the8472
commented
11 years ago I think there's a method .readonly(false) which you can insert into the chain after the accessible_by
Open vanboom opened 12 years ago
the8472
commented
11 years ago I think there's a method .readonly(false) which you can insert into the chain after the accessible_by
VorontsovIE
commented
11 years ago I faced to similar issue (and also there is similar issue https://github.com/ryanb/cancan/issues/357).
In my case when ActiveRecord uses joins for nested hashes - it marks object as readonly. The easy workaround is to patch CanCan::ModelAdapters::ActiveRecordAdapter#database_records with readonly(false)
I prepared a commit but actually I'm not sure if it's correct to mark joined records as not-readonly. Can anyone explain why it's bad to change records which have additional columns?
xhoy
commented
10 years ago Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.
CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.
If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.
We hope to see you on the other side!
ability.rb: can :manage, Customer, :team=>{:id=>user.team_ids}
controller / update method: @customers = Customer.accessible_by(current_ability).find(params[:id])
result: ActiveRecord::ReadOnlyRecord
I am trying to protect access in the update method so users cannot post updates to a Customer that does not have the same "team" tag.
Is there a way to inhibit the read-only effect caused by the join?
thanks!