Rails - Mar 2014 - Looking for some glue between Strong Parameters and CanCan

Hello Rails World,

does anybody know a good solution for Strong Parameters in a Rails app 
authorized by Cancan (or a similar authorization gem)?

def user_params
  if current_user.admin?
    params.require(:user).permit!
  else
    params.require(:user).permit(:password, :password_confirmation)
  end
end

Now I want to do this the "Cancan way". My first idea looks strange to
me:

def user_params
  if can? :edit_all_attributes, User
    params.require(:user).permit!
  elsif can? :edit_password, User
    params.require(:user).permit(:password, :password_confirmation)
  end
end

How would you realize the attribute level in Cancan? :edit_all_attributes 
and :edit_password scales very badly if more user roles and optional 
attributes are involved. It would be nice if allowed attributes are defined 
in Cancan's Ability class and used automatically to determine strong 
parameters.

Do you Cancan plugins or replacements that allow a more satisfying 
attribute level authorization and/or strong parameters integration?

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/19e15962-a629-49c9-b3cc-41b2a2264741%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.