Modify the user update function to require and validate the current password before allowing a user’s password to be changed.
Hint: you can add markup specific to a particular action in
_form.html.erb by adding an if check ensuring that
params[:action] is the one you want.
Hint: you can simultaneously retrieve and remove the non-database field from the
params hash by using the delete method
When the system is freshly installed on a new machine, there are no administrators defined in the database, and hence no administrator can log on. But, if no administrator can log on, then no one can create an administrative user. Change the code so that if no administrator is defined in the database, any username works to log on (allowing you to quickly create a real administrator).
Experiment with rails console. Try creating products, orders, and line items. Watch for the return value when you save a model object—when validation fails, you’ll see false returned. Find out why by examining the errors.
Hint: check out the documentation for full_messages