发表新帖
发表新帖

CanCan load_and_authorize_resource triggers Forbidden Attributes

后端 未结
关注
2 1914
梦如初夏
梦如初夏 2021-02-12 18:35

I have a standard RESTful controller that uses strong parameters.

class UsersController < ApplicationController
  respond_to :html, :js

  def index
    @user
相关标签:
2条回答
  • 陌清茗
    2021-02-12 19:15 
    before_filter do
  params[:user] = safe_params
end
load_and_authorize_resource
    0 讨论(0)
  • 终归单人心
    2021-02-12 19:18

    I believe this is because CanCan will use its own getter method for the requested resource if you don't pre-load it with a before_filter. So you could add this to the controller and it should work:

    class UsersController < ApplicationController
  before_filter :new_user, :only => [:new, :create]

  load_and_authorize_resource

  def new_user
    @user = User.new(safe_params)
  end
end

    (And then do the same for the edit/update actions.)

    0 讨论(0)
 看不清?
提交回复
热议问题