GitHub User: ak47
-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
watch on iTunes
follow on Twitter
follow on Facebook
subscribe to RSS feed
has anyone come across conflict with object based authorization and strong-parameters?
I use declarative-auth, I believe cancan also does this, where they will load the object before getting to the :create action. The problem is, I get the ActiveModel::ForbiddenAttributes when submitting to create - since the auth layer is doing the SomeObject.new call without the "permitted_params.some_object".
I suppose monkey-patching the gem is best idea.