GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
It seems to me that it may be possible to integrate the rails 3 mass assignment protection with cancan ?
so we could define our controllers simple, e.g. with a :default and :admin role
class AccountsController < ApplicationController
#(cancan could include this for convenience => ) include ActiveModel::MassAssignmentSecurity
attr_accessible :first_name, :last_name # this is :as => :default
attr_accessible :first_name, :last_name, :plan_id, :rating, :as => :admin
In cancan we would say:
can [:read, :update], Accounts # :as => default if not specified
can :manage, Accounts, :as => :admin
cancan would sanitize the params & instance variables for us, based on the roles so the controllers don't have to change at all for mass assignment security. Is this possible or usefull?