If you experimented with Devise in Rails 4 recently and tried to edit or create accounts in the devise gem with extra values like name
, phone
and avatar
you must have seen that Rails 4 silently ignores the extra fields you inserted in your forms.
When you tried atrr_accesible
in your model your rails app wouldn't even start or would leave you with screens of errors.
This is because Rails 4 uses a new kind of attr_accesible
where you have to define all accessible or now called "required" values for each method they should be accessible from.
when defining for example your edit field you should add an extra line"
params.require(:model).permit(:extra_field1, :extra_field2)
##In Devise
If you have however tried editing your Devise controller, you must have noticed that Devise doesn't use only edit, but tons of extra methods in all kinds of directions... which one to edit huh?
In this small example we are going to edit our default application_controller.rb
located in app/controllers
Tell your application controller to overide certain devise params and add more content to them. Type the following before in a new line below the protect_from_forgery
line:
before_filter :configure_devise_params, if: :devise_controller?
In an new line below this filter we are going to tell the application_controller that all next fields are private (To make it a bit saver). add the next line:
private
Now we are going to make overrides to 2 methods. The :sign_u
method and the :account_update
method. The only diffrence between those methods is :current_password
. since you have to fill in your current password when updating your account. In my case I want to add :name
, :avatar
, :remove_avatar
and avatar_cache
. Please notice we are overriding a method that had permits already, hence permitting the basic values :email
, :password
, :password_confirmation
and :current_password
. Type the two overides below below:
def configure_devise_params
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :avatar, :avatar_cache, :email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name, :avatar, :remove_avatar, :avatar_cache, :email, :password, :password_confirmation, :current_password)
end
end
In the file below you can see the end result.