<p>Add these to your files</p>
<p>account_controller.rb</p>
<pre>
#
#Edit User
#
#
#allow a user to edit their details
def edit
@user = User.find(self.current_user.id)
end
#
#update the user table
def update
@user = User.find(self.current_user.id)
if @user.update_attributes(params[:user])
flash[:notice] = 'User was successfully updated.'
redirect_to :action => 'index'
else
render :action => 'edit'
end
end
</pre>
<p>create the following views</p>
<p>_userForm.rhtml</p>
<pre>
<%= error_messages_for 'user' %>
<!--[form:user]-->
<!-- all custom fields here -->
<p><label for="user_email">Email Address</label><br/>
<%= text_field 'user', 'email' %></p>
<!--[eoform:user]-->
</pre>
<p>edit.rhtml</p>
<pre>
<p>Edit your details</p>
<%= start_form_tag :action => 'update' %>
<%= render :partial => 'userForm' %>
<%= submit_tag 'Edit' %>
<%= end_form_tag %>
</pre>
<p>Is this a really bad way to do this? What is to stop someone from building a request that will reset the users password or change their login?<br />
:: It should be safe if the model is protected with attr_protected or attr_accessible<br />
And if they update their email, you should go through the activate process again if you’ve enabled this feature.</p>
<p>I was a bit confused about using attr_protected. After looking it up, it seems if you want to make sure they can’t change their login or other info you add attr_protected to the user model. This can be done with the line:</p>
<ol>
<li>Protects from url auto assignment<br />
attr_protected :login</li>
</ol>
<p>Read more about attr_protected, here:<br />
http://api.rubyonrails.org/classes/ActiveRecord/Base.html#M001005</p>
<p>but adding that causes a ton of tests to fail, it seems to mess up the default signup function. I worked around many of these issues only to find new problems created by adding the attr_protected on login. Such as the default tests all failing.</p>
<p>Anyone else have better suggestions</p>
<p>The defaults test all assume that none of the attributes are protected. You’ll need to edit them to make sure that :login isn’t being auto-assigned. When you need to assign :login from a form, don’t use User#create, do it like this:<br />
<pre><br />
@user = User.new(params[:user])<br />
@user.login = params[:user][:login]<br />
@user.save<br />
</pre><br />
You’ll want to restrict this kind of action to, say, Admins who have the right to change logins.</p>
2008-10-24T03:11:11-07:00
71671
allow-users-to-edit-details
67186
Allow users to edit details
2009-03-01T13:16:42-08:00
59179