Skip to content

CanCan ActiveModel::ForbiddenAttributesError with rails 4 #835

Crystark opened this Issue Mar 11, 2013 · 79 comments


I'm quite new to rails and i'm going for a Devise-CanCan-SimpleRoles approach on my project. I'm using CanCan 1.6.9.
It seems that since i rebuilt the project from scratch on rails4 beta1, i'm getting a ActiveModel::ForbiddenAttributesError when i try to create any entity using a controller wich extends my ApplicationController.

This seems to come from :

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  # load_and_authorize_resource
  before_filter do |controller| unless controller.devise_controller?
  before_filter :authenticate_user!


  # Catching exceptions from Cancan
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to :home, alert: exception.message


I've tried using load_and_authorize_resource instead but it does the same error.

I think this might have to do with #763 and #571 but as i'm still quite new to rails, i'd rather be sure this issue is reported.


Here's the full stacktrace of the error:

/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activemodel/lib/active_model/forbidden_attributes_protection.rb:21:in `sanitize_for_mass_assignment'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/attribute_assignment.rb:21:in `assign_attributes'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/core.rb:174:in `initialize'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/inheritance.rb:24:in `new'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/inheritance.rb:24:in `new'
cancan (1.6.9) lib/cancan/controller_resource.rb:85:in `build_resource'
cancan (1.6.9) lib/cancan/controller_resource.rb:66:in `load_resource_instance'
cancan (1.6.9) lib/cancan/controller_resource.rb:32:in `load_resource'
cancan (1.6.9) lib/cancan/controller_resource.rb:25:in `load_and_authorize_resource'
app/controllers/application_controller.rb:6:in `block in <class:ApplicationController>'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:408:in `_run__4520472595650506565__process_action__callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:78:in `run_callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/abstract_controller/callbacks.rb:17:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/rescue.rb:29:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/notifications.rb:158:in `block in instrument'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/notifications.rb:158:in `instrument'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/params_wrapper.rb:245:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/abstract_controller/base.rb:136:in `process'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/abstract_controller/rendering.rb:44:in `process'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal.rb:196:in `dispatch'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_controller/metal.rb:232:in `block in action'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:80:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:80:in `dispatch'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:48:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/journey/router.rb:69:in `block in call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/journey/router.rb:57:in `each'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/journey/router.rb:57:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/routing/route_set.rb:645:in `call'
lib/my/middleware/locale.rb:20:in `call'
warden (1.2.1) lib/warden/manager.rb:35:in `block in call'
warden (1.2.1) lib/warden/manager.rb:34:in `catch'
warden (1.2.1) lib/warden/manager.rb:34:in `call'
rack (1.5.2) lib/rack/etag.rb:23:in `call'
rack (1.5.2) lib/rack/conditionalget.rb:35:in `call'
rack (1.5.2) lib/rack/head.rb:11:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/flash.rb:241:in `call'
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/cookies.rb:452:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/query_cache.rb:36:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/connection_adapters/abstract/connection_pool.rb:632:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activerecord/lib/active_record/migration.rb:348:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:374:in `_run__2034566760718777775__call__callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/callbacks.rb:78:in `run_callbacks'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/reloader.rb:64:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
better_errors (0.7.0) lib/better_errors/middleware.rb:58:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/rack/logger.rb:38:in `call_app'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/rack/logger.rb:21:in `block in call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/tagged_logging.rb:67:in `block in tagged'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/tagged_logging.rb:25:in `tagged'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/tagged_logging.rb:67:in `tagged'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/rack/logger.rb:21:in `call'
quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
rack (1.5.2) lib/rack/runtime.rb:17:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/activesupport/lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/actionpack/lib/action_dispatch/middleware/static.rb:64:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/engine.rb:511:in `call'
/data/home/mainuser/.bundler/ruby/2.0.0/rails-12f785fdc7c2/railties/lib/rails/application.rb:96:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
rack (1.5.2) lib/rack/content_length.rb:14:in `call'
rack (1.5.2) lib/rack/handler/webrick.rb:60:in `service'
/usr/local/rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/webrick/httpserver.rb:138:in `service'
/usr/local/rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/webrick/httpserver.rb:94:in `run'
/usr/local/rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/webrick/server.rb:295:in `block in start_thread'

Hi @Crystark, welcome Rails and CanCan. The error you are running into (ActiveModel::ForbiddenAttributesError) is actually part of Rails 4 and the strong_parameters feature for model attributes. You can read more about how it works here: Edge Guides - Strong Parameters.

Basically this is a way of saying that CanCan isn't ready out of the box for Rails 4. There are a number of work arounds in the issues you referenced. I'd play around with those and see if those work well for you. The other option is to create an authorization system from scratch. @ryanb shows how in the Railscast about strong_parameters Authorization from scratch - Part I Authorization from scratch - Part II (PRO episodes require a subscription).


Thanks @natebird

I will try to see those workarounds. Any ideas on if and when CanCan will support strong_parameters ?
Thanks again

Edit: As stated in #571 one of the workarounds worked for me.


@Crystark there are a few pull requests waiting to be merged in that help support strong_parameters. Just waiting for @ryanb to pull them in.


Oh, and if the issue is resolved can you close it?

@Crystark Crystark closed this Mar 15, 2013
mrfoto commented May 16, 2013

I'm using Rails 4 rc1 and CanCan 1.6.10 and I'm still getting this error when creating. Is there some additional work I must do to get it going?


+1 for this. I'm having the same problem.


+1, Using Rails 4 rc and cancan 1.6.1

@ryanb ryanb reopened this May 26, 2013

+1, 4.0.0.rc1 + 1.6.10 - any workaround for this configuration?

mrfoto commented May 30, 2013

I use: load_and_authorize_resource except: [:create] just so I got it working but that shouldn't be used on production I guess.


Thanks, if someone has the same problem: #571 describes a workaround. In short:

In the ApplicationController:

before_filter do
  resource = controller_name.singularize.to_sym
  method = "#{resource}_params"
  params[resource] &&= send(method) if respond_to?(method, true)

and in the resource controller (for example NoteController):

def note_params
  params.require(:note).permit(:what, :ever)

Hey, @AntonTrapp! This fixed my issue. CanCan 1.6.10 and Rails 4.0.0.rc1. Thanks.


+1, 4.0.0.rc2 and 1.6.10. @AntonTrapp's fixs works here as well


Thanks @AntonTrapp and I made some changes, now it's compatible with namespaces

  before_filter do
    resource = controller_path.singularize.gsub('/', '_').to_sym
    method = "#{resource}_params"
    params[resource] &&= send(method) if respond_to?(method, true)

Here's my workaround:
As load_resource will only load if resource is not there. So my approach is simply add a before_action before the load_and_authorize_resource to load the instance_resource in the strong_parameter way.

  # before_action :set_company, only: [:show, :edit, :update, :destroy]
  before_action :load_company, only: :create

    # Use callbacks to share common setup or constraints between actions.
    # def set_company
    #   @company = Company.find(params[:id])
    # end

    def load_company
      @company =

So it's cleaner and dryer without double loading the resource

amoose commented Jul 25, 2013

+1 on rails 4.0.0.rc2 and cancan 1.6.10

@AntonTrapp / @JiriKolarik workaround is working for me.


@AntonTrapp / @JiriKolarik worked for me with Rails 4 release and cancan 1.6.10. Thanks for the short-term fix.


Work around worked for me as well, thanks!

jziggas commented Jul 31, 2013

Using cancan 1.6.1, ruby 2.0.0p247 and rails 4, and @AntonTrapp worked for me. Thank you.

obelich commented Aug 5, 2013

i get that error in Rails 4 and cancan (1.6.10) :(

but if i use
load_and_authorize_resource except: [:create]

it work thanks for @mrfoto

alagos commented Aug 5, 2013

@obelich the problem with that workaround is that any authenticated user will create your used model


+1 @AntonTrapp workaround fixes problem for me as well on 4.0.0.


:+1: Thanks @AntonTrapp for the workaround!


Not my workaround, see #571 - credits go to mcbsys

mrfoto commented Aug 10, 2013

@obelich @alagos yeah, DON'T use my "solution". As I've said, it's just to get it going but shouldn't be used on production. It was a temp fix I used so I could work without going in depth about this issue. I would suggest either the solution @AntonTrapp reposted or the one from @lecky which is even nicer IMHO.


Thanks @AntonTrapp and @JiriKolarik hopefully we will see a perm fix soon.


:+1: for solution proposed by @AntonTrapp / @JiriKolarik


I have been pulling out my hairs since 2 hours because of this!.. Thank you for opening it up.

Fix worked for me too. :+1:


@AntonTrapp / @JiriKolarik you are both awesome! Thanks!


@AntonTrapp fix works for me without even using the resource controller. 2.0.0-p247 + 1.6.10

Anyone else?

firo commented Aug 30, 2013

@lecky, thanks fix works for me.

mgutz commented Aug 31, 2013

Trying to decide between django, which has authorization built in and Rails 4. This bug has me worried about choosing Rails. Cancan hasn't been updated in 2 months and Rails 4 has been in beta and released for far longer. Are there any other authorization alternatives better maintained?


Work around no longer working.

 module ForbiddenAttributesProtection # :nodoc:
      def sanitize_for_mass_assignment(attributes)
        if attributes.respond_to?(:permitted?) && !attributes.permitted?
          raise ActiveModel::ForbiddenAttributesError

@AntonTrapp Solution still Working Well


I am getting the same problem...

cancan (1.6.10)
rails (4.0.0)


@AntonTrapp solution still works you are right, @JiriKolarik 's one is broken.


Sorry, haven't implemented solution yet, just re-iterating that the originating issue still exists.

EDIT: Just tested and the @AntonTrapp workaround is working for me:

cancan (1.6.10)
rails (4.0.0)


+1, @AntonTrapp 's workaround worked for me as well just now!

kacole2 commented Nov 4, 2013

just used @leckylao method and it works great. very clean. Thanks!


The problem with @leckylao and @AntonTrapp methods is that I get a Moped "duplicate key error" on id with them... Any idea?


Can you try to create a new rails app, create a simple scaffold with a string, throw in only cancan and retry it to make sure that the problem is the above fix?
If it is still happening, what versions (rails and cancan) are you using?


Using cancan (1.6.10)
Using devise (2.2.4) from git:// (at rails4)
Have been trying to understand why it is happening all day. Can't make another app at the moment... but if I find a fix will surely post it here.

mrfoto commented Nov 8, 2013

@hiromipaw any particular reason you're using such an old version of Devise?


@AntonTrapp solution worked for me on rails 4 with mongoid.


It worked great: rails 4 and CanCan 1.6.10.

For future readers and newcomers: this comes at the end of your controller and :what, :ever are the model attributes ;) ...

def note_params
params.require(:note).permit(:what, :ever)

jdowd commented Dec 17, 2013

In case anyone else has this issue: the @AntonTrapp solution was causing me problems in a sort action where the resource params was just an array of sorted ids. To fix I just named the before filter so that, in the appropriate controller, I can just skip_before_filter :cancan_hack, only: [:sort]

class ApplicationController < ActionController::Base
  before_filter :cancan_hack

  def cancan_hack
    return if request.get?
    resource = controller_name.singularize.to_sym
    method = "#{resource}_params"
    params[resource] &&= send(method) if respond_to?(method, true)

anand9 commented Jan 9, 2014

@AntonTrapp worked for me too in rails 4 :+1:

@mlavandero mlavandero pushed a commit to mlavandero/easy_expense_web that referenced this issue Jan 11, 2014
Mario Lavandero Added hack to work around permitted parameters problem with CanCan an…
…d Create

This solution taken from ryanb/cancan#835
@eikes eikes referenced this issue in RailsApps/rails_apps_composer Jan 13, 2014

@user.update_attributes wrong number of arguments (2 for 0..1) #260

@Salinn Salinn added a commit to Salinn/RITBikeShareWebsite that referenced this issue Jan 16, 2014
@Salinn Salinn add in workaround for cancan issue 9f9ea55
@mhelfer mhelfer referenced this issue in spree-contrib/spree_drop_ship Jan 23, 2014

New Supplier ActiveModel::ForbiddenAttributesError #37

ronniee commented Feb 4, 2014

@AntonTrapp worked for me in rails 4. Thanks a lot.


@AntonTrapp / @mcbsys / @JiriKolarik worked for me too. Thanks guys!

zavan commented Feb 18, 2014

@JiriKolarik hack works for my namespaced user model, thanks.
By the way, it's been a year and this is still an issue, is there any ideas on when will this be really fixed?

zavan commented Feb 18, 2014

Thanks a lot for CanCan, but it seems now abandoned, I've moved to Pundit:

@Elochai Elochai referenced this issue in Elochai/amazon Mar 1, 2014

Features #2


@leckylao works great for me, very easy to implement too. Thanks!

jgnan commented Mar 6, 2014

Thanks for @AntonTrapp 's suggestion, it works fine for me either with rails 4.0.3 + cancan 1.6.8


So I ran into this issue and neither @AntonTrapp nor @JiriKolarik's fixes worked for me. I have a controller thats a completely different namespace from the model being edited (so think Store::Product and Admin::Product), which meant that the "Load resource" part of load_and_authorize_resource wasn't working. The fix was to use my own loader, and skip the CanCan loader:

    before_action :set_store_product, only: [:edit, :show, :update, :destroy]
    authorize_resource :class => Store::Product.
    # [/snip]
      def set_store_product
         @store_product = Store::Product.find(params[:id])

Hope this helps someone else!

@stacia stacia added a commit to stacia/habitabi that referenced this issue Mar 20, 2014
@stacia stacia CanCan bug fix from ryanb/cancan#835 (comment) a22a7d5

Worked with Rails 4.0.3, CanCan 1.6.10. Thanks @AntonTrapp !

@gruntrebel gruntrebel referenced this issue in gruntrebel/wccc-gaming Mar 28, 2014

Forbidden Attributes error on dev and prod #12

bman917 commented Mar 29, 2014

Here is what worked for me....

  • create file under config/initializers/cancan.rb
module CanCan
  class ControllerResource
    alias_method :original_resource_params_by_namespaced, :resource_params_by_namespaced_name

    def resource_params_by_namespaced_name
      if (@controller && @params && @params[:action] == "create")
        strong_params =  @controller.method("#{}_params".to_sym)
        params = if defined? strong_params
      params ||=  original_resource_params_by_namespaced
  • Restart your rails app.

This fix/workaround only works if your controller has the usual strong params method. For example, in FooController there should be:

def foo_params
  params.require(:foo).permit(:what, :ever)
mrfoto commented Mar 29, 2014

Just FYI we now have CanCanCan which fixes this and many other issues on the original CanCan repo :wink:


WARNING: before you all run to CanCanCan, it is 1.x only!


It is for some, just don't want them to be disappointed (like me, rushed to your site immediately lol).


I changed for Cancancan and did not have to change even one line of code for it to work. And FYI the fix I talked about in my first post has always been working.

eljaydub commented Apr 9, 2014

I just switched to CanCanCan and can also confirm that it is working without changing any code. I was able to remove the fix_cancan_forbidden_attr_error work-around in my application_controller.rb with any problems after switching to CanCanCan.

Feuda commented Jun 17, 2014

@AntonTrapp +1 Cool, thanks

xhoy commented Jul 1, 2014

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!


I lost 2 hours trying to find this bug ... Thank you!


Think you, I lost 1.5 hours, Solution still Working Well!!

ombr commented Jul 28, 2014

If you are getting the same error on new ( giving default params from the url) you can do this :+1:

module CanCan
  class ControllerResource
    alias_method :original_resource_params_by_namespaced, :resource_params_by_namespaced_name

    def resource_params_by_namespaced_name
      if (@controller && @params && (@params[:action] == 'create' || (@params[] && @params[:action] == 'new')))
        strong_params =  @controller.method("#{}_params".to_sym)
        params = if defined? strong_params
      params ||=  original_resource_params_by_namespaced
karan-ta commented Sep 6, 2014

Hi guys

i started rails in this week only.
(i am working with piggyback demo and getting this error)
I am getting this error in rails admin.
any idea where i can apply the fix given by @AntonTrapp or by @bman917

Please help.

tc cheers,

i cannot find where i can apply the workaround in rails admin

mrfoto commented Sep 6, 2014

@kodeycom switch to cancancan


I spent an hour trying to figure out this problem
I just switched to CanCanCan and it worked without having to modify anything

Great work

mitogh commented Nov 12, 2014

Thank you @AntonTrapp :+1:

@djkotowski djkotowski referenced this issue in jmmastey/level_up_exercises Dec 31, 2014

EVE Forecast v1 #381




Merci @ombr , ça marche bien~

module CanCan
  class ControllerResource
    alias_method :original_resource_params_by_namespaced, :resource_params_by_namespaced_name

    def resource_params_by_namespaced_name
      if (@controller && @params && @params[:action] == "create")
        strong_params =  @controller.method("#{}_params".to_sym)
        params = if defined? strong_params
      params ||=  original_resource_params_by_namespaced
ombr commented Jan 12, 2015

De rien !

It works, but on my projects I moved to cancancan.

@supernovamaniac supernovamaniac referenced this issue in Stefandasbach/hcef Mar 31, 2015

Quick Fixes #25

@rotated8 rotated8 referenced this issue in projecthydra/hydra-role-management Jul 7, 2015

Remove outdated cancan fix. #20

@atamis atamis added a commit to fearlessandloathing/forum that referenced this issue Aug 25, 2015
@atamis atamis Had trouble with cancan and forbidden attributes. You can't edit your…
… user info without specifying a "new" password

ryanb/cancan#835 , see this for new info on other solutions to the problem.

@AntonTrapp,Thank you for help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.