I'm having that issue as well; I just told it to authorize_resource and left off the load_resource.. But somehow I don't think that's actually a fix, or even a secure way of handling things..
Almost a year since you posted this.. Did you figure it out? I wonder if this is a bug in CanCan On Friday, March 30, 2012 2:19:06 PM UTC-4, Ruby-Forum.com User wrote: > > Hi all, > > I just installed cancan on a new project and found out that it creates > some problems with the new scoped mass assignment features of rails 3.2 > . > > Basically, in my User model I create some attr_accessible attributes in > order to avoid users to edit their roles or other sensitive information. > From the administration I allow admins to edit those protected > attributes by passing :without_protection => true on creation and update > of new users. > > This works just fine, but adding cancan load_and_authorize_resource to > my controller triggers a "Can't mass-assign protected attributes: > ...stuff..." . This happens also when using something like > User.new(params[:user], :role => :admin) > > I really can't figure out how to solve this, so any help would be very > appreciated! > > Thanks in advance. > > -- > Posted via http://www.ruby-forum.com/. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/_7Z-m63QUJ8J. For more options, visit https://groups.google.com/groups/opt_out.
