个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
我正在使用地理编码器对用户进行地理定位,并将获得的值存储在用户表中(在名为 user_country_name 的属性中)。
我确信它与地理编码器无关,但我无法简单地在“用户帐户”页面中编辑国家/地区。
我尝试编辑电子邮件和密码,它有效,但与 Devise 基本表单相比,我添加的其他自定义字段无效。
我想我已经完成了在 Rails 4 中更新帐户属性所需的所有操作,但整整 2 天都不断出现此错误!
ActionController::UnpermittedParameters at /
found unpermitted parameters: user_country_name
这是我的用户信息编辑表单
<%= semantic_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put, :class => 'form-vertical' }) do |f| %>
<%= f.semantic_errors %>
<%= f.inputs do %>
<%= f.input :email, :required => true %>
<%= f.input :user_country_name,
:as => :select,
:collection => COUNTRIES, # sends to a constant I have with all countries
:prompt => true
%>
<%= f.input :password, :input_html => { :autocomplete => "off" }, :hint => t("devise.registrations.edit_account_page.leave_blank_if_dont_want_to_change"), :required => false %>
<%= f.input :password_confirmation, :required => false %>
<% end %>
<%= f.actions do %>
<div>
<%= f.action :submit, :label => t("devise.registrations.edit_account_page.update"), :button_html => { :class => 'btn-primary' } %>
</div>
<div class="half-right-small return-login">
<%= link_to t("directions.back"), :back %>
</div>
<% end %>
<% end %>
这是我的应用程序 Controller
class ApplicationController < ActionController::Base
protect_from_forgery
include CountrySetter # handle localization through ip lookup and the I18n used
include LocaleSetter
# handle Cancan authorization exception
rescue_from CanCan::AccessDenied do |exception|
exception.default_message = t("errors.application_controller_exception_messages.only_open_to_admin")
if current_user # if it's user redirect to main HP
redirect_to root_path, :alert => exception.message
else
redirect_to customerinterface_path, :alert=> exception.message
end
end
before_filter :configure_permitted_parameters, if: :devise_controller?
private
before_filter :authenticate_user_from_token!
before_filter :authenticate_customer_from_token!
def authenticate_user_from_token!
user_email = params[:user_email].presence
user = user_email && User.find_by_email(user_email)
if user && Devise.secure_compare(user.authentication_token, params[:user_token])
sign_in user, store: false # we are signing in user if it exists. sign_in is devise method to sign in any user
redirect_to root_path # now we are redirecting the user to root_path i.e our homepage
end
end
protected
def configure_permitted_parameters
[:sign_up, :account_update].each do |sanitize_me|
devise_parameter_sanitizer.for(sanitize_me) do |u|
u.permit(:email, :password, :password_confirmation, :user_country_name)
end
end
end
def devise_parameter_sanitizer
if resource_class == User
UserParameterSanitizer.new(User, :user, params)
else # for customers
CustomerParameterSanitizer.new(Customer, :customer, params)
end
end
end
最后是 RegistrationsController 表单设计:
class RegistrationsController < Devise::RegistrationsController
def update
# added for upgrade to Rails 4
account_update_params = devise_parameter_sanitizer.sanitize(:account_update)
# required for settings form to submit when password is left blank
if account_update_params[:password].blank?
account_update_params.delete("password")
account_update_params.delete("password_confirmation")
end
@user = User.find(current_user.id)
if @user.update(account_update_params) # Rails 4 .update introduced with same effect as .update_attributes
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
# for Rails 4 Strong Parameters
def resource_params
params.require(:user).permit(:email, :password, :password_confirmation, :current_password, :user_country_name)
end
private :resource_params
# used to update user-country by ip lookup when user signs up and associate newly signed-up user with a country
# source - stackoverflow.com/questions/24294169/devise-sign-up-how-to-save-an-attribute-without-having-a-form-field-for-it-ra
protected
def after_sign_up_path_for(resource)
resource.update(user_country_name: set_country) #use concerns/CountrySetter loaded by ApplicationController
root_path
end
end
编辑
回答一些询问路线的评论
MyApp::Application.routes.draw do
# redundancy with below standard users 'root to' code. Goal: to easily be able to change
# the page if decide one day that users should see a different page when they log in
# used to be a bug- solved with: https://github.com/plataformatec/devise/issues/2393#issuecomment-17544388
authenticated :user do
root to: 'static_pages#home', as: :authenticated_root
end
# Homepage for unauthenticated users
# used to be a bug- solved with: https://github.com/plataformatec/devise/issues/2393#issuecomment-17544388
unauthenticated do
root to: 'static_pages#home' # , as: :unauthenticated_root
end
# Routes for users
devise_for :users,
:token_authentication_key => 'authentication_key',
:controllers => { confirmations: 'confirmations',
registrations: 'registrations',
sessions: 'sessions',
passwords: 'passwords',
unlocks: 'unlocks' },
path: '', # inspired by Nitish solution to make devise urls custom (source: tackoverflow.com/questions/19889570/rails-devise-user-registration-route-post)
path_names: { :sign_in => "signin",
:sign_out => "logout",
:sign_up => "signup" }
resources :users
# Routes for customers
devise_for :customers,
controllers: { registrations: 'customers/registrations', # inspired by stackoverflow.com/questions/20913157/devise-views-with-multiple-models
confirmations: 'customers/confirmations',
sessions: 'customers/sessions',
passwords: 'customers/passwords',
unlocks: 'customers/unlocks' },
path: 'advertiser', # inspired by Nitish solution to make devise urls custom (source: tackoverflow.com/questions/19889570/rails-devise-user-registration-route-post)
path_names: { :sign_in => "signin",
:sign_out => "logout",
:sign_up => "signup" }
# Routes for the interface with reportings and private data for Customers
# Customers interface HP can be accessed at /campaigns
match '/customerinterface',
to: 'clientreporting_pages#index',
path: 'campaigns',
via: 'get'
# Routes for all managed by Active Admin (deals creation, prizes creation...)
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
# Static Pages
match '/help', to: 'static_pages#help', path: 'help', via: 'get'
match '/aboutus', to: 'static_pages#aboutus', path: 'about-us', via: 'get'
match '/contact', to: 'static_pages#contact', via: 'get'
match '/howitworks', to: 'static_pages#howitworks', path: 'about', via: 'get'
match '/globalpresence', to: 'static_pages#globalpresence',path: 'global', via: 'get'
这是我在本地控制台中得到的错误的详细日志
Started PUT "/" for 127.0.0.1 at 2014-10-08 19:55:50 +0200
Processing by RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"geygeyegyegyegyegeykd7NwrVyAw=", "user"=>{"email"=>"emailtest@gmail.com", "user_country_name"=>"Germany", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"<span class="}
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 457 ORDER BY "users"."id" ASC LIMIT 1
Completed 500 Internal Server Error in 7ms
ActionController::UnpermittedParameters - found unpermitted parameters: user_country_name:
actionpack (4.0.5) lib/action_controller/metal/strong_parameters.rb:372:in `unpermitted_parameters!'
actionpack (4.0.5) lib/action_controller/metal/strong_parameters.rb:270:in `permit'
devise (3.2.4) lib/devise/parameter_sanitizer.rb:66:in `permit'
devise (3.2.4) lib/devise/parameter_sanitizer.rb:58:in `account_update'
devise (3.2.4) lib/devise/parameter_sanitizer.rb:77:in `default_sanitize'
devise (3.2.4) lib/devise/parameter_sanitizer.rb:24:in `sanitize'
app/controllers/registrations_controller.rb:11:in `update'
actionpack (4.0.5) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.0.5) lib/abstract_controller/base.rb:189:in `process_action'
actionpack (4.0.5) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.0.5) lib/abstract_controller/callbacks.rb:18:in `block in process_action'
activesupport (4.0.5) lib/active_support/callbacks.rb:483:in `_run__3174996646979711185__process_action__callbacks'
activesupport (4.0.5) lib/active_support/callbacks.rb:80:in `run_callbacks'
actionpack (4.0.5) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (4.0.5) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.0.5) lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
activesupport (4.0.5) lib/active_support/notifications.rb:159:in `block in instrument'
activesupport (4.0.5) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.0.5) lib/active_support/notifications.rb:159:in `instrument'
actionpack (4.0.5) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.0.5) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.0.5) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.0.5) lib/abstract_controller/base.rb:136:in `process'
actionpack (4.0.5) lib/abstract_controller/rendering.rb:44:in `process'
actionpack (4.0.5) lib/action_controller/metal.rb:195:in `dispatch'
actionpack (4.0.5) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.0.5) lib/action_controller/metal.rb:231:in `block in action'
actionpack (4.0.5) lib/action_dispatch/routing/route_set.rb:80:in `call'
actionpack (4.0.5) lib/action_dispatch/routing/route_set.rb:80:in `dispatch'
actionpack (4.0.5) lib/action_dispatch/routing/route_set.rb:48:in `call'
actionpack (4.0.5) lib/action_dispatch/routing/mapper.rb:44:in `call'
actionpack (4.0.5) lib/action_dispatch/journey/router.rb:71:in `block in call'
actionpack (4.0.5) lib/action_dispatch/journey/router.rb:59:in `each'
actionpack (4.0.5) lib/action_dispatch/journey/router.rb:59:in `call'
actionpack (4.0.5) lib/action_dispatch/routing/route_set.rb:674:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.5.2) lib/rack/etag.rb:23:in `call'
rack (1.5.2) lib/rack/conditionalget.rb:35:in `call'
rack (1.5.2) lib/rack/head.rb:11:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/flash.rb:241:in `call'
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/cookies.rb:486:in `call'
activerecord (4.0.5) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.0.5) lib/active_record/connection_adapters/abstract/connection_pool.rb:626:in `call'
activerecord (4.0.5) lib/active_record/migration.rb:373:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.0.5) lib/active_support/callbacks.rb:373:in `_run__2636980444171422651__call__callbacks'
activesupport (4.0.5) lib/active_support/callbacks.rb:80:in `run_callbacks'
actionpack (4.0.5) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/reloader.rb:64:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
better_errors (1.1.0) lib/better_errors/middleware.rb:84:in `protected_app_call'
better_errors (1.1.0) lib/better_errors/middleware.rb:79:in `better_errors_call'
better_errors (1.1.0) lib/better_errors/middleware.rb:56:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.0.5) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.0.5) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.0.5) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.0.5) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.0.5) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.0.5) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.0.5) lib/rails/rack/logger.rb:20:in `call'
quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets'
actionpack (4.0.5) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
rack (1.5.2) lib/rack/runtime.rb:17:in `call'
activesupport (4.0.5) lib/active_support/cache/strategy/local_cache.rb:83:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
rack (1.5.2) lib/rack/sendfile.rb:112:in `call'
railties (4.0.5) lib/rails/engine.rb:511:in `call'
railties (4.0.5) lib/rails/application.rb:97:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
rack (1.5.2) lib/rack/content_length.rb:14:in `call'
rack (1.5.2) lib/rack/handler/webrick.rb:60:in `service'
/home/me/.rvm/rubies/ruby-2.0.0-p451/lib/ruby/2.0.0/webrick/httpserver.rb:138:in `service'
/home/me/.rvm/rubies/ruby-2.0.0-p451/lib/ruby/2.0.0/webrick/httpserver.rb:94:in `run'
/home/me/.rvm/rubies/ruby-2.0.0-p451/lib/ruby/2.0.0/webrick/server.rb:295:in `block in start_thread'
编辑#2
我尝试了你们提出的所有建议,但没有任何效果。然后我尝试了一件事:我删除了 devise_parameter_sanitizer。然后就可以了!!但是我应该/可以在不损害应用程序安全性的情况下删除它吗?这个 block 不重要吗?
这是我删除的 block :
def devise_parameter_sanitizer
if resource_class == User
UserParameterSanitizer.new(User, :user, params)
else # for customers
CustomerParameterSanitizer.new(Customer, :customer, params)
end
end
它告诉我关于这个问题的什么信息?也许这是真正错误的重要线索,但我不明白:)
非常感谢您的帮助!
最佳答案
你能试试这个吗
应用程序 Controller
before_action :configure_permitted_parameters, if: :devise_controller?
和
应用程序 Controller
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << [your params]
devise_parameter_sanitizer.for(:account_update) << [your params]
end
注册 Controller
<!-- REMOVE -->
# added for upgrade to Rails 4
account_update_params = devise_parameter_sanitizer.sanitize(:account_update)
# for Rails 4 Strong Parameters
def resource_params
params.require(:user).permit(:email, :password, :password_confirmation, :current_password, :user_country_name)
end
private :resource_params
让我知道这对你来说效果如何,你似乎在不同的地方多次声明你允许的参数
关于ruby-on-rails - 无法使用 Devise(Rails 4、devise 3、formtastic、geocoder)在我的 Rails 4 应用程序中编辑用户(帐户更新)的自定义字段,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26184495/
24
4
0
在为 Web 应用程序用例图建模时,为用户可以拥有的每个角色创建一个角色是否更好?或拥有一个角色、用户和一个具有特权的矩阵? guest < 用户 < 版主 < 管理员 1: guest 、用户、版主
我无法使用 Elixir 连接到 Postgres: ** (Mix) The database for PhoenixChat.Repo couldn't be created: FATAL 28P
这个问题已经有答案了: Group by field name in Java (7 个回答) 已关闭 7 年前。 我必须编写一个需要 List 的方法并返回 Map> . User包含 Person
感谢您的帮助,首先我将显示代码: $dotaz = "Select * from customers JOIN contracts where customers.user_id ='".$_SESS
我只想向所有用户中的一个用户显示一个按钮。我尝试了 orderByKey() 但没有成功! 用户模型有 id 成员,我尝试使用 orderByChild("id") 但结果相同! 我什至尝试了以下技巧
我们在工作中从 MongoDB 切换到 Postgres,我正在建立一个 BDR 组。 在这一步,我正在考虑安全性并尽可能锁定。因此,我希望设置一个 replication 用户(角色)并让 BDR
export class UserListComponent implements OnInit{ users; constructor(private userService: UserS
我可以使用 Sonata User Bundle 将 FOS 包集成到 sonata Admin 包中。我的登录功能正常。现在我想添加 FOSUserBundle 中的更改密码等功能到 sonata
在 LinkedIn 中创建新应用程序时,我得到 4 个单独的代码: API key 秘钥 OAuth 用户 token OAuth 用户密码 我在 OAuth 流程中使用前两个。 的目的是什么?最后
所以..我几乎解决了所有问题。但现在我要处理另一个问题。我使用了这个连接字符串: SqlConnection con = new SqlConnection(@"Data Source=.\SQLEX
我有一组“用户”和一组“订单”。我想列出每个 user_id 的所有 order_id。 var users = { 0: { user_id: 111, us
我已经为我的Django应用创建了一个用户模型 class User(Model): """ The Authentication model. This contains the u
我被这个问题困住了,找不到解决方案。寻找一些方向。我正在用 laravel 开发一个新的项目,目前正致力于用户认证。我正在使用 Laravels 5.8 身份验证模块。 对密码恢复 View 做了一些
安装后我正在使用ansible配置几台计算机。 为此,我在机器上本地运行 ansible。安装中的“主要”用户通常具有不同的名称。我想将该用户用于诸如 become_user 之类的变量. “主要”用
我正在尝试制作一个运行 syncdb 的批处理文件来创建一个数据库文件,然后使用用户名“admin”和密码“admin”创建一个 super 用户。 到目前为止我的代码: python manage.
关闭。这个问题是opinion-based 。目前不接受答案。 想要改进这个问题吗?更新问题,以便 editing this post 可以用事实和引文来回答它。 . 已关闭 6 年前。 Improv
我已在 Azure 数据库服务器上设置异地复制。 服务器上运行的数据库之一具有我通过 SSMS 创建的登录名和用户: https://learn.microsoft.com/en-us/azure/s
我有一个 ionic 2 应用程序,正在使用 native FB Login 来检索名称/图片并将其保存到 NativeStorage。流程是我打开WelcomePage、登录并保存数据。从那里,na
这是我的用户身份验证方法: def user_login(request): if request.method == 'POST': username = request.P
我试图获取来自特定用户的所有推文,但是当我迭代在模板中抛出推文时,我得到“User”对象不可迭代 观看次数 tweets = User.objects.get(username__iexact='us
我是一名优秀的程序员,十分优秀!