强参数 - Devise 3.0.0和Rails 4.“未经许可的参数：名称” [英] Strong parameters - Devise 3.0.0 and Rails 4. "Unpermitted parameters: name"

问题描述

我目前正在使用Rails 4和Devise 3.0.0。我已经尝试在注册表单中添加一个名称的自定义字段并编辑注册表单。每当我提交表单时，出现以下错误：

I am currently using Rails 4 and Devise 3.0.0. I have tried to add a custom field of "Name" to the sign up form and edit registration form. Whenever I submit the form, the following errors arise:

Unpermitted parameters: name

WARNING: Can't mass-assign protected attributes for User: email, password, password_confirmation.

我知道这与Rails 4处理参数的方式有关，但我不明白我现在应该怎么做。我已经搜索过，看到我应该在一个涉及params的用户模型中添加一些行。

I understand that this has something to do with the way Rails 4 handles parameters, but I do not understand what I am supposed to do about it right now. I have searched around and have seen that I am supposed to add some lines to a User model involving "params."

我的用户模型目前看起来像这样：

My user model currently looks like this:

class User < ActiveRecord::Base

  devise :database_authenticatable, :registerable, #:recoverable,
          :rememberable, :trackable, :validatable

  attr_accessible :name, :password, :password_confirmation, :remember_me, :email
end

根据如何在Rails 4中使用attr_accessible？，我应该将以下代码添加到控制器。

According to How is attr_accessible used in Rails 4?, I am supposed to add the following code to "The controller."

class PeopleController < ApplicationController
  def create
    Person.create(person_params)
  end

  private

  def person_params
    params.require(:person).permit(:name, :age)
  end
end

什么控制器？这是文字代码吗？由于我在处理User，我必须使用User.create（user_params）？而不是Person.create（person_params）？

What controller? And is this literal code? Since I am dealing with User, do I have to use User.create(user_params)? instead of Person.create(person_params)?

推荐答案

你必须在控制器中添加这个你写的User.create（user_params ）。我假设UsersController。

You have to add this in controller where you have written User.create(user_params). I am assuming that UsersController.

class UsersController < ApplicationController
  def create
    User.create(user_params)
  end

  private

  def user_params
#assumption: user params are coming in params[:user]
    params.require(:user).permit(:name, :age, :and_other_params_you_want_to_allow)
  end
end

这篇关于强参数 - Devise 3.0.0和Rails 4.“未经许可的参数：名称”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！