I'm attempting to add a full_name
field/column to my User model (using the devise
gem) and Rails 4.
Most of the examples online recommend using attr_accessible, but it sounds like this should be approached differently in Rails 4.
How would I add full_name
to my User model? I've been able to successfully run the migration.
File: Migration > add_full_name_to_users
class AddFullNameToUsers < ActiveRecord::Migration
def change
add_column :users, :full_name, :string
end
end
File: Registration > app/views/devise/registration/new.html
.
.
.
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<%= f.label :full_name %>
<%= f.text_field :full_name, :autofocus => true %>
<%= f.label :email %>
<%= f.email_field :email %>
.
.
.
Once your model has its full_name attribute, you will have to configure permitted parameters for the #sign_up and #account_update Devise actions.
class ApplicationController < ActionController::Base
before_action :configure_devise_permitted_parameters, if: :devise_controller?
protected
def configure_devise_permitted_parameters
registration_params = [:full_name, :email, :password, :password_confirmation]
if params[:action] == 'update'
devise_parameter_sanitizer.for(:account_update) do
|u| u.permit(registration_params << :current_password)
end
elsif params[:action] == 'create'
devise_parameter_sanitizer.for(:sign_up) do
|u| u.permit(registration_params)
end
end
end
end
This solution should work, working with sign_up and update:
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:full_name])
devise_parameter_sanitizer.permit(:account_update, keys: [:full_name])
end
end
From devise documentation:
When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
You should check the url below to find the approach that will best fit your needs: https://github.com/plataformatec/devise#strong-parameters
Enable Strong Parameters for Devise instead of attr_accessible. To do so, create a new initiliazer with that content:
DeviseController.class_eval do
def resource_params
unless params[resource_name].blank?
params.require(resource_name).permit(:email, :password, :password_confirmation, :remember_me)
end
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With