RailsCasts Pro episodes are now free!

Learn more or hide this

Andy Koch's Profile

GitHub User: ak47

Comments by Andy Koch


has anyone come across conflict with object based authorization and strong-parameters?

I use declarative-auth, I believe cancan also does this, where they will load the object before getting to the :create action. The problem is, I get the ActiveModel::ForbiddenAttributes when submitting to create - since the auth layer is doing the SomeObject.new call without the "permitted_params.some_object".

I suppose monkey-patching the gem is best idea.