You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, I have a nested controller in a project I'm converting to rails 4.2. using the head master. I have a before_filter configured to load up the model for the create action.. However.. due to the ordering of the before filters, that gets run AFTER the permissions are being checked.
filter_resource_access:nested_in=>:commentablebefore_filter:new_comment_from_params,:only=>:create```rubyAnd I can't put it before, as it relies on Decl auth running the load_parent_controller_object / load_commentable```rubydefload_commentable@commentable=find_polymorphicenddefnew_comment_from_params@comment=@commentable.comments.build(comment_params).merge(author: current_user)end
This creates a lovely catch-22 problem in the code. IMHO in the "Strong parameters" case decl auth should handle the :create before filter and either.
only check for new_{model}_from_params OR have a default implementation that expects {model}_params to handle the strong parameters logic.
The text was updated successfully, but these errors were encountered:
So, I have a nested controller in a project I'm converting to rails 4.2. using the head master. I have a before_filter configured to load up the model for the create action.. However.. due to the ordering of the before filters, that gets run AFTER the permissions are being checked.
This creates a lovely catch-22 problem in the code. IMHO in the "Strong parameters" case decl auth should handle the :create before filter and either.
only check for new_{model}_from_params OR have a default implementation that expects {model}_params to handle the strong parameters logic.
The text was updated successfully, but these errors were encountered: