How to specify devise_parameter_sanitizer for edit action?

ruby-on-rails-4 devise strong-parameters

Solution 1:

Once again, it was a matter of reading the manual ...

The magic word is :account_update and thus the working version becomes

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname, :nickname) }
  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) }
end

Note that if you're in the business of signing in using non-standard parameters, the word you're looking for is :sign_in (as expected).

Solution 2:

For Devise 4.1+

class ApplicationController < ActionController::Base    
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :email])
    devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :phone, :email, bank_attributes: [:bank_name, :bank_account]])
  end
end

The .for method is deprecated, now we use .permit

The first arg is the action name. :sign_up is for creating new Devise resources (such as users), and :account_update is for editing/updating the resource.

The second arg, :keys contains an array of the parameters you allow.

If you want nested_attributes, there is an example in :account_update, you put a separate array in with the key being <object>_attributes.

Solution 3:

@conciliator is correct about the magic word is :account_update but here's the link to the documentation he alluded to http://rubydoc.info/github/plataformatec/devise/ Search for 'devise_parameter_sanitizer' and you'll see the following:

There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:

sign_in (Devise::SessionsController#new) - Permits only the authentication keys (like email)
sign_up (Devise::RegistrationsController#create) - Permits authentication keys plus password and password_confirmation
account_update (Devise::RegistrationsController#update) - Permits authentication keys plus password, password_confirmation and current_password

Related

Ruby 1.9: how can I properly upcase & downcase multibyte strings?
Create dataframe from a matrix
Hibernate: Create Mysql InnoDB tables instead of MyISAM
How to check if a Javascript function is a constructor
Generate C# project using CMake
measuring a view before rendering it
Will using LINQ to SQL help prevent SQL injection
How to prevent parameter binding from interpreting commas in Spring 3.0.5?
Accessing files from genymotion sd card
What is the meaning of list[:] in this code? [duplicate]
Identifying RTL language in Android
Console output in a Qt GUI app?