New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend params sanitizer for easy adding/removing permitted params #2566

wants to merge 1 commit into
base: master


None yet
2 participants

alexpeattie commented Aug 11, 2013

Although the way currently Devise handles strong params is pretty awesome, I often find myself just wanting to permit a new parameter (on top of Devise's defaults) - which right now requires a fair bit of code:

devise_parameter_sanitizer.for(:sign_in) { |u| u.permit [:username, :password, :remember_me] }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit [:username, :email, :password, :password_confirmation] }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit [:username, :email, :password, :password_confirmation, :current_password] }

This PR adds the ability to easily add permitted parameters on top of Devise's defaults:

devise_permitted_parameters.for(:sign_up) << :hometown

Or remove Devise's defaults:


Using devise_parameter_sanitizer or subclassing ParameterSanitizer still works as before :).

Extend params sanitizer, to make it easier to add/remove permitted pa…

- Move the default permitted parameters into ParameterSanitizer::PermittedParameters
- Add devise_permitted_parameters helper
- devise_permitted_parameters.add to add permitted parameters
- devise_permitted_parameters.remove to remove Devise's defaults
- devise_permitted_parameters.for to access the parameters for a given action
- Update 'Strong Parameters' section of README

This comment has been minimized.


josevalim commented Aug 11, 2013

@alexpeattie This is a great idea, thanks! I have applied your commit manually and did some small changes. Basically, I don't want people to add or remove fields globally, it can be dangerous so it is one of those things I would rather be explicit about. I also added a small backwards incompatible change, we are planning for 3.1 and your API is nice enough to be worthy it.

@josevalim josevalim closed this Aug 11, 2013


This comment has been minimized.


alexpeattie commented Aug 11, 2013

No problem! You're probably right about the global add/removing - thanks for making those changes 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment