我目前在Rails项目中使用Devise进行用户注册/身份验证。当用户想要取消其帐户时,该用户对象被销毁,这使我的应用程序处于不希望的状态。
实现“软删除”的最简单方法是什么,即仅删除个人数据并将用户标记为已删除?我仍然想保留所有记录关联。
我认为我必须首先为用户介绍一个新的“已删除”列。但是随后,我在用户的个人资料视图中停留了以下默认代码:
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
在哪里可以找到:delete方法?我应该如何覆盖默认的Devise方法?
Answers:
我建议destroy用户模型上的重写方法可以简单地执行update_attribute(:deleted_at, Time.current)(而不是实际销毁),但是将来与标准API的这种偏离可能会变得繁重,因此,这里介绍了如何修改控制器。
Devise提供了许多默认控制器。定制它们的最佳方法是继承相应的devise控制器来创建自己的控制器。在这种情况下,我们正在谈论Devise::RegistrationsController-通过查看源很容易识别。因此,创建一个新的控制器。
class RegistrationsController < Devise::RegistrationsController
end
现在,我们有了自己的控制器,它完全继承了所有由设备提供的逻辑。下一步是告诉devise使用它而不是默认值。在您的路线中您devise_for有线。应该更改为包括注册控制器。
devise_for :users, :controllers => { :registrations => 'registrations' }
这似乎很奇怪,但是很有意义,因为默认情况下它是“设计/注册”,而不仅仅是“注册”。
下一步是覆盖destroy注册控制器中的操作。使用时registration_path(:user), :method => :delete-它就是链接的地方。要destroy注册控制器的作用。
目前,设计工作如下。
def destroy
resource.destroy
set_flash_message :notice, :destroyed
sign_out_and_redirect(self.resource)
end
我们可以改用此代码。首先,我们为User模型添加新方法。
class User < ActiveRecord::Base
def soft_delete
# assuming you have deleted_at column added already
update_attribute(:deleted_at, Time.current)
end
end
# Use this for Devise 2.1.0 and newer versions
class RegistrationsController < Devise::RegistrationsController
def destroy
resource.soft_delete
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
set_flash_message :notice, :destroyed if is_navigational_format?
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
end
end
# Use this for older Devise versions
class RegistrationsController < Devise::RegistrationsController
def destroy
resource.soft_delete
set_flash_message :notice, :destroyed
sign_out_and_redirect(resource)
end
end
Now you should be all set. Use scopes to filter out deleted users.
Adding onto hakunin's answer:
To prevent "soft deleted" users from signing in, override active_for_authentication? on your User model:
def active_for_authentication?
super && !deleted_at
end
def inactive_message return self.active ? super : I18n.t('devise.failure.not_found_in_database') end
You could use acts_as_paranoid for your User model, which sets a deleted_at instead of deleting the object.
acts_as_paranoid?
acts_as_paranoid line to your User model(or any other model you need soft delete).
A complete tutorial can be found at Soft Delete a Devise User Account on the Devise wiki page.
Summary:
1. Add a "deleted_at" DATETIME column
2. Override users/registrations#destroy in your routes
3. Override users/registrations#destroy in the registrations controller
4. Update user model with a soft_delete & check if user is active on authentication
5. Add a custom delete message