CanCan load_and_authorize_resource triggers Forbidden Attributes

后端 未结 2 1927
梦如初夏
梦如初夏 2021-02-12 18:35

I have a standard RESTful controller that uses strong parameters.

class UsersController < ApplicationController
  respond_to :html, :js

  def index
    @user         


        
相关标签:
2条回答
  • 2021-02-12 19:15
    before_filter do
      params[:user] = safe_params
    end
    load_and_authorize_resource
    
    0 讨论(0)
  • 2021-02-12 19:18

    I believe this is because CanCan will use its own getter method for the requested resource if you don't pre-load it with a before_filter. So you could add this to the controller and it should work:

    class UsersController < ApplicationController
      before_filter :new_user, :only => [:new, :create]
    
      load_and_authorize_resource
    
      def new_user
        @user = User.new(safe_params)
      end
    end
    

    (And then do the same for the edit/update actions.)

    0 讨论(0)
提交回复
热议问题