cancan icon indicating copy to clipboard operation
cancan copied to clipboard

Published 20 hours ago verified publisher icon ryanb

Allow override resource params

Open flyerhzm opened this issue 11 years ago • 6 comments

Allow override resource_params in controller so that it makes cancan easily work with strong_parameters.

Here is an example how I use cancan with strong_parameters.

class PostsController < ApplicationController
  load_and_authorize_resource
  # new, create, edit, update actions
  protected
    def resource_params
      params.require(:post).permit(:title, :description, :tag_list, post_body_attributes: [:body]) if params[:post]
    end
end

flyerhzm avatar Oct 07 '12 03:10 flyerhzm

I'll consider pulling this in. My main concern is that it encourages putting the authorization logic in the controller. I would like to come up with a better solution for CanCan 2.0. I have some ideas for an automatic permit call so one doesn't need to do anything directly in the controller.

ryanb avatar Oct 07 '12 23:10 ryanb

looking forward to the cancan 2.0

flyerhzm avatar Oct 08 '12 00:10 flyerhzm

@ryanb I'm thinking about whether permits should be handled by cancan automatically, but so far I believe there should be a way to limit assignments in the controller, which could be tuned further in Ability. This approach would separate cancan from strong_parameters too.

julian7 avatar Oct 11 '12 21:10 julian7

@julian7 the strong_parameters gem is going into Rails 4.0, so it shouldn't be a matter of separating the two, but instead working out a way they can be useful together. I've had a go at this here: #763

ollym avatar Oct 13 '12 21:10 ollym

Hmm, I like your authorization from scratch solution much better :) I just realized moving parameter restrictions to the controller was because this kind of control should go to where authorization is (and AAA usually takes place in the controller).

Moving param restrictions to the controller because it is suggested by others answers the wrong question.

julian7 avatar Oct 14 '12 07:10 julian7

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still. Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

xhoy avatar Apr 10 '14 11:04 xhoy