Isue #835 - CanCan ActiveModel::ForbiddenAttributesError with rails 4

lib/cancan/controller_resource.rb

@@ -12,6 +12,7 @@ def self.add_before_filter(controller_class, method, *args)
     end
 
     def initialize(controller, *args)
+      @params_method = args.last[:attributes] if args.last.respond_to?(:[])
       @controller = controller
       @params = controller.params
       @options = args.extract_options!
@@ -223,7 +224,15 @@ def resource_params
     end
 
     def resource_params_by_namespaced_name
-      @params[extract_key(namespaced_name)]
+      if @params_method
+        begin
+          @controller.send(@params_method.to_sym)
+        rescue
+          nil
+        end
+      else
+        @params[extract_key(namespaced_name)]
+      end
     end
 
     def namespace

spec/cancan/controller_resource_spec.rb

@@ -488,4 +488,14 @@ class Section
     lambda { resource.load_and_authorize_resource }.should_not raise_error
     @controller.instance_variable_get(:@project).should be_nil
   end
+
+  context "given load_and_authorize_resource has an attributes method name" do
+    it "should use attributes method to acquire resource params" do
+      @params.merge!(:controller => "project", :action => "create")
+      sanitized = {:first => 1, :second => 2}
+      stub(@controller).attributes_method {sanitized}
+      resource = CanCan::ControllerResource.new(@controller, {:attributes => :attributes_method})
+      resource.send("resource_params_by_namespaced_name").should eq(sanitized)
+    end
+  end
 end