docs/accessible_attributes.md
# Accessible attributes
CanCanCan gives you the possibility to define actions on single instances' attributes.
Given you want users to only read a user first name and last name you can define:
```ruby
can :read, User, [:first_name, :last_name]
```
and check it with:
```ruby
can? :read, @user, :first_name
```
You can also ask for all the allowed attributes:
```ruby
current_ability.permitted_attributes(:read, @user)
#=> [:first_name, :last_name]
```
This can be used, for example, to display a form:
```ruby
current_ability.permitted_attributes(:read, @book).each do |attr|
= form.input attr
```
or in Strong Parameters:
```ruby
params
.require(:book)
.permit(current_ability.permitted_attributes(:read, @book))
```