How to specify devise_parameter_sanitizer for edit action?

Question

How to specify devise_parameter_sanitizer for edit action?

I added Devise to my Rails 4 application and successfully added a username, etc. into the User model. In addition, I can store these fields using the lazy way and trade, i.e.

class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname) } end end

However i tried

 def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname) } devise_parameter_sanitizer.for(:edit) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname) } end

but this does not work as expected (the username is not saved when invoked by the edit action). Is there anything else I need to do to get this to work? Thank!

+47

ruby-on-rails-4 devise strong-parameters

conciliator Nov 05 '13 at 14:39

source share

4 answers

For the developer 4.1 +

 class ApplicationController < ActionController::Base before_action :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :email]) devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :phone, :email, bank_attributes: [:bank_name, :bank_account]]) end end

The .for method .for deprecated, now we use .permit

The first arg is the name of the action. :sign_up is for creating new Devise resources (such as users), and :account_update is for editing / updating a resource.

The second arg,: :keys contains an array of parameters that you allow.

If you want nested_attributes , there is an example in :account_update , you add a separate array with the key <object>_attributes .

+50

Mirror318 Jun 12 '16 at 10:54 on

source share

@conciliator is true about the magic word: account_update, but here is a link to the documentation to which it referred http://rubydoc.info/github/plataformatec/devise/ Search for "devise_parameter_sanitizer" and you will see the following:

In Devise, there are only three actions that allow you to transfer any set of model parameters, so disinfection is required. Their default names and allowed parameters are:

 sign_in (Devise::SessionsController#new) - Permits only the authentication keys (like email) sign_up (Devise::RegistrationsController#create) - Permits authentication keys plus password and password_confirmation account_update (Devise::RegistrationsController#update) - Permits authentication keys plus password, password_confirmation and current_password

+15

techbrownbags Apr 18 '14 at 17:20

source share

 def configure_permitted_parameters devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) } end

+6

lypef Jan 18 '15 at 7:10

source share

conciliator · Accepted Answer · 2013-11-05 16:05

Once again, it is a matter of reading the manual ...

The magic word :account_update and therefore the working version becomes

 def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname, :nickname) } devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) } end

Please note that if you are logging in using non-standard parameters, the search word :sign_in (as expected).

How to specify devise_parameter_sanitizer for edit action?

For the developer 4.1 +

More articles: