Module: CanCan::Ability::StrongParameterSupport

Included in:: CanCan::Ability

Defined in:: lib/cancan/ability/strong_parameter_support.rb

Instance Method Summary collapse

#permitted_attributes(action, subject) ⇒ Object

Returns an array of attributes suitable for use with strong parameters.

Instance Method Details

#permitted_attributes(action, subject) ⇒ `Object`

Returns an array of attributes suitable for use with strong parameters

Note: reversing the relevant rules is important. Normal order means that ‘cannot’ rules will come before ‘can’ rules. However, you can’t remove attributes before they are added. The ‘reverse’ is so that attributes will be added before the ‘cannot’ rules remove them.

# File 'lib/cancan/ability/strong_parameter_support.rb', line 12

def permitted_attributes(action, subject)
  relevant_rules(action, subject)
    .reverse
    .select { |rule| rule.matches_conditions? action, subject }
    .each_with_object(Set.new) do |rule, set|
    attributes = get_attributes(rule, subject)
    # add attributes for 'can', remove them for 'cannot'
    rule.base_behavior ? set.merge(attributes) : set.subtract(attributes)
  end.to_a
end

Module: CanCan::Ability::StrongParameterSupport

Instance Method Summary collapse

Instance Method Details

#permitted_attributes(action, subject) ⇒ Object

#permitted_attributes(action, subject) ⇒ `Object`