2

I am using Rails 4 and Devise 3. I have added a custom field of "name." When I submit a name, I receive the "unpermitted parameters: name" and "can't mass assign protected attributes for User: email" errors.

I have been told to add code to a users controller, however Devise did not create one. Am I supposed to create a users_controller.rb on my own, or is there something I am missing here?

My User model looks like this:

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable

  devise :database_authenticatable, :registerable, #:recoverable,
          :rememberable, :trackable, :validatable

  #attr_accessible :name, :password, :password_confirmation, :remember_me, :email
end

As you can see, I have tried to use attr_accessible, but commented it out since it's not supported in Rails 4.

Dylan Richards
  • 708
  • 1
  • 13
  • 33

1 Answers1

1

Devise uses its own controllers to process your data, so you'd ideally add your extra params to those controllers. However, there are a number of ways you can do it

From Devise's Github:

In case you want to permit additional parameters (the lazy way™) you can do with a simple before filter in your ApplicationController:

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :username
  end
 end

From Strong parameters with Rails and Devise

# config/routes.rb
devise_for :users, :controllers => {:registrations => 'registrations'}


# controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController

  before_filter :configure_permitted_parameters

  protected

  # my custom fields are :name, :heard_how
  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) do |u|
      u.permit(:name, :heard_how,
        :email, :password, :password_confirmation)
    end
    devise_parameter_sanitizer.for(:account_update) do |u|
      u.permit(:name,
        :email, :password, :password_confirmation, :current_password)
    end
  end

end
Community
  • 1
  • 1
Richard Peck
  • 76,116
  • 9
  • 93
  • 147
  • Hi, @Rich. Thanks for very detailed reply. Unfortunately I don't have a registrations_controller.rb. In fact, I don't even have a users directory in the controllers folder. Was Devise supposed to create this folder and file automatically? Can I just make it myself? – Dylan Richards Nov 12 '13 at 10:35
  • Hey Dylan, Devise doesn't make those controllers normally - you have to extend them (hence why it's called as `Users::RegistrationsController < Devise::RegistrationsController`). Devise's controllers are hidden, but are called `SessionsController` & `RegistrationsController`. Hope this helps? – Richard Peck Nov 12 '13 at 10:37
  • Ah, okay, @Rich. You're definitely helping me to understand what's going on. I have created the user/registrations_controller.rb file and added the code you told me to. I also added the code you mentioned to the routes.rb file. When I try to save a user to the site, I receive an error "uninitialized constant RegistrationsController." What's that about? – Dylan Richards Nov 12 '13 at 10:45
  • I have managed to get rid of the "uninitialized constant" error by setting the correct path in the routes. Still getting "can't mass assign protected attributes for User: name, email" though. – Dylan Richards Nov 12 '13 at 11:00
  • The code I created is from the github Gist, so I'm not entirely sure if it's 100% going to work, but let's keep going to get this working – Richard Peck Nov 12 '13 at 11:00
  • Have you got your form code we can look at? You might have a problem with the way your params have been constructed. Also it would be good to see your new registrations_controller code -- to see if it's all okay? – Richard Peck Nov 12 '13 at 11:03
  • Also, if you want to go to chat, please let me know. I have a custom RegistrationsController we used for developing http://firststop.herokuapp.com - so I've got some code we can definitely use – Richard Peck Nov 12 '13 at 11:03
  • I would LOVE to go to chat. Can you move it? I do not have enough reputation @Rich – Dylan Richards Nov 12 '13 at 11:06
  • Oh dammit - it says you've got too little reputation to chat. I'll see if I can invite you manually – Richard Peck Nov 12 '13 at 11:07
  • Is Google chat an option for you? Or Gmail? – Dylan Richards Nov 12 '13 at 11:08
  • I need 20 reputation to talk in there. – Dylan Richards Nov 12 '13 at 11:09
  • Okay :( What's your gmail & I'll open a chat – Richard Peck Nov 12 '13 at 11:10
  • drichards2013@gmail.com – Dylan Richards Nov 12 '13 at 11:11