From 4fe790bf4f03d85366c3a11d5bc45f5be4fdc2dd Mon Sep 17 00:00:00 2001
From: Brett Lischalk <brett@brettlischalk.com>
Date: Sun, 28 Jul 2013 11:00:36 -0500
Subject: [PATCH 1/2] Added lookup for :attributes key in arguments passed to
 load_and_authorize_resource looking for a params sanitation method name.  The
 params sanitation method defined in the client apps controller is then used
 to get the params when loading the resource.

---
 lib/cancan/controller_resource.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb
index 702fbcfb..9ceb4a34 100644
--- a/lib/cancan/controller_resource.rb
+++ b/lib/cancan/controller_resource.rb
@@ -12,6 +12,7 @@ def self.add_before_filter(controller_class, method, *args)
     end
 
     def initialize(controller, *args)
+      @params_method = args.last[:attributes] if args.last.respond_to?(:[])
       @controller = controller
       @params = controller.params
       @options = args.extract_options!
@@ -223,7 +224,13 @@ def resource_params
     end
 
     def resource_params_by_namespaced_name
-      @params[extract_key(namespaced_name)]
+      if @params_method
+        begin
+          @controller.send(@params_method.to_sym)
+        rescue
+          nil
+        end
+      end
     end
 
     def namespace

From ae93410ecbb75bb662491841dee82a52a1eba476 Mon Sep 17 00:00:00 2001
From: Brett Lischalk <brett@brettlischalk.com>
Date: Sun, 28 Jul 2013 11:48:37 -0500
Subject: [PATCH 2/2] Fallback to legacy behavior if no attributes method
 specified.  Added spec for new attributes method functionality.

---
 lib/cancan/controller_resource.rb       |  2 ++
 spec/cancan/controller_resource_spec.rb | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb
index 9ceb4a34..97947252 100644
--- a/lib/cancan/controller_resource.rb
+++ b/lib/cancan/controller_resource.rb
@@ -230,6 +230,8 @@ def resource_params_by_namespaced_name
         rescue
           nil
         end
+      else
+        @params[extract_key(namespaced_name)]
       end
     end
 
diff --git a/spec/cancan/controller_resource_spec.rb b/spec/cancan/controller_resource_spec.rb
index 03f16bfb..fddd70fd 100644
--- a/spec/cancan/controller_resource_spec.rb
+++ b/spec/cancan/controller_resource_spec.rb
@@ -488,4 +488,14 @@ class Section
     lambda { resource.load_and_authorize_resource }.should_not raise_error
     @controller.instance_variable_get(:@project).should be_nil
   end
+
+  context "given load_and_authorize_resource has an attributes method name" do
+    it "should use attributes method to acquire resource params" do
+      @params.merge!(:controller => "project", :action => "create")
+      sanitized = {:first => 1, :second => 2}
+      stub(@controller).attributes_method {sanitized}
+      resource = CanCan::ControllerResource.new(@controller, {:attributes => :attributes_method})
+      resource.send("resource_params_by_namespaced_name").should eq(sanitized)
+    end
+  end
 end