NickName:Dean Gergorić Ask DateTime:2015-03-27T23:35:36

Can can with devise, admin and user

I use cancan and devise, I can update delete and show but I can't create profile. why I can't create new profile ("ActiveModel::ForbiddenAttributesError")

class Ability
  include CanCan::Ability

  def initialize(user)
    if user.is_a?(Admin)
      can :manage, :all
    elsif user.is_a?(User)

        can :read, Profile do |profile|
        profile.try(:user) == user
        end
        can :update, Profile do |profile|
        profile.try(:user) == user
        end
        can :destroy, Profile do |profile|
        profile.try(:user) == user
        end
        can :create, Profile do |profile|
        profile.try(:user) == user 
    else
      can :read, :all
    end
  end
end

Copyright Notice：Content Author:「Dean Gergorić」，Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article：https://stackoverflow.com/questions/29304528/can-can-with-devise-admin-and-user

Answers

Dean Gergorić 2015-03-27T15:56:11

class ProfilesController < ApplicationController\n before_action :set_profile, only: [:show, :edit, :update, :destroy]\n load_and_authorize_resource\n\n\n # GET /profiles\n # GET /profiles.json\n def index\n user = User.find(params[:user_id])\n @profiles = user.profiles\n\n respond_to do |format|\n format.html\n format.xml {render :xml => @profiles}\n end\n end\n\n # GET /profiles/1\n # GET /profiles/1.json\n def show\n user = User.find(params[:user_id])\n @profiles = user.profiles.find(params[:id])\n\n respond_to do |format|\n format.html\n format.xml {render :xml => @profile}\n end\n end\n\n # GET /profiles/new\n def new\n user = User.find(params[:user_id])\n @profile = user.profiles.build\n\n respond_to do |format|\n format.html\n format.xml {render :xml => @profile}\n end\n end\n\n # GET /profiles/1/edit\n def edit\n user = User.find(params[:user_id])\n @profiles = user.profiles.find(params[:id])\n end\n\n # POST /profiles\n # POST /profiles.json\n def create\n user = User.find(params[:user_id])\n @profile = user.profiles.create(profile_params)\n\n respond_to do |format|\n if @profile.save\n format.html { redirect_to user_profiles_url, notice: 'Profile was successfully created.' }\n format.json { render action: 'show', status: :created, location: @profile }\n else\n format.html { render action: 'new' }\n format.json { render json: @profile.errors, status: :unprocessable_entity }\n end\n end\n end\n\n # PATCH/PUT /profiles/1\n # PATCH/PUT /profiles/1.json\n def update\n user = User.find(params[:user_id])\n @profiles = user.profiles.find(params[:id])\n\n respond_to do |format|\n if @profile.update(profile_params)\n format.html { redirect_to user_profile_url, notice: 'Profile was successfully updated.' }\n format.json { head :no_content }\n else\n format.html { render action: 'edit' }\n format.json { render json: @profile.errors, status: :unprocessable_entity }\n end\n end\n end\n\n # DELETE /profiles/1\n # DELETE /profiles/1.json\n def destroy\n user = User.find(params[:user_id])\n @profiles = user.profiles.find(params[:id])\n\n @profile.destroy\n respond_to do |format|\n format.html { redirect_to job_hunters_path }\n format.json { head :no_content }\n end\n end\n\n private\n # Use callbacks to share common setup or constraints between actions.\n def set_profile\n @profile = Profile.find(params[:id])\n end\n\n # Never trust parameters from the scary internet, only allow the white list through.\n def profile_params\n params.require(:profile).permit(:full_name, :phone_number, :email, :position, :years_of_experiance, :cover_letter, :resume, :reference)\n end\nend\n",