
In this case however, since it's just the password, you only need to
override #password_required? in your model.
Devise has:
def password_required?
new_record? || !password.nil? || !password_confirmation.nil?
end
You just need to add your custom conditions and you're set. Something like:
class User
attr_accessor :password_required
def password_required?
if called_by_employee && unspecified_password
false
else
password_required?
end
end
def called_by_employee
current_employee # this will need tweaking based on how you do
authorization
end
end
This way, your controller only needs to pass :password_required from
your checkbox.
Hope this helps,
Andrea
Whatever floats your boat :)
But do note that "safer" depends on your context: whether your
application authorizes users for commenting on some blog or firing
nukes.
I can easily argue my solution is safer than using a random password,
since that has a small but non-zero likelihood of being cracked,
whereas a nil password is guaranteed to never allow login.
Also, a random password doesn't help you if, a year from now, you'll
need to find all users who don't have a real password.
But again, whatever works for you.
Andrea