CanCan load_and_authorize_resource triggers Forbidden Attributes

后端 未结 2 1918
梦如初夏
梦如初夏 2021-02-12 18:35

I have a standard RESTful controller that uses strong parameters.

class UsersController < ApplicationController
  respond_to :html, :js

  def index
    @user         


        
2条回答
  •  终归单人心
    2021-02-12 19:18

    I believe this is because CanCan will use its own getter method for the requested resource if you don't pre-load it with a before_filter. So you could add this to the controller and it should work:

    class UsersController < ApplicationController
      before_filter :new_user, :only => [:new, :create]
    
      load_and_authorize_resource
    
      def new_user
        @user = User.new(safe_params)
      end
    end
    

    (And then do the same for the edit/update actions.)

提交回复
热议问题