The accepted solution is good enough, but I see two problems: 1) All the controllers will check if the current controller is the devise controller (if: :devise_controller?) and 2) We need to write all the acceptable parameters in the method (...for(:sign_up) {|u| u.permit(:bio, :name)}), even the :email, :passwordand so on.

公认的解决方案已经足够好了，但我看到两个问题：1) 所有控制器都会检查当前控制器是否是设计控制器 ( if: :devise_controller?) 和 2) 我们需要在方法 ( ...for(:sign_up) {|u| u.permit(:bio, :name)}) 中写入所有可接受的参数，甚至是:email，:password等等。

I think that a more elegant solution could be:

我认为更优雅的解决方案可能是：

# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up).push(:name, :phone, :organization)
  end
end

# config/routes.rb
devise_for :users, :controllers => { :registrations => "users/registrations" }

NOTE: Updates for Rails 4.2+

注意：Rails 4.2+ 的更新

This answer is falling out of date:

这个答案已经过时了：

• Change "users" to "user" in the "users/registration" path for Rails 4.2.1 and Devise 3.4.1.
• devise_parameter_sanitizer.permit()replaces devise_parameter_sanitizer.for()for Devise 4 (see Rails 5, Undefined method `for' for #<Devise on line devise_parameter_sanitizer.for)

• 在 Rails 4.2.1 和 Devise 3.4.1 的“用户/注册”路径中将“用户”更改为“用户”。
• devise_parameter_sanitizer.permit()替换devise_parameter_sanitizer.for()Devise 4（参见Rails 5，未定义的方法 `for' for #<Devise on line devise_parameter_sanitizer.for）

Make sure you are using Devise 3.0.0 at least. Add to your application controller:

确保您至少使用 Devise 3.0.0。添加到您的应用程序控制器：

before_filter :update_sanitized_params, if: :devise_controller?

def update_sanitized_params
  devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:bio, :name)}
end

Documentation: https://github.com/plataformatec/devise#strong-parameters

文档：https: //github.com/plataformatec/devise#strong-parameters

I was having trouble with this too. The documentation on devise's site helped as well as some forums. Here's what I ended up doing:

我也遇到了这个问题。设计网站上的文档以及一些论坛都有帮助。这是我最终做的：

In custom RegistrationsController (app/controllers/users/registrations_controller.rb)

在自定义 RegistrationsController (app/controllers/users/registrations_controller.rb)

# app/controllers/users/registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController
    before_filter :update_sanitized_params, if: :devise_controller?

    def update_sanitized_params
       devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email,   :password, :password_confirmation)}
    end
end

Then in your route file (config/routes.rb) us this for your devise_for statement:

然后在你的路由文件 (config/routes.rb) 中，我们为你的 devise_for 语句提供了这个：

devise_for :users, controllers: {registrations: "users/registrations"}

Here's another straight forward way that works in my rails 4.2.1 app:

这是在我的 rails 4.2.1 应用程序中工作的另一种直接方式：

Create the following file

创建以下文件

/config/initializers/devise_permitted_parameters.rb

and the code..

和代码..

module DevisePermittedParameters
  extend ActiveSupport::Concern

  included do
    before_filter :configure_permitted_parameters
  end

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :name
    devise_parameter_sanitizer.for(:account_update) << :name

    devise_parameter_sanitizer.for(:sign_up) << :bio
    devise_parameter_sanitizer.for(:account_update) << :bio
  end

end

DeviseController.send :include, DevisePermittedParameters

For both sign_up and account_update do this for controllers/applcation_controller.rb

对于 sign_up 和 account_update 执行此操作 controllers/applcation_controller.rb

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  before_action :authenticate_user!

  before_action :configure_permitted_parameters, if: :devise_controller?
  protected
  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:password, :password_confirmation,:current_password,:email,:name, :phonenumber,:province,:city,:area,:idcardimg,:role) }
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:password, :password_confirmation,:current_password,:email,:name, :phonenumber,:province,:city,:area,:idcardimg,:role) }
  end
end

Devise prepared everything for that :

设计为此准备了一切：

In the users controller you have

在用户控制器中你有

private

# Never trust parameters from the scary internet, only allow the white list through.
def user_params
  params.require(:user).permit(:full_name <add your parameter>)
end

The problem seems with the strong parameters, look here and copy the code.

问题似乎与强参数有关，请查看此处并复制代码。

https://github.com/plataformatec/devise/blob/rails4/app/controllers/devise/registrations_controller.rb

https://github.com/plataformatec/devise/blob/rails4/app/controllers/devise/registrations_controller.rb

Copy that file to the same location in your project app/controllers/devise/registrations_controller.rb

将该文件复制到项目中的相同位置 app/controllers/devise/registrations_controller.rb

and change the code of the create action

并更改创建操作的代码

# POST /resource
def create
  # THIS LINE IS THE ONE YOU CHANGE
  self.resource = build_resource(sign_up_params.merge(:bio, :name))

  if resource.save
    if resource.active_for_authentication?
      set_flash_message :notice, :signed_up if is_navigational_format?
      sign_up(resource_name, resource)
      respond_with resource, :location => after_sign_up_path_for(resource)
    else
      set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
      expire_session_data_after_sign_in!
      respond_with resource, :location => after_inactive_sign_up_path_for(resource)
    end
  else
    clean_up_passwords resource
    respond_with resource
  end
end

I must tell you that Iam not pretty sure if this works because I don't use devise but seeing the code it seems it will work.

我必须告诉你，我不太确定这是否有效，因为我不使用设计，但看到代码似乎可以工作。