MassCanCan is an extension to the not-yet released CanCan 2.0. It grabs the permissions defined with CanCan and uses them to implement the ActiveRecord mass assignment security policies, removing the need to define the accessible attributes in the model and contributing to the application consistency.
Switch branches/tags
Nothing to show
Pull request Compare This branch is 3 commits behind alfonsocora:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
spec
.gitignore
Gemfile
Gemfile.lock
MIT-LICENSE
README.rdoc
Rakefile
mass_can_can.gemspec

README.rdoc

MassCanCan

MassCanCan is an extension to the not-yet released CanCan 2.0. It grabs the permissions defined with CanCan and uses them to implement the ActiveRecord mass assignment security policies, removing the need to define the accessible attributes in the model and contributing to the application consistency.

Setup

Start by setting up CanCan 2.0.

Add the MassCanCan gem to your Gemfile:

gem "mass_can_can", :git => "git://github.com/alfonsocora/masscancan.git"

Then modify the Ability class to include MassCanCan instead of CanCan:

require 'mass_can_can/ability'

class Ability
  include MassCanCan::Ability

  def initialize(user)
    ...
  end

  ...
end

Important

MassCanCan is not compatible with attr_accessible, attr_protected, or any other method that specifies mass assignment security in the model. Make sure that those methods are not called when using MassCanCan.

Configuration

MassCanCan uses the new ActiveRecord mass assignment security, which can be configured with the mass_assignment_sanitizer configuration attribute:

config.active_record.mass_assignment_sanitizer = :strict

This field also supports the value :logger which logs failed update attempts to the log instead of rising errors.