class Devise::ParameterSanitizer

def permit(action, keys: nil, except: nil, &block)

Returns nothing.

end
user.permit(:email, :password, :password_confirmation)
devise_parameter_sanitizer.permit(:sign_up) do |user|
# parameters for the `sign_up` action.
# Using the block form to completely override how we permit the

devise_parameter_sanitizer.permit(:account_update, except: [:password])
# Removing the `password` parameter from the `account_update` action.

devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
# Adding new parameters to be permitted in the `sign_up` action.

=== Examples

called with an +ActionController::Parameters+ instance.
parameters instead of the +Array+ based approach. The block will be
* +block+ - A block that should be used to permit the action
* +except:+ - An +Array+ of keys that shouldn't be permitted.
* +keys:+ - An +Array+ of keys that also should be permitted.
performing, like +sign_up+, +sign_in+, etc.
* +action+ - A +Symbol+ with the action that the controller is

=== Arguments

Add or remove new parameters to the permitted list of an +action+.

def permit(action, keys: nil, except: nil, &block)
  if block_given?
    @permitted[action] = block
  end
  if keys.present?
    @permitted[action] ||= @auth_keys.dup
    @permitted[action].concat(keys)
  end
  if except.present?
    @permitted[action] ||= @auth_keys.dup
    @permitted[action] = @permitted[action] - except
  end
end

Modules

Classes

class Devise::ParameterSanitizer

def permit(action, keys: nil, except: nil, &block)

Instance Methods