I''m having that issue as well; I just told it to authorize_resource and
left off the load_resource.. But somehow I don''t think that''s
actually a
fix, or even a secure way of handling things..
Almost a year since you posted this.. Did you figure it out? I wonder if
this is a bug in CanCan
On Friday, March 30, 2012 2:19:06 PM UTC-4, Ruby-Forum.com User
wrote:>
> Hi all,
>
> I just installed cancan on a new project and found out that it creates
> some problems with the new scoped mass assignment features of rails 3.2
> .
>
> Basically, in my User model I create some attr_accessible attributes in
> order to avoid users to edit their roles or other sensitive information.
> From the administration I allow admins to edit those protected
> attributes by passing :without_protection => true on creation and update
> of new users.
>
> This works just fine, but adding cancan load_and_authorize_resource to
> my controller triggers a "Can''t mass-assign protected
attributes:
> ...stuff..." . This happens also when using something like
> User.new(params[:user], :role => :admin)
>
> I really can''t figure out how to solve this, so any help would be
very
> appreciated!
>
> Thanks in advance.
>
> --
> Posted via http://www.ruby-forum.com/.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/_7Z-m63QUJ8J.
For more options, visit https://groups.google.com/groups/opt_out.