为什么用户属性在邀请控制器上未被允许但没有其他用户控制器?

时间:2015-02-25 19:52:34

标签: ruby-on-rails ruby-on-rails-4 parameters devise strong-parameters

我正在使用Devise。当用户发送邀请并且接收用户填写了他们的:first_name:last_name字段时,我会在日志中收到此消息:

Started PUT "/users/invitation" for 127.0.0.1 at 2015-02-25 14:10:06 -0500
Processing by Users::InvitationsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"CfMhjBwFUc=", "user"=>{"invitation_token"=>"U9M", "first_name"=>"Jenny", "last_name"=>"Block", "invitation_relation"=>"grandmother", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Set my password"}
Unpermitted parameters: first_name, last_name
  User Load (2.5ms)  SELECT  "users".* FROM "users"  WHERE "users"."invitation_token" = '315bb1140e'  ORDER BY "users"."id" ASC LIMIT 1
  User Load (1.6ms)  SELECT  "users".* FROM "users"  WHERE "users"."id" = $1 LIMIT 1  [["id", 1]]
  FamilyTree Load (1.4ms)  SELECT  "family_trees".* FROM "family_trees"  WHERE "family_trees"."user_id" = $1 LIMIT 1  [["user_id", 1]]
Unpermitted parameters: first_name, last_name
Relly is 
Unpermitted parameters: first_name, last_name
   (1.1ms)  BEGIN
  SQL (2.1ms)  INSERT INTO "memberships" ("created_at", "family_tree_id", "updated_at", "user_id") VALUES ($1, $2, $3, $4) RETURNING "id"  [["created_at", "2015-02-25 19:10:07.046926"], ["family_tree_id", 1], ["updated_at", "2015-02-25 19:10:07.046926"], ["user_id", 11]]
   (1.8ms)  COMMIT
Unpermitted parameters: first_name, last_name
   (1.1ms)  BEGIN
  SQL (1.6ms)  UPDATE "users" SET "encrypted_password" = $1, "updated_at" = $2 WHERE "users"."id" = 11  [["encrypted_password", "$2a$10$SDZ.hJ3O2UzAPz64lgwFrO/ZZOFkc03yF9FvywpLQA/JV827ZHOeO"], ["updated_at", "2015-02-25 19:10:07.138950"]]
   (1.5ms)  COMMIT
Unpermitted parameters: first_name, last_name
  User Load (1.8ms)  SELECT  "users".* FROM "users"  WHERE "users"."invitation_token" = '315bb11408368891d2b06e502cfe5f5c6493829860d23add6743da7eec660a57'  ORDER BY "users"."id" ASC LIMIT 1
   (1.2ms)  BEGIN
  SQL (1.5ms)  UPDATE "users" SET "confirmed_at" = $1, "encrypted_password" = $2, "invitation_accepted_at" = $3, "invitation_token" = $4, "updated_at" = $5 WHERE "users"."id" = 11  [["confirmed_at", "2015-02-25 19:10:07.231371"], ["encrypted_password", "$2a$10$nsM6Ml.ruXnPF7vi9"], ["invitation_accepted_at", "2015-02-25 19:10:07.231371"], ["invitation_token", nil], ["updated_at", "2015-02-25 19:10:07.233262"]]
   (1.3ms)  COMMIT
  FamilyTree Load (1.4ms)  SELECT  "family_trees".* FROM "family_trees"  WHERE "family_trees"."user_id" = $1 LIMIT 1  [["user_id", 11]]
  User Load (1.4ms)  SELECT  "users".* FROM "users"  WHERE "users"."id" = $1 LIMIT 1  [["id", 1]]
   (1.2ms)  BEGIN
  SQL (1.3ms)  INSERT INTO "memberships" ("created_at", "family_tree_id", "relation", "updated_at", "user_id") VALUES ($1, $2, $3, $4, $5) RETURNING "id"  [["created_at", "2015-02-25 19:10:07.245419"], ["family_tree_id", 11], ["relation", "grandmother"], ["updated_at", "2015-02-25 19:10:07.245419"], ["user_id", 1]]
   (1.4ms)  COMMIT
   (1.2ms)  BEGIN
  SQL (1.4ms)  UPDATE "users" SET "current_sign_in_at" = $1, "current_sign_in_ip" = $2, "last_sign_in_at" = $3, "last_sign_in_ip" = $4, "sign_in_count" = $5, "updated_at" = $6 WHERE "users"."id" = 11  [["current_sign_in_at", "2015-02-25 19:10:07.250211"], ["current_sign_in_ip", "127.0.0.1"], ["last_sign_in_at", "2015-02-25 19:10:07.250211"], ["last_sign_in_ip", "127.0.0.1"], ["sign_in_count", 1], ["updated_at", "2015-02-25 19:10:07.252735"]]
   (1.3ms)  COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 268ms (ActiveRecord: 31.3ms)

请注意整个请求中的所有内容,只要需要这些属性,由于Unpermitted parameters,它就无效。

然而,在我的UsersController.rb中,我有这个:

  private

  def user_params
    params.require(:user).permit(:first_name, :last_name, :email, :avatar)

  end

User.rb我有:

attr_accessible :first_name, :last_name, :email, :password, :password_confirmation, :invitation_relation ,:remember_me, :avatar

我没有独立的邀请控制器,不确定是否重要。

请注意,当我从另一个控制器(例如Registrations#Update)更新用户记录时,它可以正常工作,如此日志中所示:

Started PUT "/users" for 127.0.0.1 at 2015-02-25 14:19:58 -0500
Processing by RegistrationsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"CfMhjFUc=", "user"=>{"email"=>"jenny@test.com", "first_name"=>"Jenny", "last_name"=>"Block", "current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"}
  User Load (2.1ms)  SELECT  "users".* FROM "users"  WHERE "users"."id" = 11  ORDER BY "users"."id" ASC LIMIT 1
  FamilyTree Load (3.0ms)  SELECT  "family_trees".* FROM "family_trees"  WHERE "family_trees"."user_id" = $1 LIMIT 1  [["user_id", 11]]
  User Load (1.3ms)  SELECT  "users".* FROM "users"  WHERE "users"."id" = $1 LIMIT 1  [["id", 11]]
   (2.0ms)  BEGIN
  SQL (1.7ms)  UPDATE "users" SET "first_name" = $1, "last_name" = $2, "updated_at" = $3 WHERE "users"."id" = 11  [["first_name", "Jenny"], ["last_name", "Block"], ["updated_at", "2015-02-25 19:19:58.716236"]]
   (1.8ms)  COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 92ms (ActiveRecord: 41.7ms)

可能导致这种奇怪行为的原因是什么?

修改1

这就是我ApplicationsController的样子:

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  before_filter :configure_permitted_parameters, if: :devise_controller?
  before_filter :update_sanitized_params, if: :devise_controller?

  protected

  def update_sanitized_params
    devise_parameter_sanitizer.for(:sign_up) {|u| u.permit( :first_name, :last_name, :email, :password, :password_confirmation)}
  end

  def configure_permitted_parameters

    # Only add some parameters
    devise_parameter_sanitizer.for(:invite) do |u|
      u.permit :first_name, :last_name, :email, :invitation_relation
    end

    devise_parameter_sanitizer.for(:accept_invitation) do |u|
      u.permit :invitation_token, :first_name, :last_name, :relation
    end

    devise_parameter_sanitizer.for(:account_update) do |u|
      u.permit(:first_name, :last_name, :avatar, :email, :password, :password_confirmation)
    end 

    devise_parameter_sanitizer.for(:accept_invitation).concat [:first_name, :last_name, :email, :invitation_relation]

    # Override accepted parameters
    devise_parameter_sanitizer.for(:accept_invitation) do |u|
      u.permit(:first_name, :last_name, :email, :invitation_relation)
    end
  end
end

2 个答案:

答案 0 :(得分:0)

如果你查看Devise文档,它会说RegistrationController允许身份验证密钥和密码。您可以通过添加

来允许他们传递first_namelast_name个参数 
class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :first_name #or whatever param you need
  end
end

您可以看到文档here

答案 1 :(得分:0)

我创建了一个独立的invitations_controller,我将其添加到它的底部:

def update_sanitized_params
  devise_parameter_sanitizer.for(:accept_invitation) do |u|
    u.permit(:first_name, :last_name, :password, :password_confirmation, :invitation_token, :invitation_relation,:avatar, :avatar_cache, :relation, :gender)
  end

end

这似乎解决了它。

相关问题
最新问题