Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Allow override resource params #757

wants to merge 2 commits into


None yet
5 participants

flyerhzm commented Oct 7, 2012

Allow override resource_params in controller so that it makes cancan easily work with strong_parameters.

Here is an example how I use cancan with strong_parameters.

class PostsController < ApplicationController
  # new, create, edit, update actions
    def resource_params
      params.require(:post).permit(:title, :description, :tag_list, post_body_attributes: [:body]) if params[:post]

ryanb commented Oct 7, 2012

I'll consider pulling this in. My main concern is that it encourages putting the authorization logic in the controller. I would like to come up with a better solution for CanCan 2.0. I have some ideas for an automatic permit call so one doesn't need to do anything directly in the controller.

flyerhzm commented Oct 8, 2012

looking forward to the cancan 2.0

julian7 commented Oct 11, 2012

@ryanb I'm thinking about whether permits should be handled by cancan automatically, but so far I believe there should be a way to limit assignments in the controller, which could be tuned further in Ability. This approach would separate cancan from strong_parameters too.

ollym commented Oct 13, 2012

@julian7 the strong_parameters gem is going into Rails 4.0, so it shouldn't be a matter of separating the two, but instead working out a way they can be useful together. I've had a go at this here: #763

julian7 commented Oct 14, 2012

Hmm, I like your authorization from scratch solution much better :) I just realized moving parameter restrictions to the controller was because this kind of control should go to where authorization is (and AAA usually takes place in the controller).

Moving param restrictions to the controller because it is suggested by others answers the wrong question.

xhoy commented Apr 10, 2014

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment