update_resource_params给出未经许可的参数错误 - 设计可邀请

时间:2014-10-07 01:55:52

标签: ruby-on-rails ruby-on-rails-4 devise devise-invitable

我正在尝试使用Devise Invitable在我的应用中对现有用户实施邀请。

乍一看,这失败了,因为Devise Invitable最适合新用户使用 - 即未注册。

但这就是我的User::InvitationsController看起来像(为简洁而截断):

class Users::InvitationsController < Devise::InvitationsController
include ApplicationHelper
  before_filter :configure_permitted_parameters, if: :devise_controller?
  before_filter :update_sanitized_params, only: :update

  # PUT /resource/invitation

  def create
    invited_user = User.where(email: params[:user][:email])
    if !invited_user.empty?
      invitation_token = Devise.token_generator.digest(resource_class, :invitation_token, update_resource_params[:invitation_token])
      self.resource = resource_class.where(invitation_token: invitation_token).first
      family_tree = self.resource.invited_by.family_tree
      family_tree.memberships.create(:user_id => user.id, relation: update_resource_params[:relation])
      resource.create_membership_both_ways(params[:user][:invitation_token], params[:user][:relation])
      resource.skip_password = true
      resource.update_attributes update_resource_params.except(:invitation_token)
      redirect_to my_tree_path
     else
       super
     end
  end

  protected

  def update_sanitized_params
    devise_parameter_sanitizer.for(:accept_invitation) do |u|
      u.permit(:name, :password, :password_confirmation, :invitation_token, :invitation_relation,:avatar, :avatar_cache, :relation)
    end
  end

  def update_resource_params
    devise_parameter_sanitizer.sanitize(:accept_invitation) do |u|
      u.permit(:email)
    end
  end
end

当我使用pry进行调试时,这就是我在invitation_token周围发生的事情:

[1] pry(#<Users::InvitationsController>)> invitation_token
=> false
[2] pry(#<Users::InvitationsController>)> update_resource_params
Unpermitted parameters: email
=> {"name"=>"", "invitation_relation"=>"uncle"}

关于可能导致此问题的原因的思考,或者我如何摆脱这个unpermitted paramters :email问题?

修改1

以下是相关路线:

  devise_for :users, :controllers => { :invitations => 'users/invitations', :confirmations => 'confirmations' }

  devise_scope :user do
    post "users/invitation/sign_in" => "users/invitations#invite_sign_in"
  end

修改2

在我的application_controller.rb我有一个方法,我添加了:email,似乎已经停止了这个错误:

  def configure_permitted_parameters
    # Once I added :email to this method, it stopped throwing the unpermitted error
    devise_parameter_sanitizer.for(:accept_invitation) do |u|
      u.permit(:name, :email, :last_name, :invitation_relation)
    end
  end

1 个答案:

答案 0 :(得分:1)

使用Devise并配置allowed_pa​​rams时,最好在应用程序控制器中执行此操作,  你可以用两种方式之一

def configure_permitted_parameters
 devise_parameter_sanitizer.for(:accept_invitation) do |u|
   u.permit(:name, :email, :last_name, :invitation_relation)
 end
end

OR 

def configure_permitted_params
  devise_parameter_sanitizer.for(:accept_invitation) << [:name, :email, :last_name, :invitation_relation]
end
相关问题
最新问题