r-s r-s - 1 year ago 134
Ruby Question

Unpermitted Parameters adding new fields to Devise in rails 4.0

Very new to working with rails. I have implemented a basic login system using Devise. I am trying to add a couple of new fields (bio:string, name:string) into the sign_up page. I have everything displaying correctly and the new fields are added to the database (when I view it in SQLbrowser) however, they are not populating and after the user submits the sign_up form there is a message which part of it says:

Unpermitted parameters: bio, name

I have added the 2 strings to the _devise_create_users.rb

# added
t.string :bio
t.string :name

And I have them showing up in the schema.rb

ActiveRecord::Schema.define(version: 20130629002343) do

create_table "users", force: true do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at"
t.datetime "updated_at"
t.string "shortbio"
t.boolean "admin", default: false
t.string "realname"
t.string "name"
t.string "bio"

add_index "users", ["email"], name: "index_users_on_email", unique: true
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true


My user.rb

class User < ActiveRecord::Base
# Include default devise modules. Others available are:
#:token_authenticatable, :confirmable,
#:lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable


Is this problem something to do with Strong Parameters? I am having a hard time wrapping my head around them and where/how to implement.

Answer Source

The accepted solution is good enough, but I see two problems: 1) All the controllers will check if the current controller is the devise controller (if: :devise_controller?) and 2) We need to write all the acceptable parameters in the method (...for(:sign_up) {|u| u.permit(:bio, :name)}), even the :email, :password and so on.

I think that a more elegant solution could be:

# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters


  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up).push(:name, :phone, :organization)

# config/routes.rb
devise_for :users, :controllers => { :registrations => "users/registrations" }

Have to change "users" to "user" in the "users/registration" path, at least for Rails 4.2.1 and Devise 3.4.1.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download