Rails 4 + 设计 3 - 如何允许更新操作的参数?
Rails 4 + Devise 3 - How to permit parameters for update action?
在 users 控制器中:
class UsersController < ApplicationController
before_action :set_user, only: [:show, :edit, :update, :destroy]
...
private
def set_user
@user = User.find(params[:id])
end
def user_params
accessible = [ :name, :name_slug, :email, :avatar_url ] # extend with your own params
accessible << [ :password, :password_confirmation ] unless params[:user][:password].blank?
params.require(:user).permit(accessible)
end
end
我想允许用户更新他们的姓名 + 电子邮件而不被要求填写他们的密码,所以这是进行更新的控制器:
class RegistrationsController < Devise::RegistrationsController
protected
def update_resource(resource, params)
puts 'params'
puts params.inspect
resource.update_without_password(params)
end
end
配置在routes.rb.
但是当我尝试更新属性时,我收到这条消息:
Unpermitted parameters: name
params
{"email"=>"my_email@gmail.com"}
如何使另一个 parameters/attributes 可访问?
在user.rb中只有以下内容:
class User < ActiveRecord::Base
TEMP_EMAIL_PREFIX = 'change@me'
TEMP_EMAIL_REGEX = /\Achange@me/
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
validates_format_of :email, :without => TEMP_EMAIL_REGEX, on: :update
end
提前谢谢大家。
您是否已将参数列入白名单?。在 applicationController:
before_filter :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) << [:name]
end
在 users 控制器中:
class UsersController < ApplicationController
before_action :set_user, only: [:show, :edit, :update, :destroy]
...
private
def set_user
@user = User.find(params[:id])
end
def user_params
accessible = [ :name, :name_slug, :email, :avatar_url ] # extend with your own params
accessible << [ :password, :password_confirmation ] unless params[:user][:password].blank?
params.require(:user).permit(accessible)
end
end
我想允许用户更新他们的姓名 + 电子邮件而不被要求填写他们的密码,所以这是进行更新的控制器:
class RegistrationsController < Devise::RegistrationsController
protected
def update_resource(resource, params)
puts 'params'
puts params.inspect
resource.update_without_password(params)
end
end
配置在routes.rb.
但是当我尝试更新属性时,我收到这条消息:
Unpermitted parameters: name
params
{"email"=>"my_email@gmail.com"}
如何使另一个 parameters/attributes 可访问?
在user.rb中只有以下内容:
class User < ActiveRecord::Base
TEMP_EMAIL_PREFIX = 'change@me'
TEMP_EMAIL_REGEX = /\Achange@me/
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
validates_format_of :email, :without => TEMP_EMAIL_REGEX, on: :update
end
提前谢谢大家。
您是否已将参数列入白名单?。在 applicationController:
before_filter :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) << [:name]
end