Please read for an updated status on RailsCasts:
Learn more or hide this
GitHub User: ak47
has anyone come across conflict with object based authorization and strong-parameters?
I use declarative-auth, I believe cancan also does this, where they will load the object before getting to the :create action. The problem is, I get the ActiveModel::ForbiddenAttributes when submitting to create - since the auth layer is doing the SomeObject.new call without the "permitted_params.some_object".
I suppose monkey-patching the gem is best idea.