Bug: load_and_authorize_resource

[ghost]

Did something changed with method "load_and_authorize_resource" lately?

I'm getting "ActiveModel::ForbiddenAttributesError" when using load_and_authorize_resource, however authorize! :action, object works just fine and so does the code without cancan.

[ghost]

I've following installed
cancan 1.6.10
rails 4.1.1
devise 3.2.4
warden 1.2.3

MODEL ABILITY
class Ability
include CanCan::Ability

def initialize(user)
user ||= User.new

alias_action :create, :read, :update, :destroy, to: :crud

if user.has_role? :administrator
  can :crud, :all
end

end
end

MODEL ROLE
class Role < ActiveRecord::Base

Validate attributes

validates :name, presence: true
end

CONTROLLER
class RolesController < ApplicationController

load_and_authorize_resource

Expose instance variables to view. Read more: https://github.com/voxdolo/decent_exposure/wiki

expose(:role, attributes: :role_params)

def create
authorize! :create, role

if role.save
  redirect_to roles_path
else
  flash[:alert] = 'Role has not been created.'
  redirect_to new_role_path
end

end

private

def role_params
params.require(:role).permit(:name)
end
end

FULL TRACE
ActiveModel::ForbiddenAttributesError

Rails.root: /Users/Dan/projects/fitbird

Application Trace | Framework Trace | Full Trace
activemodel (4.1.1) lib/active_model/forbidden_attributes_protection.rb:21:in sanitize_for_mass_assignment' activerecord (4.1.1) lib/active_record/attribute_assignment.rb:24:inassign_attributes'
activerecord (4.1.1) lib/active_record/core.rb:452:in init_attributes' activerecord (4.1.1) lib/active_record/core.rb:198:ininitialize'
activerecord (4.1.1) lib/active_record/inheritance.rb:30:in new' activerecord (4.1.1) lib/active_record/inheritance.rb:30:innew'
cancan (1.6.10) lib/cancan/controller_resource.rb:85:in build_resource' cancan (1.6.10) lib/cancan/controller_resource.rb:66:inload_resource_instance'
cancan (1.6.10) lib/cancan/controller_resource.rb:32:in load_resource' cancan (1.6.10) lib/cancan/controller_resource.rb:25:inload_and_authorize_resource'
cancan (1.6.10) lib/cancan/controller_resource.rb:10:in block in add_before_filter' activesupport (4.1.1) lib/active_support/callbacks.rb:440:ininstance_exec'
activesupport (4.1.1) lib/active_support/callbacks.rb:440:in block in make_lambda' activesupport (4.1.1) lib/active_support/callbacks.rb:160:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:160:in block in halting' activesupport (4.1.1) lib/active_support/callbacks.rb:229:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:229:in block in halting' activesupport (4.1.1) lib/active_support/callbacks.rb:229:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:229:in block in halting' activesupport (4.1.1) lib/active_support/callbacks.rb:166:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in block in halting' activesupport (4.1.1) lib/active_support/callbacks.rb:166:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in block in halting' activesupport (4.1.1) lib/active_support/callbacks.rb:166:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in block in halting' activesupport (4.1.1) lib/active_support/callbacks.rb:86:incall'
activesupport (4.1.1) lib/active_support/callbacks.rb:86:in run_callbacks' actionpack (4.1.1) lib/abstract_controller/callbacks.rb:19:inprocess_action'
actionpack (4.1.1) lib/action_controller/metal/rescue.rb:29:in process_action' actionpack (4.1.1) lib/action_controller/metal/instrumentation.rb:31:inblock in process_action'
activesupport (4.1.1) lib/active_support/notifications.rb:159:in block in instrument' activesupport (4.1.1) lib/active_support/notifications/instrumenter.rb:20:ininstrument'
activesupport (4.1.1) lib/active_support/notifications.rb:159:in instrument' actionpack (4.1.1) lib/action_controller/metal/instrumentation.rb:30:inprocess_action'
actionpack (4.1.1) lib/action_controller/metal/params_wrapper.rb:250:in process_action' activerecord (4.1.1) lib/active_record/railties/controller_runtime.rb:18:inprocess_action'
actionpack (4.1.1) lib/abstract_controller/base.rb:136:in process' actionview (4.1.1) lib/action_view/rendering.rb:30:inprocess'
actionpack (4.1.1) lib/action_controller/metal.rb:195:in dispatch' actionpack (4.1.1) lib/action_controller/metal/rack_delegation.rb:13:indispatch'
actionpack (4.1.1) lib/action_controller/metal.rb:231:in block in action' actionpack (4.1.1) lib/action_dispatch/routing/route_set.rb:80:incall'
actionpack (4.1.1) lib/action_dispatch/routing/route_set.rb:80:in dispatch' actionpack (4.1.1) lib/action_dispatch/routing/route_set.rb:48:incall'
actionpack (4.1.1) lib/action_dispatch/journey/router.rb:71:in block in call' actionpack (4.1.1) lib/action_dispatch/journey/router.rb:59:ineach'
actionpack (4.1.1) lib/action_dispatch/journey/router.rb:59:in call' actionpack (4.1.1) lib/action_dispatch/routing/route_set.rb:676:incall'
bullet (4.9.0) lib/bullet/rack.rb:10:in call' meta_request (0.3.0) lib/meta_request/middlewares/app_request_handler.rb:13:incall'
rack-contrib (1.1.0) lib/rack/contrib/response_headers.rb:17:in call' meta_request (0.3.0) lib/meta_request/middlewares/headers.rb:16:incall'
meta_request (0.3.0) lib/meta_request/middlewares/meta_request_handler.rb:13:in call' warden (1.2.3) lib/warden/manager.rb:35:inblock in call'
warden (1.2.3) lib/warden/manager.rb:34:in catch' warden (1.2.3) lib/warden/manager.rb:34:incall'
rack (1.5.2) lib/rack/etag.rb:23:in call' rack (1.5.2) lib/rack/conditionalget.rb:35:incall'
rack (1.5.2) lib/rack/head.rb:11:in call' actionpack (4.1.1) lib/action_dispatch/middleware/params_parser.rb:27:incall'
actionpack (4.1.1) lib/action_dispatch/middleware/flash.rb:254:in call' rack (1.5.2) lib/rack/session/abstract/id.rb:225:incontext'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in call' actionpack (4.1.1) lib/action_dispatch/middleware/cookies.rb:560:incall'
activerecord (4.1.1) lib/active_record/query_cache.rb:36:in call' activerecord (4.1.1) lib/active_record/connection_adapters/abstract/connection_pool.rb:621:incall'
activerecord (4.1.1) lib/active_record/migration.rb:380:in call' actionpack (4.1.1) lib/action_dispatch/middleware/callbacks.rb:29:inblock in call'
activesupport (4.1.1) lib/active_support/callbacks.rb:82:in run_callbacks' actionpack (4.1.1) lib/action_dispatch/middleware/callbacks.rb:27:incall'
actionpack (4.1.1) lib/action_dispatch/middleware/reloader.rb:73:in call' actionpack (4.1.1) lib/action_dispatch/middleware/remote_ip.rb:76:incall'
actionpack (4.1.1) lib/action_dispatch/middleware/debug_exceptions.rb:17:in call' actionpack (4.1.1) lib/action_dispatch/middleware/show_exceptions.rb:30:incall'
railties (4.1.1) lib/rails/rack/logger.rb:38:in call_app' railties (4.1.1) lib/rails/rack/logger.rb:20:inblock in call'
activesupport (4.1.1) lib/active_support/tagged_logging.rb:68:in block in tagged' activesupport (4.1.1) lib/active_support/tagged_logging.rb:26:intagged'
activesupport (4.1.1) lib/active_support/tagged_logging.rb:68:in tagged' railties (4.1.1) lib/rails/rack/logger.rb:20:incall'
actionpack (4.1.1) lib/action_dispatch/middleware/request_id.rb:21:in call' rack (1.5.2) lib/rack/methodoverride.rb:21:incall'
rack (1.5.2) lib/rack/runtime.rb:17:in call' activesupport (4.1.1) lib/active_support/cache/strategy/local_cache_middleware.rb:26:incall'
rack (1.5.2) lib/rack/lock.rb:17:in call' actionpack (4.1.1) lib/action_dispatch/middleware/static.rb:64:incall'
rack (1.5.2) lib/rack/sendfile.rb:112:in call' railties (4.1.1) lib/rails/engine.rb:514:incall'
railties (4.1.1) lib/rails/application.rb:144:in call' rack (1.5.2) lib/rack/lock.rb:17:incall'
rack (1.5.2) lib/rack/content_length.rb:14:in call' rack (1.5.2) lib/rack/handler/webrick.rb:60:inservice'
/Users/Dan/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/webrick/httpserver.rb:138:in service' /Users/Dan/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/webrick/httpserver.rb:94:inrun'
/Users/Dan/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/webrick/server.rb:295:in `block in start_thread'
Request

Parameters:

{"utf8"=>"✓",
"authenticity_token"=>"ybfjI2D0z87c/3Xp9jciUP7aBCstDihIPqYVFN68xek=",
"role"=>{"name"=>"TEST"},
"commit"=>"Save"}

[felipelc]

@UrbanViking take a look at this issue: #835 The @AntonTrapp solution worked for me.

[ghost]

Thank you, but I used authorize on actions. Once the bug has been fixed,
I'll update.

Rgds, Dan

On Thu, Jun 19, 2014 at 4:33 PM, felipelc [email protected] wrote:

@UrbanViking https://github.com/Urbanviking take a look at this issue:
#835 #835 The @AntonTrapp
https://github.com/AntonTrapp solution worked for me.

—
Reply to this email directly or view it on GitHub
#1008 (comment).

[xhoy]

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!