How to specify devise_parameter_sanitizer for edit

2019-01-06 13:28发布

站内问答 / 后端开发
1211 4 6

I've added Devise to my Rails 4 application, and successfully added username etc. to my User model. Furthermore, I'm able to store those fields using the lazy way™, i.e.

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

    def configure_permitted_parameters
      devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname) } 
    end
end

However, I tried 

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname) }
  devise_parameter_sanitizer.for(:edit) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname) }
end

but that didn't work quite as expected (username not being stored when invoked by the edit action). Is there something else I need to do in order to get that to work? Thanks!

4条回答
Evening l夕情丶
2楼-- · 2019-01-06 13:41

For Devise 4.1+

class ApplicationController < ActionController::Base    
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :email])
    devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :phone, :email, bank_attributes: [:bank_name, :bank_account]])
  end
end

The .for method is deprecated, now we use .permit

The first arg is the action name. :sign_up is for creating new Devise resources (such as users), and :account_update is for editing/updating the resource.

The second arg, :keys contains an array of the parameters you allow.

If you want nested_attributes, there is an example in :account_update, you put a separate array in with the key being <object>_attributes.

查看更多
0人赞 添加讨论(0) 举报
Melony?
3楼-- · 2019-01-06 13:43

Once again, it was a matter of reading the manual ...

The magic word is :account_update and thus the working version becomes

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname, :nickname) }
  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) }
end

Note that if you're in the business of signing in using non-standard parameters, the word you're looking for is :sign_in (as expected).

查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
4楼-- · 2019-01-06 13:52

@conciliator is correct about the magic word is :account_update but here's the link to the documentation he alluded to http://rubydoc.info/github/plataformatec/devise/ Search for 'devise_parameter_sanitizer' and you'll see the following:

There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:

sign_in (Devise::SessionsController#new) - Permits only the authentication keys (like email)
sign_up (Devise::RegistrationsController#create) - Permits authentication keys plus password and password_confirmation
account_update (Devise::RegistrationsController#update) - Permits authentication keys plus password, password_confirmation and current_password
查看更多
0人赞 添加讨论(0) 举报
倾城 Initia
5楼-- · 2019-01-06 14:01 
def configure_permitted_parameters
  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email,   :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) }
end
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)