实施基于角色的授权时，如何在rails（设计）中允许新参数

Question

I'm working on creating an application with role based authorization.So,In i have created a migration to devise users to add a new column "role" And I have the following code block in my applications controller to permit the new parameter(role).But still when i try to sign up as a new user.I get the error that the parameter role is unpermitted.Please help me to solve this issue.

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
  devise_parameter_sanitizer.permit(:sign_up)  { |u| u.permit(  :email, :password, :password_confirmation, roles: [] ) }
end

end

This is what i've got in my user model

class User < ApplicationRecord
  belongs_to :role
  # has_many :Product
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

         ROLES = %i[admin manager customer]

def user_params
  params.require(:user).permit(:name, :email, :password, :password_confirmation, :role)
end


end

migration is as follows

class AddRoleToUsers < ActiveRecord::Migration[5.0]
  def change
    add_column :users, :role, :string
  end
end

Please help me to solve this issue.Thank you.

Answer 1

Your user model doesn't have access to params, so you can remove the user_params method from there. Unless you're nesting attributes, you won't need to pass in the array for the role attribute, so change

devise_parameter_sanitizer.permit(:sign_up)  { |u| u.permit(  :email, :password, :password_confirmation, roles: [] ) }

to

devise_parameter_sanitizer.permit(:sign_up)  { |u| u.permit(  :email, :password, :password_confirmation, :role ) }

#

And you should be good to go.