Skip to content
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.

Support rails 4 protected attributes #958

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Support rails 4 protected attributes #958

wants to merge 5 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Nov 11, 2013

No description provided.

@tobypinder
Copy link

So to double check what I'm reading, we would pass in an :attributes option (to, say, load_and_authorize_resource) and it would use that named method as the strong parameters validator?

@ghost
Copy link
Author

ghost commented Nov 12, 2013

Yes, I probably should have explained my intent in the original comments.

In the initializer, if the option :attributes exists it will be used as the name of the method that sanitizes the params. If the :attributes option does not exist the initializer will guess the name of the sanitizer method. The default pattern for the sanitize method name is "#{model_name}_options", but it is not required to be that name.

Later in the resource_params_by_namespaced_name method if the sanitize method name exists the controller is checked to see if it has the method. Technically the method name should exist and only the responds to check is needed, but I thought it was safer to double check the existance of the method name. If the controller responds to the method then it is used, if the controller doesn't respond to the method the original behavior is used.

This code is a variation of the code done by my coworker, blischalk, in pull request #911 and a pull request made by theodorton to Brett's repository.

@tobypinder
Copy link

Well I'm not involved with the CanCan project, but I tried your branch out locally and noticed a few issues.

Firstly I had problems because I keep my *_params methods private (like this example). I'm not sure what the repercussions are for these being public, but even if it's benign there would need to be documentation highlighting this.

Once I'd moved this, I went to the new method (my model is pretty much a standard REST resource) and received the following stacktrace:

ERROR ActionController::ParameterMissing: param not found: device
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/gems/actionpack-4.0.1/lib/action_controller/metal/strong_parameters.rb:173:in `require'
    /home/toby/Documents/Sublime/Telemetry/Arachnia/app/controllers/arachnia/devices_controller.rb:129:in `device_params'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:228:in `resource_params_by_namespaced_name'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:223:in `resource_params'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:86:in `build_resource'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:67:in `load_resource_instance'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:33:in `load_resource'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:26:in `load_and_authorize_resource'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/bundler/gems/cancan-dd62d9086087/lib/cancan/controller_resource.rb:10:in `block in add_before_filter'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/gems/activesupport-4.0.1/lib/active_support/callbacks.rb:467:in `_run__221214971__process_action__callbacks'
    /home/toby/.rvm/gems/ruby-2.0.0-p247@link/gems/activesupport-4.0.1/lib/active_support/callbacks.rb:80:in `run_callbacks'

I presume this is because there has not actually been any resource "loaded" on this page. That, or I could be doing something completely wrong: more information available on request. I double checked the Gemfile.lock and there's no protected_attributes gem or anything like that.

I hope this helps to refine this branch/pull request: I intend to use it on my "strong parameters migration" branch until it's merged and ready for primetime.

@tobypinder
Copy link

However despite this it's now working with private methods. My site's rspecs are passing now that I've added the :attributes in with no known side-effects,

@bryanrite bryanrite mentioned this pull request Jan 28, 2014
Open
@xhoy
Copy link

xhoy commented Jul 1, 2014

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tobypinder @xhoy