Role based authorization with cancan doesn't works Rails 4 - Ruby 2.1

Question

I use cancan (1.6.10) and devise (3.2.2), I have been implementing authorization using this guide as recommended by cancan's author, I need to assign multiple roles to a user then I decided store it into a single integer column using a bitmask (I added a column named "roles_mask" to user model).

I have this files involved:

1. user.rb
2. edit.html.erb

I'm aware that I folowed word by word of this guide except the lines that I wrote for indicate that roles is a accessible attribute:

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  before_filter :configure_permitted_parameters, if: :devise_controller?

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :roles) }
  end
end

When update a user (logged), all fields are updated except :roles_mask =/, I don't understand why roles field is not captured. I think there's something that I don't achieve to see. anyone can help me?

*Solution:

Using cancancan (support for Rails 4) and change application_controller.rb file it works (as roles is a non-scalar attribute).

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  before_filter :configure_permitted_parameters, if: :devise_controller?

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, roles: []) }
  end
end

Answer 1

CanCan does not support Rails 4. You can however use CanCanCan, which is Rails4 friendly: https://github.com/CanCanCommunity/cancancan