Option to disable automatic attribute assignation #741

hlascelles opened this Issue Sep 12, 2012 · 2 comments


None yet
3 participants

We use CanCan to great effect, but have problems with it automatically applying sent attributes to created/loaded models. We use versioned endpoints, so the payload that comes in doesn't match the ActiveModel directly. We would rather CanCan created new resources empty, or just loaded known resources by accessibiity - but that's it. No applying of values.

I know we can override the load method, but that leads to some code duplication as regards the load call, and slightly dangerous as we might forget to add the accessible_by in one place or another.

Ultimately, it would be great to do this at the top of every controller

before_filter :create_or_update_from_hash, only: [:create, :update]

The create_or_update_from_hash method allows us to pick and choose how to apply the sent attributes hash.

At the moment, we monkey-patch CanCan to give us this behaviour thus:

module CanCan
  class ControllerResource
    def build_resource
    def assign_attributes(resource)

Are there better ways, or can this be brought in somehow as a global option, or local option? eg:

# Proposed code 
load_and_authorize_resource apply_attributes: false


qnm commented Mar 13, 2013

Hi @hlascelles

Are you able to create a patch for CanCan to implement this new behaviour?

xhoy commented Apr 10, 2014

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment