lukas-eu

I share OP's concern about the insecure default settings here. I am a security researcher who recently came across a vulnerable Ransack configuration in a client project, and have looked...

This looks great, I like it! Usually I would not be a fan of the easy override via a simple `super` call because the resulting behavior is not immediately obvious...

> Fine with updating this, but maybe we should use something that suggest that it comes from ransack? I would think of all_record_attributes/associations as something that comes from Rails. Just...

I left a review on #1400 : - Small typo fix - Soft suggestion to change `unauthorized` to `authorizable`

I like about the approach here that there is more fine-grained control over which combinations of attributes, associations, and search matchers are available per endpoint. However, the solution implemented in...