From 058eac640ffb5d2742874a5f17a09bfeba21949c Mon Sep 17 00:00:00 2001 From: leriksen Date: Sun, 16 Feb 2014 12:06:55 +1100 Subject: [PATCH] Additional documentation on simple scalars and nested types --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f214f8b8..6362a5e5 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,9 @@ class ApplicationController < ActionController::Base end ``` -To completely change Devise defaults or invoke custom behaviour, you can also pass a block: +The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: + +To permit simple scalar values for username and email, use this ```ruby def configure_permitted_parameters @@ -208,6 +210,17 @@ def configure_permitted_parameters end ``` +If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters permitted scalars, so we need to configure Devise thusly: + +```ruby +def configure_permitted_parameters + devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) } +end +``` +For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see + +https://github.com/rails/strong_parameters#nested-parameters + If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: ```ruby