Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

CanCan ActiveModel::ForbiddenAttributesError with rails 4 #835

Open
Crystark opened this Issue · 78 comments
@Crystark

Hi,

I'm quite new to rails and i'm going for a Devise-CanCan-SimpleRoles approach on my project. I'm using CanCan 1.6.9.
It seems that since i rebuilt the project from scratch on rails4 beta1, i'm getting a ActiveModel::ForbiddenAttributesError when i try to create any entity using a controller wich extends my ApplicationController.

This seems to come from :

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  # load_and_authorize_resource
  before_filter do |controller|
    controller.class.cancan_resource_class.new(controller).load_and_authorize_resource unless controller.devise_controller?
  end
  before_filter :authenticate_user!

  private

  # Catching exceptions from Cancan
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to :home, alert: exception.message
  end

end

I've tried using load_and_authorize_resource instead but it does the same error.

I think this might have to do with #763 and #571 but as i'm still quite new to rails, i'd rather be sure this issue is reported.

Thanks

Here's the full stacktrace of the error:

/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activemodel/lib/active_model/forbidden_attributes_protection.rb:21:in `sanitize_for_mass_assignment'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/attribute_assignment.rb:21:in `assign_attributes'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/core.rb:174:in `initialize'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/inheritance.rb:24:in `new'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/inheritance.rb:24:in `new'
cancan (1.6.9) lib/cancan/controller_resource.rb:85:in `build_resource'
cancan (1.6.9) lib/cancan/controller_resource.rb:66:in `load_resource_instance'
cancan (1.6.9) lib/cancan/controller_resource.rb:32:in `load_resource'
cancan (1.6.9) lib/cancan/controller_resource.rb:25:in `load_and_authorize_resource'
app/controllers/application_controller.rb:6:in `block in <class:ApplicationController>'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:408:in `_run__4520472595650506565__process_action__callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:78:in `run_callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/abstract_controller/callbacks.rb:17:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/rescue.rb:29:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/notifications.rb:158:in `block in instrument'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/notifications.rb:158:in `instrument'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/params_wrapper.rb:245:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/abstract_controller/base.rb:136:in `process'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/abstract_controller/rendering.rb:44:in `process'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal.rb:196:in `dispatch'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal.rb:232:in `block in action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:80:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:80:in `dispatch'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:48:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/journey/router.rb:69:in `block in call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/journey/router.rb:57:in `each'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/journey/router.rb:57:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:645:in `call'
lib/my/middleware/locale.rb:20:in `call'
warden (1.2.1) lib/warden/manager.rb:35:in `block in call'
warden (1.2.1) lib/warden/manager.rb:34:in `catch'
warden (1.2.1) lib/warden/manager.rb:34:in `call'
rack (1.5.2) lib/rack/etag.rb:23:in `call'
rack (1.5.2) lib/rack/conditionalget.rb:35:in `call'
rack (1.5.2) lib/rack/head.rb:11:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/flash.rb:241:in `call'
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/cookies.rb:452:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/query_cache.rb:36:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/connection_adapters/abstract/connection_pool.rb:632:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/migration.rb:348:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:374:in `_run__2034566760718777775__call__callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:78:in `run_callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/reloader.rb:64:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
better_errors (0.7.0) lib/better_errors/middleware.rb:58:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/rack/logger.rb:38:in `call_app'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/rack/logger.rb:21:in `block in call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/tagged_logging.rb:67:in `block in tagged'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/tagged_logging.rb:25:in `tagged'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/tagged_logging.rb:67:in `tagged'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/rack/logger.rb:21:in `call'
quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
rack (1.5.2) lib/rack/runtime.rb:17:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/static.rb:64:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/engine.rb:511:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/application.rb:96:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
rack (1.5.2) lib/rack/content_length.rb:14:in `call'
rack (1.5.2) lib/rack/handler/webrick.rb:60:in `service'
/usr/local/rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/webrick/httpserver.rb:138:in `service'
/usr/local/rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/webrick/httpserver.rb:94:in `run'
/usr/local/rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/webrick/server.rb:295:in `block in start_thread'
@natebird

Hi @Crystark, welcome Rails and CanCan. The error you are running into (ActiveModel::ForbiddenAttributesError) is actually part of Rails 4 and the strong_parameters feature for model attributes. You can read more about how it works here: Edge Guides - Strong Parameters.

Basically this is a way of saying that CanCan isn't ready out of the box for Rails 4. There are a number of work arounds in the issues you referenced. I'd play around with those and see if those work well for you. The other option is to create an authorization system from scratch. @ryanb shows how in the Railscast about strong_parameters Authorization from scratch - Part I Authorization from scratch - Part II (PRO episodes require a subscription).

@Crystark

Thanks @natebird

I will try to see those workarounds. Any ideas on if and when CanCan will support strong_parameters ?
Thanks again

Edit: As stated in #571 one of the workarounds worked for me.

@natebird

@Crystark there are a few pull requests waiting to be merged in that help support strong_parameters. Just waiting for @ryanb to pull them in.

@natebird

Oh, and if the issue is resolved can you close it?

@Crystark Crystark closed this
@mrfoto

I'm using Rails 4 rc1 and CanCan 1.6.10 and I'm still getting this error when creating. Is there some additional work I must do to get it going?

@tonytonyjan

+1 for this. I'm having the same problem.

@LorandLorincz

+1, Using Rails 4 rc and cancan 1.6.1

@ryanb ryanb reopened this
@AntonTrapp

+1, 4.0.0.rc1 + 1.6.10 - any workaround for this configuration?

@mrfoto

I use: load_and_authorize_resource except: [:create] just so I got it working but that shouldn't be used on production I guess.

@AntonTrapp

Thanks, if someone has the same problem: #571 describes a workaround. In short:

In the ApplicationController:

before_filter do
  resource = controller_name.singularize.to_sym
  method = "#{resource}_params"
  params[resource] &&= send(method) if respond_to?(method, true)
end

and in the resource controller (for example NoteController):

def note_params
  params.require(:note).permit(:what, :ever)
end
@thenickcox

Hey, @AntonTrapp! This fixed my issue. CanCan 1.6.10 and Rails 4.0.0.rc1. Thanks.

@ashleydw

+1, 4.0.0.rc2 and 1.6.10. @AntonTrapp's fixs works here as well

@jirikolarik

Thanks @AntonTrapp and I made some changes, now it's compatible with namespaces

  before_filter do
    resource = controller_path.singularize.gsub('/', '_').to_sym
    method = "#{resource}_params"
    params[resource] &&= send(method) if respond_to?(method, true)
  end
@leckylao

Here's my workaround:
As load_resource will only load if resource is not there. So my approach is simply add a before_action before the load_and_authorize_resource to load the instance_resource in the strong_parameter way.

  # before_action :set_company, only: [:show, :edit, :update, :destroy]
  before_action :load_company, only: :create
  load_and_authorize_resource

  private
    # Use callbacks to share common setup or constraints between actions.
    # def set_company
    #   @company = Company.find(params[:id])
    # end

    def load_company
      @company = Company.new(company_params)
    end

So it's cleaner and dryer without double loading the resource

@amoose

+1 on rails 4.0.0.rc2 and cancan 1.6.10

@AntonTrapp / @JiriKolarik workaround is working for me.

@chronosafe

@AntonTrapp / @JiriKolarik worked for me with Rails 4 release and cancan 1.6.10. Thanks for the short-term fix.

@Sovietaced

Work around worked for me as well, thanks!

@jziggas

Using cancan 1.6.1, ruby 2.0.0p247 and rails 4, and @AntonTrapp worked for me. Thank you.

@obelich

i get that error in Rails 4 and cancan (1.6.10) :(

but if i use
load_and_authorize_resource except: [:create]

it work thanks for @mrfoto

@alagos

@obelich the problem with that workaround is that any authenticated user will create your used model

@socketwiz

+1 @AntonTrapp workaround fixes problem for me as well on 4.0.0.

@danawoodman

:+1: Thanks @AntonTrapp for the workaround!

@AntonTrapp

Not my workaround, see #571 - credits go to mcbsys

@mrfoto

@obelich @alagos yeah, DON'T use my "solution". As I've said, it's just to get it going but shouldn't be used on production. It was a temp fix I used so I could work without going in depth about this issue. I would suggest either the solution @AntonTrapp reposted or the one from @lecky which is even nicer IMHO.

@burmjohn

Thanks @AntonTrapp and @JiriKolarik hopefully we will see a perm fix soon.

@rafaelcgo

:+1: for solution proposed by @AntonTrapp / @JiriKolarik

@scaryguy

I have been pulling out my hairs since 2 hours because of this!.. Thank you for opening it up.

Fix worked for me too. :+1:

@pieterbotha

@AntonTrapp / @JiriKolarik you are both awesome! Thanks!

@jgrannas

@AntonTrapp fix works for me without even using the resource controller. 2.0.0-p247 + 1.6.10

Anyone else?

@firo

@lecky, thanks fix works for me.

@mgutz

Trying to decide between django, which has authorization built in and Rails 4. This bug has me worried about choosing Rails. Cancan hasn't been updated in 2 months and Rails 4 has been in beta and released for far longer. Are there any other authorization alternatives better maintained?

@benjaminsigidi

Work around no longer working.

 module ForbiddenAttributesProtection # :nodoc:
    protected
      def sanitize_for_mass_assignment(attributes)
        if attributes.respond_to?(:permitted?) && !attributes.permitted?
          raise ActiveModel::ForbiddenAttributesError
        else
          attributes
        end
      end
  end
@Theminijohn

@AntonTrapp Solution still Working Well

@shanepinnell

I am getting the same problem...

cancan (1.6.10)
rails (4.0.0)

@benjaminsigidi

@AntonTrapp solution still works you are right, @JiriKolarik 's one is broken.

@shanepinnell

Sorry, haven't implemented solution yet, just re-iterating that the originating issue still exists.

EDIT: Just tested and the @AntonTrapp workaround is working for me:

cancan (1.6.10)
rails (4.0.0)

@ndemoreau

+1, @AntonTrapp 's workaround worked for me as well just now!

@kacole2

just used @leckylao method and it works great. very clean. Thanks!

@hiromipaw

The problem with @leckylao and @AntonTrapp methods is that I get a Moped "duplicate key error" on id with them... Any idea?

@AntonTrapp

Can you try to create a new rails app, create a simple scaffold with a string, throw in only cancan and retry it to make sure that the problem is the above fix?
If it is still happening, what versions (rails and cancan) are you using?

@hiromipaw

Using cancan (1.6.10)
Using devise (2.2.4) from git://github.com/plataformatec/devise.git (at rails4)
Have been trying to understand why it is happening all day. Can't make another app at the moment... but if I find a fix will surely post it here.

@leckylao
@hiromipaw
@mrfoto

@hiromipaw any particular reason you're using such an old version of Devise?

@hiromipaw
@chrisalley chrisalley referenced this issue in chrisalley/chris-alley
Closed

Cannot create new resources #1

@Bramanga

@AntonTrapp solution worked for me on rails 4 with mongoid.

@ricbermo

It worked great: rails 4 and CanCan 1.6.10.

For future readers and newcomers: this comes at the end of your controller and :what, :ever are the model attributes ;) ...

def note_params
params.require(:note).permit(:what, :ever)
end

@jdowd

In case anyone else has this issue: the @AntonTrapp solution was causing me problems in a sort action where the resource params was just an array of sorted ids. To fix I just named the before filter so that, in the appropriate controller, I can just skip_before_filter :cancan_hack, only: [:sort]

class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :cancan_hack
 ...
  private

  def cancan_hack
    return if request.get?
    resource = controller_name.singularize.to_sym
    method = "#{resource}_params"
    params[resource] &&= send(method) if respond_to?(method, true)
  end

end
@anand9

@AntonTrapp worked for me too in rails 4 :+1:

@mlavandero mlavandero referenced this issue from a commit in mlavandero/easy_expense_web
Mario Lavandero Added hack to work around permitted parameters problem with CanCan an…
…d Create

This solution taken from ryanb/cancan#835
41edbd7
@eikes eikes referenced this issue in RailsApps/rails_apps_composer
Closed

@user.update_attributes wrong number of arguments (2 for 0..1) #260

@Salinn Salinn referenced this issue from a commit in Salinn/RITBikeShareWebsite
@Salinn Salinn add in workaround for cancan issue 9f9ea55
@mhelfer mhelfer referenced this issue in spree-contrib/spree_drop_ship
Closed

New Supplier ActiveModel::ForbiddenAttributesError #37

@ronniee

@AntonTrapp worked for me in rails 4. Thanks a lot.

@eljaydub

@AntonTrapp / @mcbsys / @JiriKolarik worked for me too. Thanks guys!

@zavan

@JiriKolarik hack works for my namespaced user model, thanks.
By the way, it's been a year and this is still an issue, is there any ideas on when will this be really fixed?

@zavan

Thanks a lot for CanCan, but it seems now abandoned, I've moved to Pundit: https://github.com/elabs/pundit

@Elochai Elochai referenced this issue in Elochai/amazon
Merged

Features #2

@levymetal

@leckylao works great for me, very easy to implement too. Thanks!

@jgnan1981

Thanks for @AntonTrapp 's suggestion, it works fine for me either with rails 4.0.3 + cancan 1.6.8

@jenheilemann

So I ran into this issue and neither @AntonTrapp nor @JiriKolarik's fixes worked for me. I have a controller thats a completely different namespace from the model being edited (so think Store::Product and Admin::Product), which meant that the "Load resource" part of load_and_authorize_resource wasn't working. The fix was to use my own loader, and skip the CanCan loader:

    before_action :set_store_product, only: [:edit, :show, :update, :destroy]
    authorize_resource :class => Store::Product.
    # [/snip]
    private
      def set_store_product
         @store_product = Store::Product.find(params[:id])
      end

Hope this helps someone else!

@stacia stacia referenced this issue from a commit in stacia/habitabi
@stacia stacia CanCan bug fix from ryanb/cancan#835 (comment) a22a7d5
@siddharthbhagwan

Worked with Rails 4.0.3, CanCan 1.6.10. Thanks @AntonTrapp !

@gruntrebel gruntrebel referenced this issue in gruntrebel/wccc-gaming
Open

Forbidden Attributes error on dev and prod #12

@bman917

Here is what worked for me....

  • create file under config/initializers/cancan.rb
module CanCan
  class ControllerResource
    alias_method :original_resource_params_by_namespaced, :resource_params_by_namespaced_name

    def resource_params_by_namespaced_name
      if (@controller && @params && @params[:action] == "create")
        strong_params =  @controller.method("#{namespaced_name.name.downcase}_params".to_sym)
        params = strong_params.call if defined? strong_params
      end
      params ||=  original_resource_params_by_namespaced
    end
  end
end
  • Restart your rails app.

Note:
This fix/workaround only works if your controller has the usual strong params method. For example, in FooController there should be:

def foo_params
  params.require(:foo).permit(:what, :ever)
end
@mrfoto

Just FYI we now have CanCanCan which fixes this and many other issues on the original CanCan repo :wink:

@AntonTrapp

WARNING: before you all run to CanCanCan, it is 1.x only!

@mrfoto
@AntonTrapp

It is for some, just don't want them to be disappointed (like me, rushed to your site immediately lol).

@Crystark

I changed for Cancancan and did not have to change even one line of code for it to work. And FYI the fix I talked about in my first post has always been working.

@eljaydub

I just switched to CanCanCan and can also confirm that it is working without changing any code. I was able to remove the fix_cancan_forbidden_attr_error work-around in my application_controller.rb with any problems after switching to CanCanCan.

@Feuda

@AntonTrapp +1 Cool, thanks

@xhoy

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

@candidosales

I lost 2 hours trying to find this bug ... Thank you!

@liuqingshan

Think you, I lost 1.5 hours, Solution still Working Well!!

@ombr

If you are getting the same error on new ( giving default params from the url) you can do this :+1:

module CanCan
  class ControllerResource
    alias_method :original_resource_params_by_namespaced, :resource_params_by_namespaced_name

    def resource_params_by_namespaced_name
      if (@controller && @params && (@params[:action] == 'create' || (@params[namespaced_name.name.downcase] && @params[:action] == 'new')))
        strong_params =  @controller.method("#{namespaced_name.name.downcase}_params".to_sym)
        params = strong_params.call if defined? strong_params
      end
      params ||=  original_resource_params_by_namespaced
    end
  end
end
@karan-ta

Hi guys

i started rails in this week only.
(i am working with piggyback demo and getting this error)
I am getting this error in rails admin.
any idea where i can apply the fix given by @AntonTrapp or by @bman917

Please help.

tc cheers,
karan

i cannot find where i can apply the workaround in rails admin

@mrfoto

@kodeycom switch to cancancan

@jirikolarik
@CarlosRoque

I spent an hour trying to figure out this problem
I just switched to CanCanCan and it worked without having to modify anything

Great work

@mitogh

Thank you @AntonTrapp :+1:

@djkotowski djkotowski referenced this issue in jmmastey/level_up_exercises
Closed

EVE Forecast v1 #381

@xacaxulu

Merci @ombr , ça marche bien~

module CanCan
  class ControllerResource
    alias_method :original_resource_params_by_namespaced, :resource_params_by_namespaced_name

    def resource_params_by_namespaced_name
      if (@controller && @params && @params[:action] == "create")
        strong_params =  @controller.method("#{namespaced_name.name.downcase}_params".to_sym)
        params = strong_params.call if defined? strong_params
      end
      params ||=  original_resource_params_by_namespaced
    end
  end
end
@ombr

De rien !

It works, but on my projects I moved to cancancan.

@supernovamaniac supernovamaniac referenced this issue in Stefandasbach/hcef
Merged

Quick Fixes #25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.