I'm having that issue as well; I just told it to authorize_resource and left off the load_resource.. But somehow I don't think that's actually a fix, or even a secure way of handling things..
On Friday, March 30, 2012 2:19:06 PM UTC-4, Ruby-Forum.com User wrote:
Hi all,I just installed cancan on a new project and found out that it creates
some problems with the new scoped mass assignment features of rails 3.2
.Basically, in my User model I create some attr_accessible attributes in
order to avoid users to edit their roles or other sensitive information.
From the administration I allow admins to edit those protected
attributes by passing :without_protection => true on creation and update
of new users.This works just fine, but adding cancan load_and_authorize_resource to
my controller triggers a "Can't mass-assign protected attributes:
...stuff..." . This happens also when using something like
User.new(params[:user], :role => :admin)I really can't figure out how to solve this, so any help would be very
appreciated!Thanks in advance.
--
Posted via http://www.ruby-forum.com/.
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/_7Z-m63QUJ8J.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment