我正在尝试在 Rails 4 上为我的设计用户模型传递一个附加参数。由于需要允许,我在主应用控制器中添加了一个过滤器,如下所示。
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
prepend_before_filter :add_allowed_devise_session_params, if: :devise_controller?
def add_allowed_devise_session_params
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit("avatar") }
end
end
但是当提交:sign_up时,我仍然收到错误:
Unpermitted parameters: avatar
参数如下所示:
Processing by RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"vp1ir2TJwZXwYGFtDc97bSf/dnXQQl1pksHVxdVTaWc=", "user"=>{"name"=>"stan@merkwelt5.com", "email"=>"stan@merkwelt5.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "avatar"=>#<ActionDispatch::Http::UploadedFile:0x007fa05762a918 @tempfile=#<File:/var/folders/8y/g14_rdxx31gb35dyjhltk4xc0000gn/T/RackMultipart20131219-7366-vf7of8>, @original_filename="instagram_logo.jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"user[avatar]\"; filename=\"instagram_logo.jpg\"\r\nContent-Type: image/jpeg\r\n">}, "commit"=>"Sign up"}
我验证了实际调用过滤器:sign_up及其根据设计文档:
https://github.com/plataformatec/devise#strong-parameters
我错过了什么?
答案 0 :(得分:0)
事实证明,我忽略了必须更新设计控制器。因为设计文档指向ApplicationController,所以没有看。
class RegistrationsController < Devise::RegistrationsController
before_filter :update_sanitized_params, if: :devise_controller?
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:avatar,:name, :email, :password, :password_confirmation)}
devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:avatar,:name, :email, :password, :password_confirmation, :current_password)}
end
end