cancan
cancan copied to clipboard
Allow override resource params
Allow override resource_params in controller so that it makes cancan easily work with strong_parameters.
Here is an example how I use cancan with strong_parameters.
class PostsController < ApplicationController
load_and_authorize_resource
# new, create, edit, update actions
protected
def resource_params
params.require(:post).permit(:title, :description, :tag_list, post_body_attributes: [:body]) if params[:post]
end
end
I'll consider pulling this in. My main concern is that it encourages putting the authorization logic in the controller. I would like to come up with a better solution for CanCan 2.0. I have some ideas for an automatic permit
call so one doesn't need to do anything directly in the controller.
looking forward to the cancan 2.0
@ryanb I'm thinking about whether permits should be handled by cancan automatically, but so far I believe there should be a way to limit assignments in the controller, which could be tuned further in Ability. This approach would separate cancan from strong_parameters too.
@julian7 the strong_parameters gem is going into Rails 4.0, so it shouldn't be a matter of separating the two, but instead working out a way they can be useful together. I've had a go at this here: #763
Hmm, I like your authorization from scratch solution much better :) I just realized moving parameter restrictions to the controller was because this kind of control should go to where authorization is (and AAA usually takes place in the controller).
Moving param restrictions to the controller because it is suggested by others answers the wrong question.
Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still. Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994
If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)
We hope to see you on the other side!