Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Cannot integrate dynamic-attr-accessible with cancan #603

nishanthan144 opened this Issue · 2 comments

3 participants


I am using cancan in my project. load_and_authorize_resource will do following to the create action

  @project =
  current_ability.attributes_for(:new, Project).each do |key, value|
    @project.send("#{key}=", value)
  @project.attributes = params[:project]
  authorize! :new, @project

I want to implement role based mass-assingment and then
referred screenshot
as per tutorial, I got the following points,

In the controller we also need to apply the accessible option to the create action.
if we just apply it like this then it will not work.

@article =[:article])
@article.accessible = :all if admin?

The reason that this doesn’t work is that the mass assignment happens in the new call so by the time we’ve set accessible it’s too late. 
We need to separate creating a new Article from assigning its attributes and slip the call to accessible in between the two.

@article =
@article.accessible = :all if admin?
@article.attributes = params[:article]

I can't include the follwoing code after initialize object using load_and_authorize_resource
@article.accessible = :all or
@article.accessible = :important


You should be able to manually load the resource, do what you need, and then call authorize!. You can still use load_and_authorize_resource in your other actions by passing an :except => or :only => hash to it. Let us know if this works for you.


@nishanthan144: I am going to close this issue for now. If you still have this issue, please comment here and it'll be reopened for further discussion/investigation.

@andhapp andhapp closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.