Skip to content
This repository was archived by the owner on Dec 12, 2021. It is now read-only.

Isue #835 - CanCan ActiveModel::ForbiddenAttributesError with rails 4#911

Open
blischalk wants to merge 2 commits into
ryanb:masterfrom
blischalk:ForbiddenAttributes
Open

Isue #835 - CanCan ActiveModel::ForbiddenAttributesError with rails 4#911
blischalk wants to merge 2 commits into
ryanb:masterfrom
blischalk:ForbiddenAttributes

Conversation

@blischalk

Copy link
Copy Markdown

I recently ran into the issue of getting the ForbiddenAttribuesError when using CanCan on a Rails 4 app that I am building. After looking into the issue it appears that the problem is that when load_and_authorize_resource is used in a controller it loads up the resource using the params straight from the controller before they have been sanitized.

My approach was to add the ability to specify the params method defined in the controller as an argument to load_and_authorize_resource. E.g load_and_authorize_resource attributes: :my_method. This method is then used to grab the params to build the resource from instead of using the params straight from the controller.

I have also included a check for the params method being specified which seems to preserve backward compatibility.

…orize_resource looking for a params sanitation method name. The params sanitation method defined in the client apps controller is then used to get the params when loading the resource.
…spec for new attributes method functionality.
@mhenrixon

Copy link
Copy Markdown

👍

7 similar comments
@dgilperez

Copy link
Copy Markdown

👍

@Arcath

Arcath commented Sep 4, 2013

Copy link
Copy Markdown

👍

@garrettlancaster

Copy link
Copy Markdown

👍

@jpascal

jpascal commented Oct 11, 2013

Copy link
Copy Markdown

👍

@binyamindavid

Copy link
Copy Markdown

👍

@theodorton

Copy link
Copy Markdown

👍

@mzahir

mzahir commented Oct 26, 2013

Copy link
Copy Markdown

👍

@theodorton

Copy link
Copy Markdown

I've added a pull request for this branch where you don't have to define the method as it would default to post_params for a PostController.

@zdavis

zdavis commented Oct 27, 2013

Copy link
Copy Markdown

👍

@ghost ghost mentioned this pull request Nov 12, 2013
@andrezimpel

Copy link
Copy Markdown

+1

1 similar comment
@sebakri

sebakri commented Jan 21, 2014

Copy link
Copy Markdown

+1

@xhoy

xhoy commented Jul 1, 2014

Copy link
Copy Markdown

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

@marceloboeira

Copy link
Copy Markdown

👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.