CanCan load_and_authorize_resource triggers Forbidden Attributes

Question

I have a standard RESTful controller that uses strong parameters.

class UsersController < ApplicationController
  respond_to :html, :js

  def index
    @user         


        

Answer 1

I believe this is because CanCan will use its own getter method for the requested resource if you don't pre-load it with a before_filter. So you could add this to the controller and it should work:

class UsersController < ApplicationController
  before_filter :new_user, :only => [:new, :create]

  load_and_authorize_resource

  def new_user
    @user = User.new(safe_params)
  end
end

(And then do the same for the edit/update actions.)