Rails 4 + Devise 3 - How to permit parameters for update action?

Question

In the users controller:

class UsersController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]
  ...
  private
    def set_user
      @user = User.find(params[:id])
    end

    def user_params
      accessible = [ :name, :name_slug, :email, :avatar_url ] # extend with your own params
      accessible << [ :password, :password_confirmation ] unless params[:user][:password].blank?
      params.require(:user).permit(accessible)
    end
end

I want to allow users update their name + email without being asked to fill out their password, so this is the controller for doing the update:

class RegistrationsController < Devise::RegistrationsController

  protected

  def update_resource(resource, params)
    puts 'params'
    puts params.inspect
    resource.update_without_password(params)
  end
end

It's configured in routes.rb .

But when I try to update the attributes, I get this message:

Unpermitted parameters: name
params
{"email"=>"my_email@gmail.com"}

How to make another parameters/attributes accessible?

In user.rb is only the following:

class User < ActiveRecord::Base
  TEMP_EMAIL_PREFIX = 'change@me'
  TEMP_EMAIL_REGEX = /\Achange@me/

devise :database_authenticatable, :registerable,
      :recoverable, :rememberable, :trackable, :validatable, :omniauthable

  validates_format_of :email, :without => TEMP_EMAIL_REGEX, on: :update
end

Thank you guys in advance.

Answer 1

Have you whitelisted your parameters?. In applicationController :

before_filter :configure_permitted_parameters, if: :devise_controller?

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:account_update) << [:name]
end