nested controllers and strong parameters.

[urkle]

So, I have a nested controller in a project I'm converting to rails 4.2. using the head master. I have a before_filter configured to load up the model for the create action.. However.. due to the ordering of the before filters, that gets run AFTER the permissions are being checked.

  filter_resource_access :nested_in => :commentable
  before_filter :new_comment_from_params, :only => :create
```ruby

And I can't put it before, as it relies on Decl auth running the load_parent_controller_object / load_commentable
```ruby
  def load_commentable
    @commentable = find_polymorphic
  end

  def new_comment_from_params
    @comment = @commentable.comments.build (comment_params).merge(author: current_user)
  end

This creates a lovely catch-22 problem in the code. IMHO in the "Strong parameters" case decl auth should handle the :create before filter and either.
only check for new_{model}_from_params OR have a default implementation that expects {model}_params to handle the strong parameters logic.