设计忽略 Rails 4 上允许的参数

Question

我正在尝试为 Rails 4 上的设计用户模型传递一个附加参数。因为它需要被允许，所以我在我的主应用程序控制器中添加了一个过滤器，如下所示。

class ApplicationController < ActionController::Base

  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  prepend_before_filter :add_allowed_devise_session_params, if: :devise_controller?

  def add_allowed_devise_session_params
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit("avatar") }
  end

end

但在提交 :sign_up 时，我仍然收到错误消息：

Unpermitted parameters: avatar

参数如下：

Processing by RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"vp1ir2TJwZXwYGFtDc97bSf/dnXQQl1pksHVxdVTaWc=",    "user"=>{"name"=>"stan@merkwelt5.com", "email"=>"stan@merkwelt5.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "avatar"=>#<ActionDispatch::Http::UploadedFile:0x007fa05762a918 @tempfile=#<File:/var/folders/8y/g14_rdxx31gb35dyjhltk4xc0000gn/T/RackMultipart20131219-7366-vf7of8>, @original_filename="instagram_logo.jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"user[avatar]\"; filename=\"instagram_logo.jpg\"\r\nContent-Type: image/jpeg\r\n">}, "commit"=>"Sign up"}

我验证了过滤器实际上是在 :sign_up 上调用的，并且根据设计文档：

https://github.com/plataformatec/devise#strong-parameters

我错过了什么？

Answer 1

原来我忽略了必须更新设计控制器。因为设计文档指向 ApplicationController，所以没有看那里。

class RegistrationsController < Devise::RegistrationsController
   before_filter :update_sanitized_params, if: :devise_controller?

   def update_sanitized_params
       devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:avatar,:name, :email, :password, :password_confirmation)}
       devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:avatar,:name, :email, :password, :password_confirmation, :current_password)}
   end

end