Trying to set up Cancan within an app of mine and having trouble with my PostsController.
In a nutshell, when a Post is created I'd like it associated with the current_user so my create action looks something like this:
class PostsController < ApplicationController
before_filter :login_required, :except => [:index, :show]
load_and_authorize_resource
...
def create
# @post = Post.new(params[:post]) # <-- covered by load_and_authorize_resource
@user = current_user
@post = @user.posts.create(params[:post])
respond_to do |format|
...
end
...
end
I'm not exactly sure what load_and_authorize_resource is intended to do (other than the obvious). But what about in a situation like this? Do I need to override the load_and_authorize_resource for the create action somehow? or is there another (read: better) way to go about loading the @user and THEN creating the @post?
A simpler solution to your problem would be to use a nested-resource, rather than creating a custom action
Directly taken from the CanCan Wiki:
As of 1.4, it's also possible to nest through a method, this is commonly the current_user method.
class ProjectsController < ApplicationController load_and_authorize_resource :through => :current_user endHere everything will be loaded through the current_user.projects association.
This should be safer as well, as loading of a post will be done through the association for other actions in your controller