Devise admin model - how to permit parameters (new fields)?

Question

In an app where Devise and Admin model are used I needed to add some fields - they were successfully added. Now I also need to give the user the ability to modify these attributes. When I open the view for modifying these parameters and send the form, the newly added fields (like a phone number, website etc) are not modified.

In the terminal output I see it's because these parameters are unpermitted, but how can I permit them?

The action where the whole update process is happening is registrations#update:

def update
    @user = User.find(current_user.id)
    successfully_updated = if needs_password?(@user, params)
      @user.update_with_password(devise_parameter_sanitizer.sanitize(:account_update))
    else
      params[:user].delete(:current_password)
      @user.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
    end

    if successfully_updated
      flash[:notice] = "Your password has been successfully changed."
      # Sign in the user bypassing validation in case their password changed
      sign_in @user, :bypass => true
      redirect_to edit_user_registration_path(:status => 'ok')
    else
      render "edit"
    end
  end

Bu this code seems to be for users, not for admins - how can I solve this problem then?

Thank you in advance.

Answer 1

class RegistrationsController < Devise::RegistrationsController
  before_action :configure_permitted_parameters

  # ...

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) << :username
  end
end

In this example we add a :username parameter to the whitelist.

https://github.com/plataformatec/devise#strong-parameters