未允许的参数将新字段添加到rails 4.0中的Devise

Question

使用rails非常新.我使用Devise实现了一个基本的登录系统.我想在sign_up页面中添加几个新字段(bio:string,name:string).我有一切正确显示并且新字段被添加到数据库中(当我在SQLbrowser中查看时)但是,它们没有填充,并且在用户提交sign_up表单后,有一条消息,其中一部分说:

Unpermitted parameters: bio, name

我已将2个字符串添加到_devise_create_users.rb中

  # added
  t.string :bio
  t.string :name

我让它们出现在schema.rb中

ActiveRecord::Schema.define(version: 20130629002343) do

  create_table "users", force: true do |t|
    t.string   "email",                  default: "",    null: false
    t.string   "encrypted_password",     default: "",    null: false
    t.string   "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          default: 0
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip"
    t.string   "last_sign_in_ip"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "shortbio"
    t.boolean  "admin",                  default: false
    t.string   "realname"
    t.string   "name"
    t.string   "bio"
  end

  add_index "users", ["email"], name: "index_users_on_email", unique: true
  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true

end

我的user.rb

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
   #:token_authenticatable, :confirmable,
   #:lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

end

这个问题与强参数有关吗？我很难绕过他们,在哪里/如何实施.

Answer 1

接受的解决方案是不够好,但我看到了两个问题:1)所有的控制器将检查电流控制器是色器件控制器(if: :devise_controller?)和2)我们需要编写的方法(所有可接受的参数...for(:sign_up) {|u| u.permit(:bio, :name)}),甚至:email,:password等等.

我认为更优雅的解决方案可能是:

# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up).push(:name, :phone, :organization)
  end
end

# config/routes.rb
devise_for :users, :controllers => { :registrations => "users/registrations" }

注意:Rails 4.2+的更新

这个答案已经过时了:

• 在Rails 4.2.1和Devise 3.4.1的"用户/注册"路径中将"用户"更改为"用户".
• devise_parameter_sanitizer.permit()替换devise_parameter_sanitizer.for()为Devise 4(参见Rails 5,Undefined method` for'for#<Devise on line devise_parameter_sanitizer.for)

Answer 2

确保至少使用Devise 3.0.0.添加到应用程序控制器:

before_filter :update_sanitized_params, if: :devise_controller?

def update_sanitized_params
  devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:bio, :name)}
end

文档:https://github.com/plataformatec/devise#strong-parameters

Answer 3

我也遇到了麻烦.有关devise网站的文档以及一些论坛的帮助.这是我最终做的事情:

在自定义RegistrationsController(app/controllers/users/registrations_controller.rb)中

# app/controllers/users/registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController
    before_filter :update_sanitized_params, if: :devise_controller?

    def update_sanitized_params
       devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email,   :password, :password_confirmation)}
    end
end

然后在您的路由文件(config/routes.rb)中为我们的devise_for语句:

devise_for :users, controllers: {registrations: "users/registrations"}