Rails和Devise的强参数 [英] Strong parameters with Rails and Devise
问题描述
我正在使用rails 4.0分支的设计以及ruby 2.0.0p0和Rails 4.0.0.beta1。
这是一个问题,我在哪里检查我正在做正确的方法,或者如果还有其他事情我应该做。我相信很多人搬到Rails 4.0都面临着同样的问题(在类似的东西进行搜索之后)。
我已经阅读了以下链接:
- 设计和强参数
- https://gist.github.com/kazpsp/3350730
- https://github.com/plataformatec/devise/ tree / rails4#strong-parameters
现在使用devise我创建了一个User模型,我创建了以下控件(确保将其包含在我的路线文件中)。我的额外参数是first_name和last_name。
class Users :: RegistrationsController< Devise :: RegistrationsController
def sign_up_params
params.require(:user).permit(:first_name,:last_name,:email,:password,:password_confirmation)
end
def account_update_params
params.require(:user).permit(:first_name,:last_name,:email,:password,:password_confirmation,:current_password)
end
private:sign_up_params
private: account_update_params
end
还有什么我应该做的吗?这是从现在开始做的最好的方式(因为drop attr_accessor)。我的表单似乎工作正常(新的和更新)。 gist表示使用resource_params,但总是给出了服务器日志中的未经许可的参数错误。
Devise的Rails4分支的最新更新,它并不需要插入resource_params。
我创建了一个全新的Rails4应用程序,并遵循基本的Devise安装步骤,我的应用程序正常工作,所以我认为,你做得很好。
但是有一个修改的要点,如果需要,可以给出一些关于允许参数的额外细节:
资料来源: a href =https://gist.github.com/bluemont/e304e65e7e15d77d3cb9 =noreferrer> https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
#controllers / users / registrations_controller.rb
class Users :: RegistrationsController< devise :: RegistrationsController
before_filter:configure_permitted_parameters
protected
#我的自定义字段是:name,:hear_how
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up)do | u |
u.permit(:name,:hear_how,
:email,:password,:password_confirmation)
end
devise_parameter_sanitizer.for(:account_update)do | u |
u.permit(:name,
:email,:password,:password_confirmation,:current_password)
end
end
end
I am using the rails 4.0 branch of devise along with ruby 2.0.0p0 and Rails 4.0.0.beta1.
This is the kind of question where I am checking if I'm doing it the right way, or if there are other things I should be doing. I'm sure a lot of people moving to Rails 4.0 are facing the same problems (after googling for similar things).
I have read the following links:
- Devise and Strong Parameters
- https://gist.github.com/kazpsp/3350730
- https://github.com/plataformatec/devise/tree/rails4#strong-parameters
Now using devise I created a User model, I created the following controller using the above gists (and made sure to include it in my routes file). My extra parameters are first_name and last_name.
class Users::RegistrationsController < Devise::RegistrationsController
def sign_up_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
end
def account_update_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :current_password)
end
private :sign_up_params
private :account_update_params
end
Is there anything else I should be doing? Is this the best way of doing things from now on (since dropping attr_accessor). My forms seem to be working fine (both the new and update). The gists said to use "resource_params" but that always gave the "Unpermitted parameters" error in my server log.
Thanks for the latest updates on Rails4 branch of Devise, it doesn't really need to insert 'resource_params'.
I've created a brand new Rails4 app and followed basic Devise installation steps and my app works properly, so I think, you've done well.
But there is a modified gist which gives you some extra details in terms of permitted parameters if you need:
Source: https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
# controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
protected
# my custom fields are :name, :heard_how
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :heard_how,
:email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name,
:email, :password, :password_confirmation, :current_password)
end
end
end
这篇关于Rails和Devise的强参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
