-
Notifications
You must be signed in to change notification settings - Fork 783
Support rails 4 protected attributes #958
base: master
Are you sure you want to change the base?
Conversation
So to double check what I'm reading, we would pass in an :attributes option (to, say, load_and_authorize_resource) and it would use that named method as the strong parameters validator? |
Yes, I probably should have explained my intent in the original comments. In the initializer, if the option :attributes exists it will be used as the name of the method that sanitizes the params. If the :attributes option does not exist the initializer will guess the name of the sanitizer method. The default pattern for the sanitize method name is "#{model_name}_options", but it is not required to be that name. Later in the resource_params_by_namespaced_name method if the sanitize method name exists the controller is checked to see if it has the method. Technically the method name should exist and only the responds to check is needed, but I thought it was safer to double check the existance of the method name. If the controller responds to the method then it is used, if the controller doesn't respond to the method the original behavior is used. This code is a variation of the code done by my coworker, blischalk, in pull request #911 and a pull request made by theodorton to Brett's repository. |
Well I'm not involved with the CanCan project, but I tried your branch out locally and noticed a few issues. Firstly I had problems because I keep my *_params methods private (like this example). I'm not sure what the repercussions are for these being public, but even if it's benign there would need to be documentation highlighting this. Once I'd moved this, I went to the
I presume this is because there has not actually been any resource "loaded" on this page. That, or I could be doing something completely wrong: more information available on request. I double checked the Gemfile.lock and there's no I hope this helps to refine this branch/pull request: I intend to use it on my "strong parameters migration" branch until it's merged and ready for primetime. |
…or to guessed default
…oes not exist and run legacy method
However despite this it's now working with private methods. My site's rspecs are passing now that I've added the :attributes in with no known side-effects, |
Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994. If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan. We hope to see you on the other side! |
No description provided.