Module: CanCan::Ability::StrongParameterSupport

Included in:
CanCan::Ability
Defined in:
lib/cancan/ability/strong_parameter_support.rb

Instance Method Summary collapse

Instance Method Details

#permitted_attributes(action, subject) ⇒ Object

Returns an array of attributes suitable for use with strong parameters

Note: reversing the relevant rules is important. Normal order means that ‘cannot’ rules will come before ‘can’ rules. However, you can’t remove attributes before they are added. The ‘reverse’ is so that attributes will be added before the ‘cannot’ rules remove them.



12
13
14
15
16
17
18
19
20
21
# File 'lib/cancan/ability/strong_parameter_support.rb', line 12

def permitted_attributes(action, subject)
  relevant_rules(action, subject)
    .reverse
    .select { |rule| rule.matches_conditions? action, subject }
    .each_with_object(Set.new) do |rule, set|
    attributes = get_attributes(rule, subject)
    # add attributes for 'can', remove them for 'cannot'
    rule.base_behavior ? set.merge(attributes) : set.subtract(attributes)
  end.to_a
end