This repository has been archived by the owner on Dec 12, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 783
Isue #835 - CanCan ActiveModel::ForbiddenAttributesError with rails 4 #911
Open
blischalk
wants to merge
2
commits into
ryanb:master
Choose a base branch
from
blischalk:ForbiddenAttributes
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…orize_resource looking for a params sanitation method name. The params sanitation method defined in the client apps controller is then used to get the params when loading the resource.
…spec for new attributes method functionality.
👍 |
7 similar comments
👍 |
👍 |
👍 |
👍 |
👍 |
👍 |
👍 |
I've added a pull request for this branch where you don't have to define the method as it would default to |
👍 |
ghost
mentioned this pull request
Nov 12, 2013
+1 |
1 similar comment
+1 |
Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994. If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan. We hope to see you on the other side! |
👍 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I recently ran into the issue of getting the ForbiddenAttribuesError when using CanCan on a Rails 4 app that I am building. After looking into the issue it appears that the problem is that when load_and_authorize_resource is used in a controller it loads up the resource using the params straight from the controller before they have been sanitized.
My approach was to add the ability to specify the params method defined in the controller as an argument to load_and_authorize_resource. E.g load_and_authorize_resource attributes: :my_method. This method is then used to grab the params to build the resource from instead of using the params straight from the controller.
I have also included a check for the params method being specified which seems to preserve backward compatibility.