Getting Cancan's load_and_authorize_resource working within a custom create action
Trying to set up Cancan within an app of mine and having trouble with my PostsController.
In a nutshell, when a Post is created I'd like it associated with the current_user so my create action looks something like this:
class PostsController < ApplicationController
before_filter :login_required, :except => [:index, :show]
load_and_authorize_resource
...
def create
# @post = Post.new(params[:post]) # <-- covered by load_and_authorize_resource
@user = current_user
@post = @user.posts.create(params[:post])
respond_to do |format|
...
end
...
end
I'm not exactly sure what load_and_authorize_resource is intended to do (other than the obvious). But what about in a situation like this? Do I need to override the load_and_authorize_resource for the create action somehow? or is there another (read: better) way to go about loading the @user and THEN creating the @post?
Answer
I think the best solution, since this is a unique problem, for you to alter load_and_authorize_resource line to this:
load_and_authorize_resource :except => [:create]
And the action to this:
def create
authorize! :create, Post
current_user.posts.create(params[:post])
end