Ruby-on-rails Rails 和 Devise 的强参数
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16379554/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Strong parameters with Rails and Devise
提问by user1202888
I am using the rails 4.0 branch of devise along with ruby 2.0.0p0 and Rails 4.0.0.beta1.
我正在使用设计的 rails 4.0 分支以及 ruby 2.0.0p0 和 Rails 4.0.0.beta1。
This is the kind of question where I am checking if I'm doing it the right way, or if there are other things I should be doing. I'm sure a lot of people moving to Rails 4.0 are facing the same problems (after googling for similar things).
这是我检查我是否以正确的方式做这件事,或者是否还有其他我应该做的事情的问题。我相信很多迁移到 Rails 4.0 的人都面临着同样的问题(在谷歌搜索类似的东西之后)。
I have read the following links:
我已阅读以下链接:
- Devise and Strong Parameters
- https://gist.github.com/kazpsp/3350730
- https://github.com/plataformatec/devise/tree/rails4#strong-parameters
- 设计和强大的参数
- https://gist.github.com/kazpsp/3350730
- https://github.com/plataformatec/devise/tree/rails4#strong-parameters
Now using devise I created a User model, I created the following controller using the above gists (and made sure to include it in my routes file). My extra parameters are first_name and last_name.
现在使用设计我创建了一个用户模型,我使用上面的要点创建了以下控制器(并确保将它包含在我的路由文件中)。我的额外参数是 first_name 和 last_name。
class Users::RegistrationsController < Devise::RegistrationsController
def sign_up_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
end
def account_update_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :current_password)
end
private :sign_up_params
private :account_update_params
end
Is there anything else I should be doing? Is this the best way of doing things from now on (since dropping attr_accessor). My forms seem to be working fine (both the new and update). The gists said to use "resource_params" but that always gave the "Unpermitted parameters" error in my server log.
还有什么我应该做的吗?这是从现在开始做事的最佳方式吗(因为删除了 attr_accessor)。我的表单似乎工作正常(新的和更新的)。要点说使用“resource_params”,但总是在我的服务器日志中给出“不允许的参数”错误。
回答by Zoltan
Thanks for the latest updates on Rails4 branch of Devise, it doesn't really need to insert 'resource_params'.
感谢 Devise 的 Rails4 分支的最新更新,它实际上并不需要插入“resource_params”。
I've created a brand new Rails4 app and followed basic Devise installation steps and my app works properly, so I think, you've done well.
我创建了一个全新的 Rails4 应用程序并遵循基本的设计安装步骤,我的应用程序运行正常,所以我认为,你做得很好。
But there is a modified gist which gives you some extra details in terms of permitted parameters if you need:
但是有一个修改后的要点,如果您需要,它会为您提供一些关于允许参数的额外详细信息:
Source: https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
来源:https: //gist.github.com/bluemont/e304e65e7e15d77d3cb9
# controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
protected
# my custom fields are :name, :heard_how
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :heard_how,
:email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name,
:email, :password, :password_confirmation, :current_password)
end
end
end
回答by Ronak Jain
For Rails 5, Devise 4 Use this:
对于 Rails 5, Devise 4 使用这个:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :email, :password, :password_confirmation])
end
end
回答by Rokibul Hasan
It works very nice with adding an module in config/initializerswith all parameterslike this
它的工作原理很不错,在增加一个模块config/initializers与所有parameters喜欢这个
module DevisePermittedParameters
extend ActiveSupport::Concern
included do
before_filter :configure_permitted_parameters
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :email, :password, :password_confirmation) }
end
end
DeviseController.send :include, DevisePermittedParameters
