Add some validation for a select to Devise signup

Question

I get this error when I submit, but I cannot figure out. Because paramets are sent correctly

enter image description here

Application Controller

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

 before_filter :configure_permitted_parameters, if: :devise_controller?

protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit! }
  end

User.rb

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :confirmable, :omniauthable

  validates :role, inclusion: { in: ['player', 'team', 'fan'], message: "%{value} can be player, fan or team!" }

Signup page

<div><%= f.label :role %><br />
<%= f.select :role, ['fan', 'player'].map{|r| [t(r), r]} %>

<%= f.submit "Sign up" %>

Signup page (generated)

<select id="user_role" name="user[role]"><option value="fan">Fan</option>
<option value="player">Pro Player</option></select>

Server logs

    Started POST "/en/users" for 127.0.0.1 at 2013-07-10 23:47:35 +0200
Processing by Devise::RegistrationsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"6conUxB8E4y4Fy2pQ8WrT7ss/ykFqnuYzgoOkQIuSQY=", "user"=>{"email"=>"napster3000@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "role"=>"fan"}, "commit"=>"Sign up", "locale"=>"en"}
Unpermitted parameters: role
WARNING: Can't mass-assign protected attributes for User: email, password, password_confirmation

Gemfile

gem 'protected_attributes'
gem 'devise', "~> 3.0.0.rc",       github: 'plataformatec/devise' #, branch: 'rails4'
gem 'responders',          github: 'plataformatec/responders'
gem 'inherited_resources', github: 'josevalim/inherited_resources'
gem 'ransack',             github: 'ernie/ransack',            branch: 'rails-4'
gem 'activeadmin',         github: 'gregbell/active_admin', branch: 'rails4'
gem 'formtastic',          github: 'justinfrench/formtastic'

As I know for ruby on rails 4 there is no such thing as `attr_accessible`, you should look for a branch od Devise for rails 4 and you should specify in private actions in controller what attributes are available to write to on create or update. — rmagnum2002, Jul 10 '13 at 20:38
You use Rails 4 and attr_accessible? User DEvise branch for Rails 4 and strong params — Mike Szyndel, Jul 10 '13 at 20:38
ok, added logs. Indeed unpermitted params is the problem. But I have set ":role" as attr_accessible — sparkle, Jul 10 '13 at 20:41

rmagnum2002 · Answer 1 · 2013-07-10T21:27:44.393

1

Devise for rails 4 https://github.com/plataformatec/devise/tree/rails4

gem 'devise', github: 'plataformatec/devise', branch: 'rails4'

for other controllers how to make attributes permitted to change:

for exemple in users controller

class UsersController < ApplicationController
  def create
    @user = User.create(user_params)
  end

private
  def user_params
    params.require(:user).permit(:email, :role, ...)
  end

good tutorial on adding custom fields for user when using Devise:

http://blog.12spokes.com/web-design-development/adding-custom-fields-to-your-devise-user-model-in-rails-4/

Edit

Try overriding sign_up_params method, should be in registations controller I think.

def sign_up_params
   params.require(:user).permit(:email, :password, :password_confirmation, :other, :etc)
end

Documentations on strong_parameters: https://github.com/plataformatec/devise#strong-parameters

edited Jul 10 '13 at 21:27

answered Jul 10 '13 at 20:46

rmagnum2002

11,341
8
49
86

or have you tried with `active_admin` for rails 4 from here https://github.com/gregbell/active_admin/tree/rails4 ? – rmagnum2002 Jul 10 '13 at 21:03
(Gemfile & user.rb updated). I got: "Unpermitted parameters: role WARNING: Can't mass-assign protected attributes for User: email, password, password_confirmation" – sparkle Jul 10 '13 at 21:16
see the edit. found it here: http://stackoverflow.com/questions/16127873/rails-4-devise-mongodb-unpermitted-parameters-using-custom-properties-and-str – rmagnum2002 Jul 10 '13 at 21:28
`def user_params` should not be in User.model, it's for controller, why did you put it there? – rmagnum2002 Jul 10 '13 at 21:31
I even try to put strong params on Application controller but nothing changes! – sparkle Jul 10 '13 at 23:27
I have solved with "attr_protected" on User model. But it's now a good practice. – sparkle Jul 10 '13 at 23:41

Add some validation for a select to Devise signup

1 Answers1