Iros: Change the views/users/edit.html.erb content to


<h1>Editing user</h1>

<% form_for(@user) do |f| %>
  <%= f.error_messages %>

    <p>
        <label for="user_name">Name: </label>
        <%= f.text_field :name, :size =>40 %>
    </p>

    <p>
        <label for="user_password">Password: </label>
        <%= f.password_field :password, :size =>40 %>
    </p>

    <p>
        <label for="user_password_confirmation">Confirm: </label>
        <%= f.password_field :password_confirmation, :size =>40 %>
    </p>

  <p>
    <%= f.submit "Update" %>
  </p>
<% end %>

<%= link_to 'Show', @user %> |
<%= link_to 'Back', users_path %>

gackd:

The method posted by Iros is what I first did. It’s the obvious easy solution. What I’m wondering is: how do you do this in a way that the user has to enter their current password to change their password?

I tried adding a field to edit.html.erb the way shown above but Rails always complained about it. I sort of got it to work with fields_for like this:

<% fields_for :current_password do |f| %>
<%= f.password_field :current_password %>
<% end %>

That ended up in the params has as params:current_password.

That sucks.

I decided to see if I could use User#authenticate with @user.name and that params[][] mess to see if the user’s current password was correct and then update to the new password provided. It was ugly but seemed to work okay.

Any suggestions?

Jinyoung:

To gackd. You can use password_field_tag function.


<p>
  <%= label_tag 'Current password' %>:
  <%= password_field_tag :current_password, '', :size => 40 %>
</p>

I suggest below additional code to Iros’s one.

In user.rb

class User < ActiveRecord::Base
  # ...

  validates_presence_of :name, :password

  # ...
h4. MarkG Since you already know the name of the user you’re attempting to edit, it’d be smarter to pre-populate that field…chances are that if you’re editing their account it’s because of a password change, not that they’ve legally changed their name [sure it can happen, but it’s not the most common situation :-) ]

# ...
<p>
  <label for="user_name">Name: </label>
  <%= f.text_field :name, :size =>40, :value => @user.name %>
</p>
# ...