rails 4中的attr_accessible

Question

I'm doing the onemonth rails and I'v got a problem with the attr_accessible function. I've installed it as a gem in rails 4(gem 'protected_attributes') and using it with the simple_form.

But the problem is that when I update my form with a name, it doesnt remember it! But it says it updated successfully??

Ths is my user.rb

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  attr_accessible :email, :password, :password_confirmation, :remember_me, :name
end

Answer 1

Since you are using Devise you can remove the entire attr_accessible line (and the strong_parameters gem, see more below). Devise provides a controller which handles sign-up for you already.

If you want to add other attributes to your user you can subclass Devise::RegistrationsController with your custom controller:

# app/controllers/registrations_controller
class RegistrationsController < Devise::RegistrationsController

  private

  def sign_up_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation)
  end

  def account_update_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation, :current_password)
  end
end

You then need to tell Devise to route to your custom controller:

# config/routes.rb
devise_for :users, :controllers => { registrations: 'registrations' }

PS . I would also recommend removing the strong_parameters gem and use the out of the box Rails 4 strong parameters . There are several known problems with whitelisting parameters on the model level (different params for different actions for example).