设计和强大的参数 [英] Devise and Strong Parameters

问题描述

我想知道如何集成这两个 gems(设计 + 强参数)，因为强参数可能会在 4.0 中添加到 rails 核心

I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0

欢迎任何帮助谢谢

推荐答案

更新 devise 4.x

Update for devise 4.x

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
    devise_parameter_sanitizer.permit(:sign_in, keys: [:username])
    devise_parameter_sanitizer.permit(:account_update, keys: [:username])
  end
end

<小时>

添加两个 gem 后，devise 将正常工作.

---

After adding both gems, devise will work as normal.

更新:使用最新版本的 Devise 3.x，如 devise#strong-parameters 所述、身份验证密钥(通常是电子邮件字段)和密码字段已被允许.但是，如果注册表单上有任何其他字段，您需要让 Devise 知道要允许的额外字段.最简单的方法是使用过滤器:

Update: With the latest version of Devise 3.x, as described at devise#strong-parameters, the authentication key (normally the email field), and the password fields are already permitted. However, if there are any additional fields on the signup form, you will need to let Devise know the extra fields to permit. The easiest way to do this is with a filter:

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :username
  end
end

对于 Devise 2.x，如果您使用要求在用户模型中明确将受污染参数列入白名单的安全功能:

For Devise 2.x, if you use the safety feature requiring explicitly whitelisting tainted parameters in the user model:

include ActiveModel::ForbiddenAttributesProtection

所需的更改可在 https://gist.github.com/3350730 中找到，它覆盖了一些的控制器.

the changes needed are found at https://gist.github.com/3350730 which overrides some of the controllers.

这篇关于设计和强大的参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！