cancan/CHANGELOG.rdoc

1.4.0 (not yet released)

* The :through option will now call a method with that name if instance variable doesn't exist - see issue #146

* Adding :shallow option to load_resource to bring back old behavior of fetching a child without a parent

* Raise AccessDenied error when loading a child and parent resource isn't found

* Abilities defined on a module will apply to anything that includes that module - see issue #150 and #152

* Abilities can be defined with a string of SQL in addition to a block so accessible_by works with a block - see issue #150

* Adding better support for InheritedResource - see issue #23

* Loading the collection instance variable (for index action) using accessible_by - see issue #137

* Adding action and subject variables to I18n unauthorized message - closes #142

* Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135

* Setting initial attributes based on ability conditions in new/create actions - see issue #114

* Check parent attributes for nested association in index action - see issue #121

* Supporting nesting in can? method using hash - see issue #121

* Adding I18n support for Access Denied messages (thanks EppO) - see issue #103

* Passing no arguments to +can+ definition will pass action, class, and object to block - see issue #129

* Don't pass action to block in +can+ definition when using :+manage+ option - see issue #129

* No longer calling block in +can+ definition when checking on class - see issue #116


1.3.4 (August 31, 2010)

* Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131


1.3.3 (August 20, 2010)

* Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119

* Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123


1.3.2 (August 7, 2010)

* Fixing slice error when passing in custom resource name - see issue #112


1.3.1 (August 6, 2010)

* Fixing protected sanitize_sql error - see issue #111


1.3.0 (August 6, 2010)

* Adding :find_by option to load_resource - see issue #19

* Adding :singleton option to load_resource - see issue #93

* Supporting multiple resources in :through option for polymorphic associations - see issue #73

* Supporting Single Table Inheritance for "can" comparisons - see issue #55

* Adding :instance_name option to load/authorize_resource - see issue #44

* Don't pass nil to "new" to keep MongoMapper happy - see issue #63

* Parent resources are now authorized with :read action.

* Changing :resource option in load/authorize_resource back to :class with ability to pass false

* Removing :nested option in favor of :through option with separate load/authorize call

* Moving internal logic from ResourceAuthorization to ControllerResource class

* Supporting multiple "can" and "cannot" calls with accessible_by (thanks funny-falcon) - see issue #71

* Supporting deeply nested aliases - see issue #98


1.2.0 (July 16, 2010)

* Load nested parent resources on collection actions such as "index" (thanks dohzya)

* Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65

* Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66

* Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62

* Support has_many association or arrays in can conditions hash

* Adding joins clause to accessible_by when conditions are across associations


1.1.1 (April 17, 2010)

* Fixing behavior in Rails 3 by properly initializing ResourceAuthorization


1.1.0 (April 17, 2010)

* Supporting arrays, ranges, and nested hashes in ability conditions

* Removing "unauthorized!" method in favor of "authorize!" in controllers

* Adding action, subject and default_message abilities to AccessDenied exception - see issue #40

* Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.

* Adding "accessible_by" method to Active Record for fetching records matching a specific ability

* Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53

* Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45

* Properly handle Admin::AbilitiesController in params[:controller] - see issue #46

* Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54

* Support additional arguments to can? which get passed to the block - see issue #48


1.0.2 (Dec 30, 2009)

* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20

* Append aliased actions (don't overwrite them) - see issue #20

* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18


1.0.1 (Dec 14, 2009)

* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17

* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14


1.0.0 (Dec 13, 2009)

* Don't set resource instance variable if it has been set already - see issue #13

* Allowing :nested option to accept an array for deep nesting

* Adding :nested option to load resource method - see issue #10

* Pass :only and :except options to before filters for load/authorize resource methods.

* Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.

* BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.


0.2.1 (Nov 26, 2009)

* many internal refactorings - see issues #11 and #12

* adding "cannot" method to define which abilities cannot be done - see issue #7

* support custom objects (usually symbols) in can definition - see issue #8


0.2.0 (Nov 17, 2009)

* fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3

* support arrays being passed to "can" to specify multiple actions or classes - see issue #2

* adding "cannot?" method to ability, controller, and view which is inverse of "can?" - see issue #1

* BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4


0.1.0 (Nov 16, 2009)

* initial release
filling in some inline documentation for 1.4 2010-09-03 23:19:39 +00:00			`1.4.0 (not yet released)`

adding to changelog 2010-09-21 19:03:16 +00:00			`* The :through option will now call a method with that name if instance variable doesn't exist - see issue #146`

			`* Adding :shallow option to load_resource to bring back old behavior of fetching a child without a parent`

			`* Raise AccessDenied error when loading a child and parent resource isn't found`

			`* Abilities defined on a module will apply to anything that includes that module - see issue #150 and #152`

			`* Abilities can be defined with a string of SQL in addition to a block so accessible_by works with a block - see issue #150`

use 'send' to access controller current_ability in case it's private 2010-09-23 18:58:55 +00:00			`* Adding better support for InheritedResource - see issue #23`
adding to changelog 2010-09-21 19:03:16 +00:00
use 'send' to access controller current_ability in case it's private 2010-09-23 18:58:55 +00:00			`* Loading the collection instance variable (for index action) using accessible_by - see issue #137`
adding to changelog 2010-09-21 19:03:16 +00:00
			`* Adding action and subject variables to I18n unauthorized message - closes #142`

filling in some inline documentation for 1.4 2010-09-03 23:19:39 +00:00			`* Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135`

			`* Setting initial attributes based on ability conditions in new/create actions - see issue #114`

			`* Check parent attributes for nested association in index action - see issue #121`

			`* Supporting nesting in can? method using hash - see issue #121`

			`* Adding I18n support for Access Denied messages (thanks EppO) - see issue #103`

			`* Passing no arguments to +can+ definition will pass action, class, and object to block - see issue #129`

			`* Don't pass action to block in +can+ definition when using :+manage+ option - see issue #129`

			`* No longer calling block in +can+ definition when checking on class - see issue #116`


releasing version 1.3.4 2010-08-31 22:46:26 +00:00			`1.3.4 (August 31, 2010)`

			`* Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131`


releasing version 1.3.3 2010-08-20 23:27:25 +00:00			`1.3.3 (August 20, 2010)`

			`* Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119`

			`* Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123`


releasing version 1.3.2 which fixes slice error when passing custom resource name 2010-08-07 15:38:35 +00:00			`1.3.2 (August 7, 2010)`

			`* Fixing slice error when passing in custom resource name - see issue #112`


releasing version 1.3.1 with sanitize_sql fix 2010-08-07 06:28:51 +00:00			`1.3.1 (August 6, 2010)`

			`* Fixing protected sanitize_sql error - see issue #111`


releasing version 1.3.0 2010-08-06 23:00:52 +00:00			`1.3.0 (August 6, 2010)`

updating changelog 2010-08-06 18:42:30 +00:00			`* Adding :find_by option to load_resource - see issue #19`

renaming :singular resource option to :singleton 2010-08-06 20:06:18 +00:00			`* Adding :singleton option to load_resource - see issue #93`
updating changelog 2010-08-06 18:42:30 +00:00
releasing version 1.3.3 2010-08-20 23:27:25 +00:00			`* Supporting multiple resources in :through option for polymorphic associations - see issue #73`
updating changelog 2010-08-06 18:42:30 +00:00
			`* Supporting Single Table Inheritance for "can" comparisons - see issue #55`

			`* Adding :instance_name option to load/authorize_resource - see issue #44`

			`* Don't pass nil to "new" to keep MongoMapper happy - see issue #63`

only use the :read action when authorizing parent resources 2010-08-05 23:24:08 +00:00			`* Parent resources are now authorized with :read action.`

adding :through option to replace :nesting option and moving ResourceAuthorization class code into ControllerResource 2010-08-05 23:12:30 +00:00			`* Changing :resource option in load/authorize_resource back to :class with ability to pass false`

			`* Removing :nested option in favor of :through option with separate load/authorize call`

			`* Moving internal logic from ResourceAuthorization to ControllerResource class`

adding thanks to changelog 2010-07-21 00:11:05 +00:00			`* Supporting multiple "can" and "cannot" calls with accessible_by (thanks funny-falcon) - see issue #71`
updating changelong with support for multiple can calls in accessible_by - closes #71 2010-07-21 00:09:46 +00:00
supporting deeply nested aliases - closes #98 2010-07-19 23:03:09 +00:00			`* Supporting deeply nested aliases - see issue #98`

releasing version 1.3.0 2010-08-06 23:00:52 +00:00
releasing version 1.2.0 2010-07-19 16:21:14 +00:00			`1.2.0 (July 16, 2010)`

load parent resources for collection actions such 'index' 2010-05-21 22:22:21 +00:00			`* Load nested parent resources on collection actions such as "index" (thanks dohzya)`

adding :name option to load_and_authorize_resource if it does not match controller - closes #65 2010-05-21 21:20:45 +00:00			`* Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65`

improving inline documentation 2010-05-21 20:41:24 +00:00			`* Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66`
fixing issue when using accessible_by with nil can conditions - closes #66 2010-05-21 00:06:10 +00:00
			`* Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62`

support has_many association or arrays in can conditions hash 2010-04-23 00:39:22 +00:00			`* Support has_many association or arrays in can conditions hash`

adding joins clause to accessible_by when conditions are across associations 2010-04-21 00:02:28 +00:00			`* Adding joins clause to accessible_by when conditions are across associations`

releasing version 1.2.0 2010-07-19 16:21:14 +00:00
releasing 1.1.1 which fixes behavior in Rails 3 by properly initializing ResourceAuthorization 2010-04-17 21:01:20 +00:00			`1.1.1 (April 17, 2010)`

			`* Fixing behavior in Rails 3 by properly initializing ResourceAuthorization`


releasing version 1.1, see wiki and changelog for details 2010-04-17 19:06:06 +00:00			`1.1.0 (April 17, 2010)`
support additional arguments to can? which get passed to the block - closes #48 2010-04-15 18:21:44 +00:00
supporting arrays, ranges, and nested hashes in ability conditions 2010-04-17 18:54:27 +00:00			`* Supporting arrays, ranges, and nested hashes in ability conditions`

allow access to classes when using hash conditions since you'll generally want to narrow it down with a database query 2010-04-16 22:56:07 +00:00			`* Removing "unauthorized!" method in favor of "authorize!" in controllers`
removing unauthorized! in favor of authorize! and including more information in AccessDenied exception - closes #40 2010-04-16 21:54:18 +00:00
			`* Adding action, subject and default_message abilities to AccessDenied exception - see issue #40`

adding caching to current_ability class method, if you're overriding this be sure to add caching there too 2010-04-16 06:28:04 +00:00			`* Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.`

renaming ActiveRecordAdditions#can method to accessible_by since it flows better and makes more sense 2010-04-16 06:54:45 +00:00			`* Adding "accessible_by" method to Active Record for fetching records matching a specific ability`
adding can method to Active Record for fetching records matching a specific ability, still needs documentation 2010-04-16 00:04:36 +00:00
adding conditions behavior to Ability#can and fetch with Ability#conditions - closes #53 2010-04-15 23:50:47 +00:00			`* Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53`

renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - closes #45 2010-04-15 21:14:22 +00:00			`* Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45`

			`* Properly handle Admin::AbilitiesController in params[:controller] - see issue #46`

			`* Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54`
allow additional arguments for be_able_to matcher, this requires Ruby 1.8.7 or higher to use matcher 2010-04-15 19:04:43 +00:00
support additional arguments to can? which get passed to the block - closes #48 2010-04-15 18:21:44 +00:00			`* Support additional arguments to can? which get passed to the block - see issue #48`


releasing v1.0.2 2009-12-31 05:33:31 +00:00			`1.0.2 (Dec 30, 2009)`

Adding clear_aliased_actions to Ability which removes previously defined actions including defaults 2009-12-31 02:01:40 +00:00			`* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20`

Append aliased actions (don't overwrite them) - closes #20 2009-12-31 01:49:49 +00:00			`* Append aliased actions (don't overwrite them) - see issue #20`

adding custom message argument to unauthorized! method - closes #18 2009-12-15 18:53:05 +00:00			`* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18`


releasing gem v1.0.1 2009-12-14 16:37:30 +00:00			`1.0.1 (Dec 14, 2009)`

Adding :class option to load_resource so one can customize which class to use for the model - closes #17 2009-12-14 16:31:49 +00:00			`* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17`

Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - closes #14 2009-12-14 16:18:08 +00:00			`* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14`


releasing gem v1.0.0 (backwards incompatible, see changelog) 2009-12-13 21:47:49 +00:00			`1.0.0 (Dec 13, 2009)`

Don't set resource instance variable if it has been set already - closes #13 2009-12-13 20:32:09 +00:00			`* Don't set resource instance variable if it has been set already - see issue #13`

Allowing :nested option to accept an array for deep nesting 2009-12-13 20:22:05 +00:00			`* Allowing :nested option to accept an array for deep nesting`

adding :nested option for load_resource - closes #10 2009-12-13 19:39:02 +00:00			`* Adding :nested option to load resource method - see issue #10`

Pass :only and :except options to before filters for load/authorize resource methods. 2009-12-13 19:00:12 +00:00			`* Pass :only and :except options to before filters for load/authorize resource methods.`

Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed. 2009-12-13 18:42:10 +00:00			`* Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.`

turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments 2009-12-13 18:03:21 +00:00			`* BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.`

releasing gem v1.0.0 (backwards incompatible, see changelog) 2009-12-13 21:47:49 +00:00
releasing gem v0.2.1 2009-11-26 18:13:22 +00:00			`0.2.1 (Nov 26, 2009)`

			`* many internal refactorings - see issues #11 and #12`

adding cannot method to define which abilities cannot be done - closes #7 2009-11-25 18:25:58 +00:00			`* adding "cannot" method to define which abilities cannot be done - see issue #7`

support custom objects (usually symbols) in can definition - closes #8 2009-11-25 17:55:50 +00:00			`* support custom objects (usually symbols) in can definition - see issue #8`

releasing gem v1.0.0 (backwards incompatible, see changelog) 2009-12-13 21:47:49 +00:00
releasing gem 0.2.0 NOT BACKWARDS COMPATABLE, SEE CHANGELOG 2009-11-17 20:58:42 +00:00			`0.2.0 (Nov 17, 2009)`

fixing behavior of load_and_authorize_resource for namespaced controllers - closes #3 2009-11-17 19:59:59 +00:00			`* fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3`

support arrays being passed to 'can' to specify multiple actions or classes - closes #2 2009-11-17 19:46:27 +00:00			`* support arrays being passed to "can" to specify multiple actions or classes - see issue #2`

adding 'cannot?' method which performs opposite check of 'can?' - closes #1 2009-11-17 18:46:16 +00:00			`* adding "cannot?" method to ability, controller, and view which is inverse of "can?" - see issue #1`

BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - closes #4 2009-11-17 18:25:47 +00:00			`* BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4`

releasing gem 0.2.0 NOT BACKWARDS COMPATABLE, SEE CHANGELOG 2009-11-17 20:58:42 +00:00
			`0.1.0 (Nov 16, 2009)`
releasing gem v0.1.0 2009-11-17 06:15:10 +00:00
			`* initial release`