[RUBY] I don't understand the devise_parameter_sanitizer method, so I'll output it here.

The method that came out when I was copying sutras with Rails became "what this", so I will review it again and write it as an output and a memorandum.

What is devise_parameter_sanitizer?

devise_parameter_sanitizer is a method provided by the gem called devise. It is a method to get parameters (name, email, etc.) from requests such as login and new registration when implementing user management function.

About parameters

Parameters are externally passed data included in the request. It is processed by the controller and registered as data in the columns of the table through the model. Is it something like data that is input from the input field of the browser and sent?

To enter data in the form and submit it as a request, write the following description.

index.html


#This is the story of the sender
<%= form_with url:”URL”, method: :post, local: true do |form| %>
<%= form.text_field :content %>
<% end %>

I think it's something that lets you fill out a form and send data to a URL. The ": content" part of the second line becomes params, and as "params [: content]" It is the data passed from the outside to the controller.

This was the story of the sender, but I would like to think about the recipient as well. The recipient can be restricted to receive only parameters with the specified key (column name). This is called a strong parameter. The description is as follows.

players_controller.rb


#This is the story of the recipient
params.require(:player).permit(:name, :age)

In the above description, only the data of the key (column) "name" and the key (column) "age" of the Player model will be received from the request. Specify the table with columns in require. If the request contains "height", "speed", and "defence" data in addition to the "name" and "age" keys, they will not be received.

Return to the devise_parameter_sanitizer method.

How to describe is as follows.

application_controller.rb


#For devise
devise_parameter_sanitizer.permit(:sign_up, keys: [:email])

Since devise_parameter_sanitizer will be a method of devise, the model will be the User model created by devise, so the above require will not be described. The parameter (data) you get when you sign up means "email".

When I wrote the code with this devise_parameter_sanitizer, I thought that the devise gem is quite convenient for implementing the login function. You can register and log in without creating a login function from scratch. By putting the necessary information (column) in devise_parameter_sanitizer, devise will do the rest to some extent, so I'm not sure yet, but I feel that it is a very convenient method.

Finally

Although I wrote this article, there are still some things I don't understand. I would be grateful if you could tell me if there is something wrong with this recognition. Thank you.

Referenced articles

An active engineer explains how to use Rails' require / permit method [for beginners] https://techacademy.jp/magazine/22078

Recommended Posts

I don't understand the devise_parameter_sanitizer method, so I'll output it here.
I don't really understand the difference between swift Error and NSError, so I tried to summarize it myself.
I can't remember the text file input / output in Java, so I summarized it.
Now, I understand the coordinate transformation method of UIView (Swift)
Output about the method Part 1
Understand the helper method form_with
Java concurrency I don't understand
I don't understand Ruby 3 Ractor
[Action View :: Missing Template] I didn't understand the meaning of the error statement, so I looked it up.
I didn't understand the meaning of injection such as DI or @Autowired, so I looked it up.
I think I understand the reuse of cells, but I don't understand at all.
I tried to understand how the rails method "redirect_to" is defined
I tried to understand how the rails method "link_to" is defined
"RSpec doesn't work!" The cause was spring, so I investigated it.
I tried to explain the method
Was that so, the user_signed_in? method