I use devise as authentication system and I want to create the separate pages for changing password and email address.
Should I create additional actions like update_password and update_email, or might it be better to use single update action which could accept both password and email?
I guess that there's no real advantage at creating new actions. And from what I can remember from that book you should stick to the 7 classic actions (index / show / new / edit / create / update / delete) if you can, in order to keep everything RESTFul.
Anyway, the action would probably do the same thing.
a classic update would be :
def update
user = User.find(params[:id]).update_attributes! params[:user]
end
and the eventual update_password & update_email would probably look something like that
def update_email
user = User.find(params[:id]).update_attributes! email: params[:user][:email]
end
def update_password
user = User.find(params[:id]).update_attributes! password: params[:user][:password]
end
When using a single action (the update one) , the only eventual problem would be that a user could update its password via the change email form by changing the html on the page for instance.
I don't think that this is a problem as the user has the ability to change his password anyway.
So I would stick to the classic update method.
If I missed your point, please let me know ;)