2010-09-03 23:19:39 +00:00
1.4.0 (not yet released)
* Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135
* Setting initial attributes based on ability conditions in new/create actions - see issue #114
* Check parent attributes for nested association in index action - see issue #121
* Supporting nesting in can? method using hash - see issue #121
* Adding I18n support for Access Denied messages (thanks EppO) - see issue #103
* Passing no arguments to +can+ definition will pass action, class, and object to block - see issue #129
* Don't pass action to block in +can+ definition when using :+manage+ option - see issue #129
* No longer calling block in +can+ definition when checking on class - see issue #116
2010-08-31 22:46:26 +00:00
1.3.4 (August 31, 2010)
* Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131
2010-08-20 23:27:25 +00:00
1.3.3 (August 20, 2010)
* Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119
* Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123
2010-08-07 15:38:35 +00:00
1.3.2 (August 7, 2010)
* Fixing slice error when passing in custom resource name - see issue #112
2010-08-07 06:28:51 +00:00
1.3.1 (August 6, 2010)
* Fixing protected sanitize_sql error - see issue #111
2010-08-06 23:00:52 +00:00
1.3.0 (August 6, 2010)
2010-08-06 18:42:30 +00:00
* Adding :find_by option to load_resource - see issue #19
2010-08-06 20:06:18 +00:00
* Adding :singleton option to load_resource - see issue #93
2010-08-06 18:42:30 +00:00
2010-08-20 23:27:25 +00:00
* Supporting multiple resources in :through option for polymorphic associations - see issue #73
2010-08-06 18:42:30 +00:00
* Supporting Single Table Inheritance for "can" comparisons - see issue #55
* Adding :instance_name option to load/authorize_resource - see issue #44
* Don't pass nil to "new" to keep MongoMapper happy - see issue #63
2010-08-05 23:24:08 +00:00
* Parent resources are now authorized with :read action.
2010-08-05 23:12:30 +00:00
* Changing :resource option in load/authorize_resource back to :class with ability to pass false
* Removing :nested option in favor of :through option with separate load/authorize call
* Moving internal logic from ResourceAuthorization to ControllerResource class
2010-07-21 00:11:05 +00:00
* Supporting multiple "can" and "cannot" calls with accessible_by (thanks funny-falcon) - see issue #71
2010-07-21 00:09:46 +00:00
2010-07-19 23:03:09 +00:00
* Supporting deeply nested aliases - see issue #98
2010-08-06 23:00:52 +00:00
2010-07-19 16:21:14 +00:00
1.2.0 (July 16, 2010)
2010-05-21 22:22:21 +00:00
* Load nested parent resources on collection actions such as "index" (thanks dohzya)
2010-05-21 21:20:45 +00:00
* Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65
2010-05-21 20:41:24 +00:00
* Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66
2010-05-21 00:06:10 +00:00
* Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62
2010-04-23 00:39:22 +00:00
* Support has_many association or arrays in can conditions hash
2010-04-21 00:02:28 +00:00
* Adding joins clause to accessible_by when conditions are across associations
2010-07-19 16:21:14 +00:00
2010-04-17 21:01:20 +00:00
1.1.1 (April 17, 2010)
* Fixing behavior in Rails 3 by properly initializing ResourceAuthorization
2010-04-17 19:06:06 +00:00
1.1.0 (April 17, 2010)
2010-04-15 18:21:44 +00:00
2010-04-17 18:54:27 +00:00
* Supporting arrays, ranges, and nested hashes in ability conditions
2010-04-16 22:56:07 +00:00
* Removing "unauthorized!" method in favor of "authorize!" in controllers
2010-04-16 21:54:18 +00:00
* Adding action, subject and default_message abilities to AccessDenied exception - see issue #40
2010-04-16 06:28:04 +00:00
* Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.
2010-04-16 06:54:45 +00:00
* Adding "accessible_by" method to Active Record for fetching records matching a specific ability
2010-04-16 00:04:36 +00:00
2010-04-15 23:50:47 +00:00
* Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53
2010-04-15 21:14:22 +00:00
* Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45
* Properly handle Admin::AbilitiesController in params[:controller] - see issue #46
* Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54
2010-04-15 19:04:43 +00:00
2010-04-15 18:21:44 +00:00
* Support additional arguments to can? which get passed to the block - see issue #48
2009-12-31 05:33:31 +00:00
1.0.2 (Dec 30, 2009)
2009-12-31 02:01:40 +00:00
* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
2009-12-31 01:49:49 +00:00
* Append aliased actions (don't overwrite them) - see issue #20
2009-12-15 18:53:05 +00:00
* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
2009-12-14 16:37:30 +00:00
1.0.1 (Dec 14, 2009)
2009-12-14 16:31:49 +00:00
* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
2009-12-14 16:18:08 +00:00
* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
2009-12-13 21:47:49 +00:00
1.0.0 (Dec 13, 2009)
2009-12-13 20:32:09 +00:00
* Don't set resource instance variable if it has been set already - see issue #13
2009-12-13 20:22:05 +00:00
* Allowing :nested option to accept an array for deep nesting
2009-12-13 19:39:02 +00:00
* Adding :nested option to load resource method - see issue #10
2009-12-13 19:00:12 +00:00
* Pass :only and :except options to before filters for load/authorize resource methods.
2009-12-13 18:42:10 +00:00
* Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.
2009-12-13 18:03:21 +00:00
* BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.
2009-12-13 21:47:49 +00:00
2009-11-26 18:13:22 +00:00
0.2.1 (Nov 26, 2009)
* many internal refactorings - see issues #11 and #12
2009-11-25 18:25:58 +00:00
* adding "cannot" method to define which abilities cannot be done - see issue #7
2009-11-25 17:55:50 +00:00
* support custom objects (usually symbols) in can definition - see issue #8
2009-12-13 21:47:49 +00:00
2009-11-17 20:58:42 +00:00
0.2.0 (Nov 17, 2009)
2009-11-17 19:59:59 +00:00
* fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3
2009-11-17 19:46:27 +00:00
* support arrays being passed to "can" to specify multiple actions or classes - see issue #2
2009-11-17 18:46:16 +00:00
* adding "cannot?" method to ability, controller, and view which is inverse of "can?" - see issue #1
2009-11-17 18:25:47 +00:00
* BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4
2009-11-17 20:58:42 +00:00
0.1.0 (Nov 16, 2009)
2009-11-17 06:15:10 +00:00
* initial release