[英]Strong parameters - Devise 3.0.0 and Rails 4. “Unpermitted parameters: name”
I am currently using Rails 4 and Devise 3.0.0. 我目前正在使用Rails 4和Devise 3.0.0。 I have tried to add a custom field of "Name" to the sign up form and edit registration form. 我已尝试在注册表单中添加“名称”的自定义字段并编辑注册表单。 Whenever I submit the form, the following errors arise: 每当我提交表单时,都会出现以下错误:
Unpermitted parameters: name
WARNING: Can't mass-assign protected attributes for User: email, password, password_confirmation.
I understand that this has something to do with the way Rails 4 handles parameters, but I do not understand what I am supposed to do about it right now. 我知道这与Rails 4处理参数的方式有关,但我不明白我现在应该怎么做。 I have searched around and have seen that I am supposed to add some lines to a User model involving "params." 我已经四处搜索并看到我应该在涉及“params”的用户模型中添加一些行。
My user model currently looks like this: 我的用户模型目前看起来像这样:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, #:recoverable,
:rememberable, :trackable, :validatable
attr_accessible :name, :password, :password_confirmation, :remember_me, :email
end
According to How is attr_accessible used in Rails 4? 根据Rails 4中如何使用attr_accessible? , I am supposed to add the following code to "The controller." ,我应该将以下代码添加到“控制器”。
class PeopleController < ApplicationController
def create
Person.create(person_params)
end
private
def person_params
params.require(:person).permit(:name, :age)
end
end
What controller? 什么控制器? And is this literal code? 这是文字代码吗? Since I am dealing with User, do I have to use User.create(user_params)? 由于我正在处理User,我是否必须使用User.create(user_params)? instead of Person.create(person_params)? 而不是Person.create(person_params)?
Rails 4 has moved parameter sanitisation to the Controller from the Model. Rails 4已经从模型中将参数消毒转移到Controller。 Devise handles it for 3 actions, sign_in, sign_up and account_update. Devise处理3个动作,sign_in,sign_up和account_update。 For sign_up, the permitted parameters are authentication key
(which is :email
by default), password
and password_confirmation
. 对于sign_up,允许的参数是authentication key
(默认情况下为:email
), password
和password_confirmation
。
If you want to add :name
to the User
model and use it for sign_up, either change config.authentication_keys = [ :email ]
to config.authentication_keys = [ :name ]
in /config/initializers/devise.rb
or, if you want to use both :email
and :name
, add this to the ApplicationController
如果要将:name
添加到User
模型并将其用于sign_up,请在/config/initializers/devise.rb
中将config.authentication_keys = [ :email ]
更改为config.authentication_keys = [ :name ]
,或者,如果需要同时使用:email
和:name
,将其添加到ApplicationController
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username
end
end
Also check- https://github.com/plataformatec/devise#strong-parameters 另请查看https://github.com/plataformatec/devise#strong-parameters
Yes, you should add one line which is like:- 是的,你应该添加一行,如: -
attr_accessible :name
in your model to allow name to assigned and if it does not work try this How is attr_accessible used in Rails 4? 在你的模型中允许分配名称,如果它不起作用,试试这个如何在Rails 4中使用attr_accessible?
You have to add this in controller where you have written User.create(user_params). 您必须在已编写User.create(user_params)的控制器中添加此项。 I am assuming that UsersController. 我假设UsersController。
class UsersController < ApplicationController
def create
User.create(user_params)
end
private
def user_params
#assumption: user params are coming in params[:user]
params.require(:user).permit(:name, :age, :and_other_params_you_want_to_allow)
end
end
I have similar problem. 我有类似的问题。 So, to fix it I created custom registration controller inherit form DeviseRegistration controller. 所以,为了解决它,我创建了自定义注册控制器继承形式DeviseRegistration控制器。 Check Devise documentation and define controller like this. 检查Devise文档并定义这样的控制器。
class RegistrationsController < Devise::RegistrationsController
before_filter :update_sanitized_params, if: :devise_controller?
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email, :)}
end
end
Make sure you have define this routes for this controller in config/routes.rb 确保在config / routes.rb中为此控制器定义了此路由
devise_for :users, :controllers => {:registrations => "registrations" } , :path => '', :path_names => {
:sign_in => 'login',
:sign_out => 'logout'
}
Check this documentation of devise for strong parameter. 检查设备的文档以获取强参数。
i had similar issues, this was my fix: 我有类似的问题,这是我的修复:
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) { |u| u.permit!}
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.