Hello Rails World,
does anybody know a good solution for Strong Parameters in a Rails app
authorized by Cancan (or a similar authorization gem)?
def user_params
if current_user.admin?
params.require(:user).permit!
else
params.require(:user).permit(:password, :password_confirmation)
end
end
Now I want to do this the “Cancan way”. My first idea looks strange to
me:
def user_params
if can? :edit_all_attributes, User
params.require(:user).permit!
elsif can? :edit_password, User
params.require(:user).permit(:password, :password_confirmation)
end
end
How would you realize the attribute level in Cancan?
:edit_all_attributes
and :edit_password scales very badly if more user roles and optional
attributes are involved. It would be nice if allowed attributes are
defined
in Cancan’s Ability class and used automatically to determine strong
parameters.
Do you Cancan plugins or replacements that allow a more satisfying
attribute level authorization and/or strong parameters integration?
On Mar 25, 2014, at 6:00 PM, Sebastian Gaul wrote:
end
How would you realize the attribute level in Cancan? :edit_all_attributes and
:edit_password scales very badly if more user roles and optional attributes are
involved. It would be nice if allowed attributes are defined in Cancan’s Ability
class and used automatically to determine strong parameters.
Do you Cancan plugins or replacements that allow a more satisfying attribute
level authorization and/or strong parameters integration?
Have you seen the cancancan Gem yet? That was mentioned here yesterday
– it’s a community-driven revitalization of CanCan, since Ryan has been
on hiatus.
Walter
I can verify that cancancan does this, and it does it out of the box if
you
use the convention of naming your Strong Params method
#{model_name.underscore}_params
Thanks for your answers. I already know cancancan, but it doesn’t solve
my
issue. I’m looking for a way to use cancan to determine my strong
parameters (see my examples), not cancan to use strong parameters.
Am Dienstag, 25. März 2014 23:00:29 UTC+1 schrieb Sebastian Gaul:
What you’re looking for is this: