New devise_attr_accessible option #2071
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Following #716
Problem
Devise uses
update_attributes
in its controllers, so fields like:name
and:password
should be attr_accessible in your model. But it should be client's decision, not Devises's, what fields should be attr_accessible. Some people prefer to control all params by their own, for example.There must be a way to say to Devise "don't rely on
attr_accessible
". But in this case, we want to provide some list of acceptable attributes to Devise so it can control them by its own.Solution
I implement new option:
devise_attr_accissble
.If it is set:
update_attributes params, :without_protection => true
, soattr_accessible
doesn't matter anymore.devise_attr_accissble
list.Example
This is going to work: