New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend params sanitizer for easy adding/removing permitted params #2566

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@alexpeattie
Contributor

alexpeattie commented Aug 11, 2013

Although the way currently Devise handles strong params is pretty awesome, I often find myself just wanting to permit a new parameter (on top of Devise's defaults) - which right now requires a fair bit of code:

devise_parameter_sanitizer.for(:sign_in) { |u| u.permit [:username, :password, :remember_me] }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit [:username, :email, :password, :password_confirmation] }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit [:username, :email, :password, :password_confirmation, :current_password] }

This PR adds the ability to easily add permitted parameters on top of Devise's defaults:

devise_permitted_parameters.add(:username)
devise_permitted_parameters.for(:sign_up) << :hometown

Or remove Devise's defaults:

devise_permitted_parameters.remove(:email)

Using devise_parameter_sanitizer or subclassing ParameterSanitizer still works as before :).

Extend params sanitizer, to make it easier to add/remove permitted pa…
…rams

- Move the default permitted parameters into ParameterSanitizer::PermittedParameters
- Add devise_permitted_parameters helper
- devise_permitted_parameters.add to add permitted parameters
- devise_permitted_parameters.remove to remove Devise's defaults
- devise_permitted_parameters.for to access the parameters for a given action
- Update 'Strong Parameters' section of README
@josevalim

This comment has been minimized.

Member

josevalim commented Aug 11, 2013

@alexpeattie This is a great idea, thanks! I have applied your commit manually and did some small changes. Basically, I don't want people to add or remove fields globally, it can be dangerous so it is one of those things I would rather be explicit about. I also added a small backwards incompatible change, we are planning for 3.1 and your API is nice enough to be worthy it.

@josevalim josevalim closed this Aug 11, 2013

@alexpeattie

This comment has been minimized.

Contributor

alexpeattie commented Aug 11, 2013

No problem! You're probably right about the global add/removing - thanks for making those changes 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment