如何让Devise 3.4允许参数Rails 4.2

时间:2015-03-16 07:15:50

标签: ruby ruby-on-rails-4 devise

欢迎提出如何改善这个问题的建议

我在生成后向Devise用户添加了3件事。

t.integer  "role"
t.string   "firstname"
t.string   "lastname"

在用户注册时,允许这些参数并正确创建用户。

当用户尝试编辑其帐户时,“firstname”和“lastname”值可以更改,但当用户尝试在其/ users / edit页面上更改其角色时,不会出现错误,flash说“帐户”成功更新“但角色值没有改变。

从/log/development.log显示所有3个参数都是不允许的,如果确实如此,我不知道为什么其他两个可以更新。

Parameters: {"utf8"=>"✓", "authenticity_token"=>"LnVPFFJKV+RtnB21ZUGr4HF1siVcEuT/BRXaLVkch1nWQXiGRFVGhdWchlQSZ9A7mFgKX2njEjCbqR4CHp5hmQ==", "user"=>{"role"=>"worker", "firstname"=>"asdfDe Wet", "lastname"=>"Blomerus", "email"=>"dewet@blomerus.org", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
  [1m[36mUser Load (0.8ms)[0m  [1mSELECT  "users".* FROM "users" WHERE "users"."id" = $1  ORDER BY "users"."id" ASC LIMIT 1[0m  [["id", 6]]
  [1m[35mUser Load (0.4ms)[0m  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1  [["id", 6]]
Unpermitted parameters: role, firstname, lastname
Redirected to http://localhost:3000/
Completed 302 Found in 84ms (ActiveRecord: 1.5ms)

/config/initializers/devise_permitted_pa​​rameters.rb

module DevisePermittedParameters
  extend ActiveSupport::Concern

  included do
    before_filter :configure_permitted_parameters
  end

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << [:firstname, :lastname, :role]
    devise_parameter_sanitizer.for(:account_update) << [:firstname, :lastname, :role]
  end

end

DeviseController.send :include, DevisePermittedParameters

/app/controllers/users_controller.rb的相关部分

def update
  @user = User.find(params[:id])
  if @user.update_attributes(secure_params)
    redirect_to users_path, :notice => "User updated."
  else
    redirect_to users_path, :alert => "Unable to update user."
  end
end

private

def secure_params
  params.require(:user).permit(:role, :firstname, :lastname)
end

更新操作永远不会运行,我可以完全注释掉它,没有任何变化。

1 个答案:

答案 0 :(得分:1)

这对我来说对设计有用:

我更改了users / registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController
  before_action :configure_permitted_parameters, only: [:create]
  before_filter :configure_account_update_params, only: [:update]

  def create
   super
  end

  # GET /resource/edit
  def edit
    super
  end

  # PUT /resource
  def update
    super
  end

  # DELETE /resource
   def destroy
       super
   end

  protected

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) do |u|
      u.permit(:first_name, :last_name, :user_name, :email, :password, :password_confirmation, :avatar, :avatar_cache)
    end
end

def configure_account_update_params
    devise_parameter_sanitizer.for(:account_update)do |u|
      u.permit(:first_name, :last_name, :user_name, :email, :password, :password_confirmation, :current_password, :avatar, :avatar_cache)
  end
end

我没有在users_controller.rb中定义任何更新操作。这不是必需的。另外,我不使用你定义的任何类型的模块,它工作正常。