inossidabile / protector

Comfortable (seriously) white-list security restrictions for models on a field level

MIT License

270 stars 31 forks source link

CanCan :through creates not protected instances #31

Closed AlexanderPavlenko closed 11 years ago

AlexanderPavlenko commented 11 years ago

(rdb:1) @article.article_comments.protector_subject?
true
(rdb:1) @article.article_comments.new.protector_subject?
false

AlexanderPavlenko commented 11 years ago

(rdb:1) resource_base.protector_subject? true (rdb:1) resource_base.new(resource_params) *\ ActiveModel::ForbiddenAttributesError Exception: ActiveModel::ForbiddenAttributesError (rdb:1) resource_base.new_with_protector(resource_params)

<ArticleComment ...ok... >

:scream: