removing skipping feature in ControllerResource for now

This commit is contained in:
Ryan Bates 2011-03-25 16:29:04 -07:00
parent 35fbee578f
commit 5d68caefd0
4 changed files with 84 additions and 91 deletions

View File

@ -261,7 +261,7 @@ module CanCan
break if options[:if] && !controller.send(options[:if]) break if options[:if] && !controller.send(options[:if])
break if options[:unless] && controller.send(options[:unless]) break if options[:unless] && controller.send(options[:unless])
unless controller.current_ability.fully_authorized? controller.params[:action], controller.params[:controller] unless controller.current_ability.fully_authorized? controller.params[:action], controller.params[:controller]
raise CanCan::InsufficientAuthorizationCheck, "Authorization check is not sufficient for this action. This is probably because you have a conditions or attributes defined in Ability and are not checking for them in the action." raise CanCan::InsufficientAuthorizationCheck, "Authorization check is not sufficient for this action. This is probably because you have conditions or attributes defined in Ability and are not checking for them in the action. One way to solve this is adding load_and_authorize_resource to this controller."
end end
end end
rescue_from(CanCan::Unauthorized, &block) if block rescue_from(CanCan::Unauthorized, &block) if block

View File

@ -16,9 +16,6 @@ module CanCan
@params = controller.params @params = controller.params
@options = args.extract_options! @options = args.extract_options!
@name = args.first @name = args.first
raise CanCan::ImplementationRemoved, "The :nested option is no longer supported, instead use :through with separate load/authorize call." if @options[:nested]
raise CanCan::ImplementationRemoved, "The :name option is no longer supported, instead pass the name as the first argument." if @options[:name]
raise CanCan::ImplementationRemoved, "The :resource option has been renamed back to :class, use false if no class." if @options[:resource]
end end
def load_and_authorize_resource def load_and_authorize_resource
@ -27,37 +24,33 @@ module CanCan
end end
def load_resource def load_resource
unless skip?(:load) if load_instance?
if load_instance? self.resource_instance ||= load_resource_instance
self.resource_instance ||= load_resource_instance elsif load_collection?
elsif load_collection? self.collection_instance ||= load_collection
self.collection_instance ||= load_collection
end
end end
end end
def authorize_resource def authorize_resource
unless skip?(:authorize) @controller.authorize!(authorization_action, resource_instance || subject_name_with_parent)
@controller.authorize!(authorization_action, resource_instance || subject_name_with_parent)
end
end end
def parent? def parent?
@options.has_key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym @options.has_key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym
end end
def skip?(behavior) # This could probably use some refactoring # def skip?(behavior) # This could probably use some refactoring
options = @controller.class.cancan_skipper[behavior][@name] # options = @controller.class.cancan_skipper[behavior][@name]
if options.nil? # if options.nil?
false # false
elsif options == {} # elsif options == {}
true # true
elsif options[:except] && ![options[:except]].flatten.include?(@params[:action].to_sym) # elsif options[:except] && ![options[:except]].flatten.include?(@params[:action].to_sym)
true # true
elsif [options[:only]].flatten.include?(@params[:action].to_sym) # elsif [options[:only]].flatten.include?(@params[:action].to_sym)
true # true
end # end
end # end
protected protected

View File

@ -8,7 +8,7 @@ describe CanCan::ControllerResource do
@ability = Ability.new(nil) @ability = Ability.new(nil)
stub(@controller).params { @params } stub(@controller).params { @params }
stub(@controller).current_ability { @ability } stub(@controller).current_ability { @ability }
stub(@controller_class).cancan_skipper { {:authorize => {}, :load => {}} } # stub(@controller_class).cancan_skipper { {:authorize => {}, :load => {}} }
end end
it "should load the resource into an instance variable if params[:id] is specified" do it "should load the resource into an instance variable if params[:id] is specified" do
@ -333,69 +333,69 @@ describe CanCan::ControllerResource do
@controller.instance_variable_get(:@project).should == project @controller.instance_variable_get(:@project).should == project
end end
it "should raise ImplementationRemoved when adding :name option" do # it "should raise ImplementationRemoved when adding :name option" do
lambda { # lambda {
CanCan::ControllerResource.new(@controller, :name => :foo) # CanCan::ControllerResource.new(@controller, :name => :foo)
}.should raise_error(CanCan::ImplementationRemoved) # }.should raise_error(CanCan::ImplementationRemoved)
end # end
#
# it "should raise ImplementationRemoved exception when specifying :resource option since it is no longer used" do
# lambda {
# CanCan::ControllerResource.new(@controller, :resource => Project)
# }.should raise_error(CanCan::ImplementationRemoved)
# end
#
# it "should raise ImplementationRemoved exception when passing :nested option" do
# lambda {
# CanCan::ControllerResource.new(@controller, :nested => :project)
# }.should raise_error(CanCan::ImplementationRemoved)
# end
it "should raise ImplementationRemoved exception when specifying :resource option since it is no longer used" do # it "should skip resource behavior for :only actions in array" do
lambda { # stub(@controller_class).cancan_skipper { {:load => {nil => {:only => [:index, :show]}}} }
CanCan::ControllerResource.new(@controller, :resource => Project) # @params.merge!(:action => "index")
}.should raise_error(CanCan::ImplementationRemoved) # CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
end # CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false
# @params.merge!(:action => "show")
it "should raise ImplementationRemoved exception when passing :nested option" do # CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
lambda { # @params.merge!(:action => "other_action")
CanCan::ControllerResource.new(@controller, :nested => :project) # CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
}.should raise_error(CanCan::ImplementationRemoved) # end
end #
# it "should skip resource behavior for :only one action on resource" do
it "should skip resource behavior for :only actions in array" do # stub(@controller_class).cancan_skipper { {:authorize => {:project => {:only => :index}}} }
stub(@controller_class).cancan_skipper { {:load => {nil => {:only => [:index, :show]}}} } # @params.merge!(:action => "index")
@params.merge!(:action => "index") # CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
CanCan::ControllerResource.new(@controller).skip?(:load).should be_true # CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false # @params.merge!(:action => "other_action")
@params.merge!(:action => "show") # CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false
CanCan::ControllerResource.new(@controller).skip?(:load).should be_true # end
@params.merge!(:action => "other_action") #
CanCan::ControllerResource.new(@controller).skip?(:load).should be_false # it "should skip resource behavior :except actions in array" do
end # stub(@controller_class).cancan_skipper { {:load => {nil => {:except => [:index, :show]}}} }
# @params.merge!(:action => "index")
it "should skip resource behavior for :only one action on resource" do # CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
stub(@controller_class).cancan_skipper { {:authorize => {:project => {:only => :index}}} } # @params.merge!(:action => "show")
@params.merge!(:action => "index") # CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false # @params.merge!(:action => "other_action")
CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true # CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
@params.merge!(:action => "other_action") # CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false
CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false # end
end #
# it "should skip resource behavior :except one action on resource" do
it "should skip resource behavior :except actions in array" do # stub(@controller_class).cancan_skipper { {:authorize => {:project => {:except => :index}}} }
stub(@controller_class).cancan_skipper { {:load => {nil => {:except => [:index, :show]}}} } # @params.merge!(:action => "index")
@params.merge!(:action => "index") # CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false
CanCan::ControllerResource.new(@controller).skip?(:load).should be_false # @params.merge!(:action => "other_action")
@params.merge!(:action => "show") # CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
CanCan::ControllerResource.new(@controller).skip?(:load).should be_false # CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
@params.merge!(:action => "other_action") # end
CanCan::ControllerResource.new(@controller).skip?(:load).should be_true #
CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false # it "should skip loading and authorization" do
end # stub(@controller_class).cancan_skipper { {:authorize => {nil => {}}, :load => {nil => {}}} }
# @params.merge!(:action => "new")
it "should skip resource behavior :except one action on resource" do # resource = CanCan::ControllerResource.new(@controller)
stub(@controller_class).cancan_skipper { {:authorize => {:project => {:except => :index}}} } # lambda { resource.load_and_authorize_resource }.should_not raise_error
@params.merge!(:action => "index") # @controller.instance_variable_get(:@project).should be_nil
CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false # end
@params.merge!(:action => "other_action")
CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
end
it "should skip loading and authorization" do
stub(@controller_class).cancan_skipper { {:authorize => {nil => {}}, :load => {nil => {}}} }
@params.merge!(:action => "new")
resource = CanCan::ControllerResource.new(@controller)
lambda { resource.load_and_authorize_resource }.should_not raise_error
@controller.instance_variable_get(:@project).should be_nil
end
end end

View File

@ -8,7 +8,7 @@ describe CanCan::InheritedResource do
@ability = Ability.new(nil) @ability = Ability.new(nil)
stub(@controller).params { @params } stub(@controller).params { @params }
stub(@controller).current_ability { @ability } stub(@controller).current_ability { @ability }
stub(@controller_class).cancan_skipper { {:authorize => {}, :load => {}} } # stub(@controller_class).cancan_skipper { {:authorize => {}, :load => {}} }
end end
it "show should load resource through @controller.resource" do it "show should load resource through @controller.resource" do