hhh

2014-11-03 13:21:41 +01:00 · 2014-11-03 13:21:41 +01:00 · 7ab98b95e1
parent 03c71e30e5
commit 7ab98b95e1
3 changed files with 26 additions and 2 deletions
--- a/app/controllers/#application_controller.rb#
+++ b/app/controllers/#application_controller.rb#
@ -0,0 +1,15 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+  
+  before_filter :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:screen_name, :email, :password, :password_confirmation, :remember_me) }
+    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :screen_name, :email, :password, :remember_me) }
+    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:screen_name, :email, :password, :password_confirmation, :current_password) }
+  end
+end
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -4,5 +4,13 @@ class UserController < ApplicationController
  end

  def edit
+    
+  end
+
+  def update
+    params.permit(:display_name)
+    current_user.display_name = params[:display_name]
+    current_user.save!
+    redirect_to edit_user_profile_path
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -15,13 +15,14 @@ Rails.application.routes.draw do
    post '/user/create' => 'devise/registrations#create', as: :user_registration
    get '/sign_up' => 'devise/registrations#new', as: :new_user_registration
    get '/settings/account' => 'devise/registrations#edit', as: :edit_user_registration
-    patch '/settings/account' => 'devise/registrations#update'
+    patch '/settings/account' => 'devise/registrations#update', as: :update_user_registration
    put '/settings/account' => 'devise/registrations#update'
    delete '/settings/account' => 'devise/registrations#destroy'
  end

  match '/settings/profile', to: 'user#edit', via: 'get', as: :edit_user_profile
-  
+  match '/settings/profile', to: 'user#update', via: 'patch', as: :update_user_profile
+
  match '/user/:username', to: 'user#show', via: 'get'
  match '/@:username', to: 'user#show', via: 'get', as: :show_user_profile_at
  match '/:username', to: 'user#show', via: 'get', as: :show_user_profile