Hi all,

I just installed cancan on a new project and found out that it creates
some problems with the new scoped mass assignment features of rails 3.2
.

Basically, in my User model I create some attr_accessible attributes in
order to avoid users to edit their roles or other sensitive information.
From the administration I allow admins to edit those protected
attributes by passing :without_protection => true on creation and update
of new users.

This works just fine, but adding cancan load_and_authorize_resource to
my controller triggers a "Can't mass-assign protected attributes:
...stuff..." . This happens also when using something like
User.new(params[:user], :role => :admin)

I really can't figure out how to solve this, so any help would be very
appreciated!

Thanks in advance.

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Joshua at Jan 29, 2013 at 1:22 pm
    I'm having that issue as well; I just told it to authorize_resource and
    left off the load_resource.. But somehow I don't think that's actually a
    fix, or even a secure way of handling things..

    Almost a year since you posted this.. Did you figure it out? I wonder if
    this is a bug in CanCan

    On Friday, March 30, 2012 2:19:06 PM UTC-4, Ruby-Forum.com User wrote:

    Hi all,

    I just installed cancan on a new project and found out that it creates
    some problems with the new scoped mass assignment features of rails 3.2
    .

    Basically, in my User model I create some attr_accessible attributes in
    order to avoid users to edit their roles or other sensitive information.
    From the administration I allow admins to edit those protected
    attributes by passing :without_protection => true on creation and update
    of new users.

    This works just fine, but adding cancan load_and_authorize_resource to
    my controller triggers a "Can't mass-assign protected attributes:
    ...stuff..." . This happens also when using something like
    User.new(params[:user], :role => :admin)

    I really can't figure out how to solve this, so any help would be very
    appreciated!

    Thanks in advance.

    --
    Posted via http://www.ruby-forum.com/.
    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/_7Z-m63QUJ8J.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedMar 30, '12 at 6:19p
activeJan 29, '13 at 1:22p
posts2
users2
websiterubyonrails.org
irc#RubyOnRails

2 users in discussion

Serafino Picozzi: 1 post Joshua: 1 post

People

Translate

site design / logo © 2022 Grokbase