Rails 4/Devise/MongoDB:“不允许的参数"使用自定义属性和强参数 [英] Rails 4/Devise/MongoDB: "Unpermitted parameters" using custom properties and strong parameters
问题描述
尝试向我设计的 User 类添加嵌套的自定义属性 Profile(一个 Mongoid 文档).当提交设计注册表时,它应该同时创建一个用户和一个相应的个人资料对象.
Trying to add a nested custom attribute, Profile (a Mongoid document), to my devise User class. When the Devise registration form is submitted, it should create both a User and a corresponding Profile object as well.
我希望最终结果在我的 MongoDB 中看起来像这样:
I'd like the end-result to look something like this in my MongoDB:
用户:
{
# Devise fields:
"email": "my@email.com",
...
# Custom field
"profile" : "<object_id>"
}
个人资料:
{
"first_name": "Dave",
....
}
<小时>
不幸的是,每当我提交注册时,我都会在控制台中收到此消息.它成功创建了一个用户,但未能创建关联的配置文件.
Unfortunately, I am receiving this in my console whenever I submit my registration. It successfully creates a User but fails to create an associated Profile.
Started POST "/" for 127.0.0.1 at 2013-04-20 23:37:10 -0400
Processing by Users::RegistrationsController#create as HTML
Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"awN2GU8EYEfisU0",
"user"=>
{"profile_attributes"=>
{"first_name"=>"Dave",
"birthday(2i)"=>"4",
"birthday(3i)"=>"21",
"birthday(1i)"=>"1933",
"occupation_title"=>"Software Developer"},
"password"=>"[FILTERED]",
"password_confirmation"=>"[FILTERED]",
"email"=>"my@email.com"}}
Unpermitted parameters: profile_attributes
<小时>
我已经设置:
I have setup:
- Rails 4.0.0beta1、Ruby 2.0.0-p0
- 设计('rails4' 分支),Mongoid(来自 git)
- 自定义设计注册控制器,用于添加强参数定义.
models/user.rb:
class User
include Mongoid::Document
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:token_authenticatable, :confirmable, :lockable, :timeoutable
field :email, type: String, default: ''
...
has_one :profile
accepts_nested_attributes_for :profile
end
models/profile.rb:
class Profile
include Mongoid::Document
include Mongoid::Timestamps
# Attributes
# ----------
field :slug, type: String, default: '' # Acts as user-'friendlier' slug
field :birthday, type: DateTime, default: DateTime.now
field :first_name, type: String, default: ''
field :occupation_title, type: String, default: ''
belongs_to :user
embeds_many :photos
has_one :occupation_industry, :as => :industry
end
controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
def resource_params
params.require(:user).permit(:email, :password, :password_confirmation, :profile_attributes)
end
private :resource_params
end
routes.rb
devise_for :users,
:path => '',
:path_names => {
:sign_in => 'login',
:sign_out => 'logout',
:sign_up => 'register'
},
:controllers => {
:registrations => "users/registrations",
:passwords => "users/passwords"
}
我已经看过这些相关的帖子,它们似乎没有帮助:
I have already looked at these related posts, they didn't seem to help:
看起来 Devise 实际上确实支持其rails4"分支中的强参数(它应该在几天内合并到 master 中.)查看代码,似乎您可以为 devise 上的每个操作覆盖一个 params 函数控制器.对于创建新用户,在我的示例中使用 sign_up_params
而不是 resource_params
.
Looks like Devise does actually support strong parameters in its 'rails4' branch (which is supposed to be merged into master in a few days.) Looking through the code, it appears you can override a params function for each action on devise controllers. For creating new users, its sign_up_params
instead of resource_params
in my example.
尽管将此名称更改为正确的名称,但它仍然无效...仅使用此 bang 将所有参数列入白名单似乎有效:
Despite changing this name to the proper one, it still didn't work... only whitelisting all parameters using this bang seemed to work:
def sign_up_params
params.require(:user).permit!
end
显然,这种违背了强参数的目的......所以现在的问题是我如何允许我的嵌套属性profile_attributes
(如我原来的问题所示)?
Obviously, this kind of defeats the purpose of strong parameters... so now the question is how do I permit my nested attributes profile_attributes
(as seen in my original question)?
推荐答案
我遇到了完全相同的问题,覆盖 sign_up_params 对我有用
I had the exact same issue and overriding sign_up_params did work for me
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation, :other, :etc)
end
当然,不同之处在于我的只是标量值,而您正在尝试批量分配关系......我想这就是您应该寻找的地方.
of course, the difference is in that mine are just scalar values, while you're trying to mass assign a relation... I guess that's where you should look for.
顺便说一下,这个主题中的文档仍然不存在(太新),并且代码commnents建议覆盖devise_parameter_sanitizer,这是不必要的.
By the way, the documentations is still inexistint in this topic (too new), and code commnents suggest to override devise_parameter_sanitizer, which isn't necessary.
这篇关于Rails 4/Devise/MongoDB:“不允许的参数"使用自定义属性和强参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!