You can clone with
HTTPS or Subversion.
In CanCan 2.0, it appears that submitting a datetime or time from a datetime_select or time_select form helper throws an Unauthorized error after authorizing a datetime attribute in a resource. I'm assuming this is because of the parameters in which they are broken up into when they are submitted.
I discovered this by explicitly authorizing a resource's attributes and deleting the form helper. When the form is submitted without the datetime/time field, the record updates properly but with it, CanCan throws an unauthorized error. I haven't had time to put together an illustrative code sample, but it should be fairly straightforward.
Note: It took me a while to figure out what was causing the issue, due to having a large form. It might be nice if CanCan prints the name of the unauthorized attribute to the log along with the error. Does it do this already?
CanCan 2.0 is still in development. @ryanb is working on adding that feature in. Keep an eye on 2.0 branch. Thanks.
Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994
If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)
We hope to see you on the other side!