Method: Devise::ParameterSanitizer#permit

Defined in:
lib/devise/parameter_sanitizer.rb

#permit(action, keys: nil, except: nil, &block) ⇒ Object

Add or remove new parameters to the permitted list of an action.

Arguments

  • action - A Symbol with the action that the controller is performing, like sign_up, sign_in, etc.

  • keys: - An Array of keys that also should be permitted.

  • except: - An Array of keys that shouldn’t be permitted.

  • block - A block that should be used to permit the action parameters instead of the Array based approach. The block will be called with an ActionController::Parameters instance.

Examples

# Adding new parameters to be permitted in the `sign_up` action.
devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])

# Removing the `password` parameter from the `account_update` action.
devise_parameter_sanitizer.permit(:account_update, except: [:password])

# Using the block form to completely override how we permit the
# parameters for the `sign_up` action.
devise_parameter_sanitizer.permit(:sign_up) do |user|
  user.permit(:email, :password, :password_confirmation)
end

Returns nothing.



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
# File 'lib/devise/parameter_sanitizer.rb', line 110

def permit(action, keys: nil, except: nil, &block)
  if block_given?
    @permitted[action] = block
  end

  if keys.present?
    @permitted[action] ||= @auth_keys.dup
    @permitted[action].concat(keys)
  end

  if except.present?
    @permitted[action] ||= @auth_keys.dup
    @permitted[action] = @permitted[action] - except
  end
end