Looking for some glue between Strong Parameters and CanCan

55 views
Skip to first unread message

Sebastian Gaul

unread,
Mar 25, 2014, 6:00:29 PM3/25/14
to rubyonra...@googlegroups.com
Hello Rails World,

does anybody know a good solution for Strong Parameters in a Rails app authorized by Cancan (or a similar authorization gem)?

def user_params
  if current_user.admin?
    params.require(:user).permit!
  else
    params.require(:user).permit(:password, :password_confirmation)
  end
end

Now I want to do this the "Cancan way". My first idea looks strange to me:

def user_params
  if can? :edit_all_attributes, User
    params.require(:user).permit!
  elsif can? :edit_password, User
    params.require(:user).permit(:password, :password_confirmation)
  end
end

How would you realize the attribute level in Cancan? :edit_all_attributes and :edit_password scales very badly if more user roles and optional attributes are involved. It would be nice if allowed attributes are defined in Cancan's Ability class and used automatically to determine strong parameters.

Do you Cancan plugins or replacements that allow a more satisfying attribute level authorization and/or strong parameters integration?

Walter Lee Davis

unread,
Mar 26, 2014, 8:04:02 AM3/26/14
to rubyonra...@googlegroups.com
Have you seen the cancancan Gem yet? That was mentioned here yesterday -- it's a community-driven revitalization of CanCan, since Ryan has been on hiatus.

Walter

>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/19e15962-a629-49c9-b3cc-41b2a2264741%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Josh Jordan

unread,
Mar 26, 2014, 10:51:59 AM3/26/14
to rubyonra...@googlegroups.com
I can verify that cancancan does this, and it does it out of the box if you use the convention of naming your Strong Params method #{model_name.underscore}_params

Sebastian Gaul

unread,
Mar 27, 2014, 3:55:01 AM3/27/14
to rubyonra...@googlegroups.com
Thanks for your answers. I already know cancancan, but it doesn't solve my issue. I'm looking for a way to use cancan to determine my strong parameters (see my examples), not cancan to use strong parameters.

Dheeraj Kumar

unread,
Mar 27, 2014, 3:57:28 AM3/27/14
to rubyonra...@googlegroups.com
What you're looking for is this: https://github.com/permitters/permitters


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/99f5c61b-f3c8-4910-b968-b5a75cc51742%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages