What is the devise_parameter_sanitizer.sanitize() method used for? And how does it differ from the devise_parameter_sanitizer.for() method?

Question

I can't find the use of devise_parameter_sanitizer.sanitize() method. Please help me it understand its use, and also how it differs from the devise_parameter_sanitizer.for() method.

Answer 1

对于设计 4+ 使用

devise_parameter_sanitizer.permit()

Answer 2

The devise_parameter_sanitizer.sanitize() method, defined in the Devise::ParameterSanitizer class , is used by devise in order to filter the allowed parameters, from its controllers, for a given action.

It is very similar to the Rails strong parameters feature.

You can use it in order to allow more fields than the default one defined by the devise gem.

As of writing, the default action -> attributes are the following has described in the gem documentation :

DEFAULT_PERMITTED_ATTRIBUTES = {
  sign_in: [:password, :remember_me],
  sign_up: [:password, :password_confirmation],
  account_update: [:password, :password_confirmation, :current_password]
}

Basically, as shown in the gem's documentation permit usage examples you pass the :action for which you would like to change the allowed attributes, and then call permit() on it with the field list:

# Adding new parameters to be permitted in the `sign_up` action.
devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])

# Removing the `password` parameter from the `account_update` action.
devise_parameter_sanitizer.permit(:account_update, except: [:password])

# Using the block form to completely override how we permit the
# parameters for the `sign_up` action.
devise_parameter_sanitizer.permit(:sign_up) do |user|
  user.permit(:email, :password, :password_confirmation)
end

Have also a look at the gem's README.md which explains pretty well all of this .