CanCan::InsufficientAuthorizationCheck, but the record is saved nonetheless

[acesuares]

In ability.rb I have:

    user ||= user.new # guest user

    if user.id == 1 #quick hack
      can :access, :all
    elsif
      can :read, :domains, [:name, :entries], :user_id => user.id
      can [:read, :update], :domains, [:autoapprove, :use_recaptcha], :user_id => user.id
      can :read, :entries, :domain => { :user_id => user.id }
      cannot :read, :entries, :domain
      can :update, :entries, :approved, :domain => { :user_id => user.id }
    end

The error happens in the after_filter at ine 266:

 263          after_filter(options.slice(:only, :except)) do |controller|
   264            break if options[:if] && !controller.send(options[:if])
=> 265            break if options[:unless] && controller.send(options[:unless])
   266            unless controller.current_ability.fully_authorized? controller.params[:action], controller.params[:controller]
   267              raise CanCan::InsufficientAuthorizationCheck, "Authorization check is not sufficient for this action. This is probably because you have conditions or attributes defined in Ability and are not checking for them in the action. One way to solve this is adding load_and_authorize_resource to this controller."
   268            end
   269          end

controller.params[:action], controller.params[:controller] = 'update', 'domains'

In the debuuger I fid this:

(rdb:1) pp controller.current_ability
#<Ability:0xb5f466d0
 @aliases=
  {:subjects=>{},
   :actions=>
    {:read=>[:index, :show],
     :create=>[:new],
     :update=>[:edit],
     :destroy=>[:delete]}},
 @rules=
  [#<CanCan::Rule:0xb5f46630
    @actions=[:read],
    @attributes=[:name, :entries],
    @base_behavior=true,
    @block=nil,
    @conditions={:user_id=>2},
    @expanded_actions=[:read, :index, :show],
    @expanded_subjects=[:domains],
    @match_all=false,
    @subjects=[:domains]>,
   #<CanCan::Rule:0xb5f464a0
    @actions=[:read, :update],
    @attributes=[:autoapprove, :use_recaptcha],
    @base_behavior=true,
    @block=nil,
    @conditions={:user_id=>2},
    @expanded_actions=[:read, :index, :show, :update, :edit],
    @expanded_subjects=[:domains],
    @match_all=false,
    @subjects=[:domains]>,
   #<CanCan::Rule:0xb5f4634c
    @actions=[:read],
    @base_behavior=true,
    @block=nil,
    @conditions={:domain=>{:user_id=>2}},
    @expanded_actions=[:read, :index, :show],
    @expanded_subjects=[:entries],
    @match_all=false,
    @subjects=[:entries]>,
   #<CanCan::Rule:0xb5f46298
    @actions=[:read],
    @attributes=[:domain],
    @base_behavior=false,
    @block=nil,
    @conditions={},
    @expanded_actions=[:read, :index, :show],
    @expanded_subjects=[:entries],
    @match_all=false,
    @subjects=[:entries]>,
   #<CanCan::Rule:0xb5f46108
    @actions=[:update],
    @attributes=[:approved],
    @base_behavior=true,
    @block=nil,
    @conditions={:domain=>{:user_id=>2}},
    @expanded_actions=[:update, :edit],
    @expanded_subjects=[:entries],
    @match_all=false,
    @subjects=[:entries]>]>

What happens is this: I show a form, where I show a domain and try to update the autoapprove checkbox. My update method in the controller looks like this:

# :update updates a specific attribute from an object.
  def update
    @object = @Klass.find(params[:id])
    @attribute = params[:attribute]
    @form_element = params[:form_element]
    @sub_id = params[:sub_id]
    @update_span = params[:update]
    send("#{@form_element.to_s}_update", @object, @attribute)
    @object.save
    respond_to do |format|
    debugger
      format.js { }
    end
  end

So, everything happens up to the rendering. The value is saved to the object nicely. But when the after_filter kicks in, it throws this InsufficientAuthorizationCheck exception.

Any ideas on why?

[acesuares]

I don't get it. I uncommented line #267, just to be able to proceed.

[xhoy]

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still. Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

[acesuares]

Great, @xhoy looking forward to improvements!