Forum: Ruby on Rails cancan breaks scoped mass assignment

969047aea93d01a9cc636e9867f4ec0f?d=identicon&s=25 Serafino Picozzi (serpico)
on 2012-03-30 20:19
Hi all,

I just installed cancan on a new project and found out that it creates
some problems with the new scoped mass assignment features of rails 3.2
.

Basically, in my User model I create some attr_accessible attributes in
order to avoid users to edit their roles or other sensitive information.
From the administration I allow admins to edit those protected
attributes by passing :without_protection => true on creation and update
of new users.

This works just fine, but adding cancan load_and_authorize_resource to
my controller triggers a "Can't mass-assign protected attributes:
...stuff..." . This happens also when using something like
User.new(params[:user], :role => :admin)

I really can't figure out how to solve this, so any help would be very
appreciated!

Thanks in advance.
Fcb2341a28711bda6c389fa6096900ab?d=identicon&s=25 Joshua Martin (josmar52789)
on 2013-01-29 18:00
(Received via mailing list)
I'm having that issue as well; I just told it to authorize_resource and
left off the load_resource.. But somehow I don't think that's actually a
fix, or even a secure way of handling things..

Almost a year since you posted this.. Did you figure it out? I wonder if
this is a bug in CanCan
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.