Had trouble with cancan and forbidden attributes. You can't edit your…

… user info without specifying a "new" password ryanb/cancan#835 , see this for new info on other solutions to the problem.
fearlessandloathing · Oct 13, 2013 · 3202fa0 · 3202fa0
1 parent 6aa503c
commit 3202fa0
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 5 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -7,4 +7,12 @@ class ApplicationController < ActionController::Base
     redirect_to root_path, :alert => exception.message
   end
 
+  before_filter do
+    resource = controller_path.singularize.gsub('/', '_').to_sym
+    method = "#{resource}_params"
+    params[resource] &&= send(method) if respond_to?(method, true)
+  end
+
+
+
 end
diff --git a/app/controllers/forum_threads_controller.rb b/app/controllers/forum_threads_controller.rb
@@ -96,6 +96,6 @@ def set_forum_thread
 
     # Never trust parameters from the scary internet, only allow the white list through.
     def forum_thread_params
-      params.require(:forum_thread).permit(:title, :body, :user_id, :real_allowed, :pseudo_allowed, :anon_allowed)
+      params.require(:forum_thread).permit(:title, :body, :user_id, :real_allowed, :pseudo_allowed, :anon_allowed, :mode)
     end
 end
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
@@ -1,9 +1,40 @@
 class RegistrationsController < Devise::RegistrationsController
   before_filter :update_sanitized_params, if: :devise_controller?
 
+=begin
+   def update
+    self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
+
+
+    # custom logic
+    if params[:user][:password].present?
+      result = resource.update_with_password(params[resource_name])
+    else
+      puts params[resource_name]
+      result = resource.update_without_password(params[resource_name])
+    end
+
+    # standart devise behaviour
+    if result
+      if is_navigational_format?
+        if resource.respond_to?(:pending_reconfirmation?) && resource.pending_reconfirmation?
+          flash_key = :update_needs_confirmation
+        end
+        set_flash_message :notice, flash_key || :updated
+      end
+      sign_in resource_name, resource, :bypass => true
+      respond_with resource, :location => after_update_path_for(resource)
+    else
+      clean_up_passwords resource
+      respond_with resource
+    end
+  end
+=end
+
+
   def update_sanitized_params
-    devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email, :password, :password_confirmation)}
-    devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:name, :email, :password, :password_confirmation, :current_password)}
+    devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :pseudonym, :email, :password, :password_confirmation)}
+    devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:name, :pseudonym, :email, :password, :password_confirmation, :current_password)}
   end
 
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -14,6 +14,7 @@ def update
     authorize! :update, @user, :message => 'Not authorized as an administrator.'
     @user = User.find(params[:id])
     if @user.update_attributes(params[:user], :as => :admin)
+    #if @user.update_attributes(params[:user])
       redirect_to users_path, :notice => "User updated."
     else
       redirect_to users_path, :alert => "Unable to update user."
@@ -30,4 +31,4 @@ def destroy
       redirect_to users_path, :notice => "Can't delete yourself."
     end
   end
-end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -15,6 +15,12 @@ class User < ActiveRecord::Base
 
   validates_format_of :email, :with => /\w@oberlin\.edu/, :message => "must be an oberlin.edu email"
   validates_format_of :pseudonym, :with => /\A[A-Za-z\d_]+\z/, :message => "should be alphanumeric + _"
-  
+
   validates_length_of :password, :minimum => 6
+
+  def user_params
+    params.require(:user).permit(:email, :name, :pseudonym, :role_ids, :password, :password_confirmation, :current_password)
+  end
+
 end
+
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
@@ -5,6 +5,9 @@
 <p><%= f.label :name %><br />
 <%= f.text_field :name %></p>
 
+<p><%= f.label :pseudonym %><br />
+<%= f.text_field :pseudonym %></p>
+
   <div><%= f.label :email %><br />
   <%= f.email_field :email %></div>
 

diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb
@@ -5,6 +5,9 @@
 <p><%= f.label :name %><br />
 <%= f.text_field :name %></p>
 
+<p><%= f.label :pseudonym %><br />
+<%= f.text_field :pseudonym %></p>
+
   <div><%= f.label :email %><br />
   <%= f.email_field :email %></div>