小编Tig*_*ers的帖子

CanCan load_and_authorize_resource触发禁止的属性

我有一个使用强参数的标准RESTful控制器.

class UsersController < ApplicationController
  respond_to :html, :js

  def index
    @users = User.all
  end

  def show
    @user = User.find(params[:id])
  end

  def new
    @user = User.new
  end

  def edit
    @user = User.find(params[:id])
  end

  def create
    @user = User.new(safe_params)

    if @user.save
      redirect_to @user, notice: t('users.controller.create.success')
    else
      render :new
    end
  end

  def update
    @user = User.find(params[:id])

    if @user.update_attributes(safe_params)
      redirect_to @user, notice: t('users.controller.update.success')
    else
      render :edit
    end
  end

  def destroy
    @user = User.find(params[:id])

    if current_user != @user
      @user.destroy
    else
      flash[:error] = t('users.controller.destroy.prevent_self_destroy')
    end
    redirect_to …

Run Code Online (Sandbox Code Playgroud)

ruby ruby-on-rails cancan rspec2 strong-parameters

Tig*_*ers

lucky-day

18
推荐指数

2
解决办法

5607
查看次数