为什么邀请控制器不允许用户属性但其他用户控制器不允许?
Why are user attributes unpermitted on invitations controller but no other user controller?
我正在使用 Devise。当用户发送邀请并且接收用户填写他们的 :first_name 和 :last_name 字段时,我在我的日志中收到此消息:
Started PUT "/users/invitation" for 127.0.0.1 at 2015-02-25 14:10:06 -0500
Processing by Users::InvitationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"CfMhjBwFUc=", "user"=>{"invitation_token"=>"U9M", "first_name"=>"Jenny", "last_name"=>"Block", "invitation_relation"=>"grandmother", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Set my password"}
Unpermitted parameters: first_name, last_name
User Load (2.5ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = '315bb1140e' ORDER BY "users"."id" ASC LIMIT 1
User Load (1.6ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 [["id", 1]]
FamilyTree Load (1.4ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = LIMIT 1 [["user_id", 1]]
Unpermitted parameters: first_name, last_name
Relly is
Unpermitted parameters: first_name, last_name
(1.1ms) BEGIN
SQL (2.1ms) INSERT INTO "memberships" ("created_at", "family_tree_id", "updated_at", "user_id") VALUES (, , , ) RETURNING "id" [["created_at", "2015-02-25 19:10:07.046926"], ["family_tree_id", 1], ["updated_at", "2015-02-25 19:10:07.046926"], ["user_id", 11]]
(1.8ms) COMMIT
Unpermitted parameters: first_name, last_name
(1.1ms) BEGIN
SQL (1.6ms) UPDATE "users" SET "encrypted_password" = , "updated_at" = WHERE "users"."id" = 11 [["encrypted_password", "a$SDZ.hJ3O2UzAPz64lgwFrO/ZZOFkc03yF9FvywpLQA/JV827ZHOeO"], ["updated_at", "2015-02-25 19:10:07.138950"]]
(1.5ms) COMMIT
Unpermitted parameters: first_name, last_name
User Load (1.8ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = '315bb11408368891d2b06e502cfe5f5c6493829860d23add6743da7eec660a57' ORDER BY "users"."id" ASC LIMIT 1
(1.2ms) BEGIN
SQL (1.5ms) UPDATE "users" SET "confirmed_at" = , "encrypted_password" = , "invitation_accepted_at" = , "invitation_token" = , "updated_at" = WHERE "users"."id" = 11 [["confirmed_at", "2015-02-25 19:10:07.231371"], ["encrypted_password", "a$nsM6Ml.ruXnPF7vi9"], ["invitation_accepted_at", "2015-02-25 19:10:07.231371"], ["invitation_token", nil], ["updated_at", "2015-02-25 19:10:07.233262"]]
(1.3ms) COMMIT
FamilyTree Load (1.4ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = LIMIT 1 [["user_id", 11]]
User Load (1.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 [["id", 1]]
(1.2ms) BEGIN
SQL (1.3ms) INSERT INTO "memberships" ("created_at", "family_tree_id", "relation", "updated_at", "user_id") VALUES (, , , , ) RETURNING "id" [["created_at", "2015-02-25 19:10:07.245419"], ["family_tree_id", 11], ["relation", "grandmother"], ["updated_at", "2015-02-25 19:10:07.245419"], ["user_id", 1]]
(1.4ms) COMMIT
(1.2ms) BEGIN
SQL (1.4ms) UPDATE "users" SET "current_sign_in_at" = , "current_sign_in_ip" = , "last_sign_in_at" = , "last_sign_in_ip" = , "sign_in_count" = , "updated_at" = WHERE "users"."id" = 11 [["current_sign_in_at", "2015-02-25 19:10:07.250211"], ["current_sign_in_ip", "127.0.0.1"], ["last_sign_in_at", "2015-02-25 19:10:07.250211"], ["last_sign_in_ip", "127.0.0.1"], ["sign_in_count", 1], ["updated_at", "2015-02-25 19:10:07.252735"]]
(1.3ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 268ms (ActiveRecord: 31.3ms)
请注意整个请求,只要需要这些属性,它就不起作用,因为 Unpermitted parameters。
但是,在我的 UsersController.rb 中,我有这个:
private
def user_params
params.require(:user).permit(:first_name, :last_name, :email, :avatar)
end
在我的 User.rb 我有:
attr_accessible :first_name, :last_name, :email, :password, :password_confirmation, :invitation_relation ,:remember_me, :avatar
我没有独立的邀请控制器,不确定这是否重要。
请注意,当我从另一个控制器(例如 Registrations#Update)更新用户记录时,它工作正常,如在此日志中所见:
Started PUT "/users" for 127.0.0.1 at 2015-02-25 14:19:58 -0500
Processing by RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"CfMhjFUc=", "user"=>{"email"=>"jenny@test.com", "first_name"=>"Jenny", "last_name"=>"Block", "current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (2.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = 11 ORDER BY "users"."id" ASC LIMIT 1
FamilyTree Load (3.0ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = LIMIT 1 [["user_id", 11]]
User Load (1.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 [["id", 11]]
(2.0ms) BEGIN
SQL (1.7ms) UPDATE "users" SET "first_name" = , "last_name" = , "updated_at" = WHERE "users"."id" = 11 [["first_name", "Jenny"], ["last_name", "Block"], ["updated_at", "2015-02-25 19:19:58.716236"]]
(1.8ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 92ms (ActiveRecord: 41.7ms)
是什么导致了这种奇怪的行为?
编辑 1
这是我的 ApplicationsController 的样子:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
before_filter :update_sanitized_params, if: :devise_controller?
protected
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit( :first_name, :last_name, :email, :password, :password_confirmation)}
end
def configure_permitted_parameters
# Only add some parameters
devise_parameter_sanitizer.for(:invite) do |u|
u.permit :first_name, :last_name, :email, :invitation_relation
end
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit :invitation_token, :first_name, :last_name, :relation
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:first_name, :last_name, :avatar, :email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :email, :invitation_relation]
# Override accepted parameters
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit(:first_name, :last_name, :email, :invitation_relation)
end
end
end
如果您查看 Devise 文档,它说 RegistrationController 允许 身份验证密钥加密码 。您可以通过添加
允许他们传递 first_name 和 last_name 参数
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :first_name #or whatever param you need
end
end
您可以查看文档 here
我创建了一个独立的 invitations_controller 并将其添加到它的底部:
def update_sanitized_params
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit(:first_name, :last_name, :password, :password_confirmation, :invitation_token, :invitation_relation,:avatar, :avatar_cache, :relation, :gender)
end
end
这似乎已经解决了。
我正在使用 Devise。当用户发送邀请并且接收用户填写他们的 :first_name 和 :last_name 字段时,我在我的日志中收到此消息:
Started PUT "/users/invitation" for 127.0.0.1 at 2015-02-25 14:10:06 -0500
Processing by Users::InvitationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"CfMhjBwFUc=", "user"=>{"invitation_token"=>"U9M", "first_name"=>"Jenny", "last_name"=>"Block", "invitation_relation"=>"grandmother", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Set my password"}
Unpermitted parameters: first_name, last_name
User Load (2.5ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = '315bb1140e' ORDER BY "users"."id" ASC LIMIT 1
User Load (1.6ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 [["id", 1]]
FamilyTree Load (1.4ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = LIMIT 1 [["user_id", 1]]
Unpermitted parameters: first_name, last_name
Relly is
Unpermitted parameters: first_name, last_name
(1.1ms) BEGIN
SQL (2.1ms) INSERT INTO "memberships" ("created_at", "family_tree_id", "updated_at", "user_id") VALUES (, , , ) RETURNING "id" [["created_at", "2015-02-25 19:10:07.046926"], ["family_tree_id", 1], ["updated_at", "2015-02-25 19:10:07.046926"], ["user_id", 11]]
(1.8ms) COMMIT
Unpermitted parameters: first_name, last_name
(1.1ms) BEGIN
SQL (1.6ms) UPDATE "users" SET "encrypted_password" = , "updated_at" = WHERE "users"."id" = 11 [["encrypted_password", "a$SDZ.hJ3O2UzAPz64lgwFrO/ZZOFkc03yF9FvywpLQA/JV827ZHOeO"], ["updated_at", "2015-02-25 19:10:07.138950"]]
(1.5ms) COMMIT
Unpermitted parameters: first_name, last_name
User Load (1.8ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = '315bb11408368891d2b06e502cfe5f5c6493829860d23add6743da7eec660a57' ORDER BY "users"."id" ASC LIMIT 1
(1.2ms) BEGIN
SQL (1.5ms) UPDATE "users" SET "confirmed_at" = , "encrypted_password" = , "invitation_accepted_at" = , "invitation_token" = , "updated_at" = WHERE "users"."id" = 11 [["confirmed_at", "2015-02-25 19:10:07.231371"], ["encrypted_password", "a$nsM6Ml.ruXnPF7vi9"], ["invitation_accepted_at", "2015-02-25 19:10:07.231371"], ["invitation_token", nil], ["updated_at", "2015-02-25 19:10:07.233262"]]
(1.3ms) COMMIT
FamilyTree Load (1.4ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = LIMIT 1 [["user_id", 11]]
User Load (1.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 [["id", 1]]
(1.2ms) BEGIN
SQL (1.3ms) INSERT INTO "memberships" ("created_at", "family_tree_id", "relation", "updated_at", "user_id") VALUES (, , , , ) RETURNING "id" [["created_at", "2015-02-25 19:10:07.245419"], ["family_tree_id", 11], ["relation", "grandmother"], ["updated_at", "2015-02-25 19:10:07.245419"], ["user_id", 1]]
(1.4ms) COMMIT
(1.2ms) BEGIN
SQL (1.4ms) UPDATE "users" SET "current_sign_in_at" = , "current_sign_in_ip" = , "last_sign_in_at" = , "last_sign_in_ip" = , "sign_in_count" = , "updated_at" = WHERE "users"."id" = 11 [["current_sign_in_at", "2015-02-25 19:10:07.250211"], ["current_sign_in_ip", "127.0.0.1"], ["last_sign_in_at", "2015-02-25 19:10:07.250211"], ["last_sign_in_ip", "127.0.0.1"], ["sign_in_count", 1], ["updated_at", "2015-02-25 19:10:07.252735"]]
(1.3ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 268ms (ActiveRecord: 31.3ms)
请注意整个请求,只要需要这些属性,它就不起作用,因为 Unpermitted parameters。
但是,在我的 UsersController.rb 中,我有这个:
private
def user_params
params.require(:user).permit(:first_name, :last_name, :email, :avatar)
end
在我的 User.rb 我有:
attr_accessible :first_name, :last_name, :email, :password, :password_confirmation, :invitation_relation ,:remember_me, :avatar
我没有独立的邀请控制器,不确定这是否重要。
请注意,当我从另一个控制器(例如 Registrations#Update)更新用户记录时,它工作正常,如在此日志中所见:
Started PUT "/users" for 127.0.0.1 at 2015-02-25 14:19:58 -0500
Processing by RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"CfMhjFUc=", "user"=>{"email"=>"jenny@test.com", "first_name"=>"Jenny", "last_name"=>"Block", "current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (2.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = 11 ORDER BY "users"."id" ASC LIMIT 1
FamilyTree Load (3.0ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = LIMIT 1 [["user_id", 11]]
User Load (1.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT 1 [["id", 11]]
(2.0ms) BEGIN
SQL (1.7ms) UPDATE "users" SET "first_name" = , "last_name" = , "updated_at" = WHERE "users"."id" = 11 [["first_name", "Jenny"], ["last_name", "Block"], ["updated_at", "2015-02-25 19:19:58.716236"]]
(1.8ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 92ms (ActiveRecord: 41.7ms)
是什么导致了这种奇怪的行为?
编辑 1
这是我的 ApplicationsController 的样子:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
before_filter :update_sanitized_params, if: :devise_controller?
protected
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit( :first_name, :last_name, :email, :password, :password_confirmation)}
end
def configure_permitted_parameters
# Only add some parameters
devise_parameter_sanitizer.for(:invite) do |u|
u.permit :first_name, :last_name, :email, :invitation_relation
end
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit :invitation_token, :first_name, :last_name, :relation
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:first_name, :last_name, :avatar, :email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :email, :invitation_relation]
# Override accepted parameters
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit(:first_name, :last_name, :email, :invitation_relation)
end
end
end
如果您查看 Devise 文档,它说 RegistrationController 允许 身份验证密钥加密码 。您可以通过添加
first_name 和 last_name 参数
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :first_name #or whatever param you need
end
end
您可以查看文档 here
我创建了一个独立的 invitations_controller 并将其添加到它的底部:
def update_sanitized_params
devise_parameter_sanitizer.for(:accept_invitation) do |u|
u.permit(:first_name, :last_name, :password, :password_confirmation, :invitation_token, :invitation_relation,:avatar, :avatar_cache, :relation, :gender)
end
end
这似乎已经解决了。