class ProgramsController < ApplicationController
load_and_authorize_resource
def index; end
def new; end
def create
if @program.save
redirect_to programs_path, notice: 'Program created successfully'
else
render :new
end
end
def destroy; end
private
def program_params
params.require(:program).permit(
:name,
:program_type,
:size,
:date_start,
:date_renewal,
:date_due,
:duration,
:supplier_max_limit,
:kibor_rate,
:bank_spread,
:status,
:creator_id
)
end
end
In in the above code I understand the on new and index, the @program will populate automatically by cancancan.. But in case of create method, the program_params is automatically called.. I didn't call the program_params anywhere in my code and if I change the name of the program_params method to something else, it is not called.. does cancancan is dealing with this ? please give me some explanation on this. Thankyou
cancancan docs clearly state that this is expected behavior for load_and_authorize_resource
For the :create action, CanCanCan will try to initialize a new instance with sanitized input by seeing if your controller will respond to the following methods (in order):
create_params
<model_name>_params such as article_params (this is the default convention in Rails for naming your param method)
resource_params (a generic named method you could specify in each controller)