From 94e031bf96c85e5e95e152539b2ab1702225cd98 Mon Sep 17 00:00:00 2001
From: Ryan Bates <ryan@railscasts.com>
Date: Sun, 13 Dec 2009 11:00:12 -0800
Subject: [PATCH] Pass :only and :except options to before filters for
 load/authorize resource methods.

---
 CHANGELOG.rdoc                           |  2 ++
 lib/cancan/controller_additions.rb       | 26 ++++++++++++++++++------
 spec/cancan/controller_additions_spec.rb | 10 ++++-----
 3 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
index bc82591..e13ce22 100644
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,3 +1,5 @@
+* Pass :only and :except options to before filters for load/authorize resource methods.
+
 * Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.
 
 * BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.
diff --git a/lib/cancan/controller_additions.rb b/lib/cancan/controller_additions.rb
index 410c7a0..cb7e7c3 100644
--- a/lib/cancan/controller_additions.rb
+++ b/lib/cancan/controller_additions.rb
@@ -11,8 +11,8 @@ module CanCan
       #     load_and_authorize_resource
       #   end
       # 
-      def load_and_authorize_resource(*args)
-        before_filter { |c| ResourceAuthorization.new(c, c.params, *args).load_and_authorize_resource }
+      def load_and_authorize_resource(options = {})
+        before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).load_and_authorize_resource }
       end
       
       # Sets up a before filter which loads the appropriate model resource into an instance variable.
@@ -30,6 +30,12 @@ module CanCan
       # See load_and_authorize_resource to automatically authorize the resource too.
       # 
       # Options:
+      # [:+only+]
+      #   Only applies before filter to given actions.
+      #   
+      # [:+except+]
+      #   Does not apply before filter to given actions.
+      # 
       # [:+collection+]
       #   Specify which actions are resource collection actions in addition to :+index+. This
       #   is usually not necessary because it will try to guess depending on if an :+id+
@@ -44,8 +50,8 @@ module CanCan
       #   
       #     load_resource :new => :build
       #   
-      def load_resource(*args)
-        before_filter { |c| ResourceAuthorization.new(c, c.params, *args).load_resource }
+      def load_resource(options = {})
+        before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).load_resource }
       end
       
       # Sets up a before filter which authorizes the current resource using the instance variable.
@@ -62,8 +68,16 @@ module CanCan
       #   end
       # 
       # See load_and_authorize_resource to automatically load the resource too.
-      def authorize_resource(*args)
-        before_filter { |c| ResourceAuthorization.new(c, c.params, *args).authorize_resource }
+      # 
+      # Options:
+      # [:+only+]
+      #   Only applies before filter to given actions.
+      #   
+      # [:+except+]
+      #   Does not apply before filter to given actions.
+      # 
+      def authorize_resource(options = {})
+        before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).authorize_resource }
       end
     end
     
diff --git a/spec/cancan/controller_additions_spec.rb b/spec/cancan/controller_additions_spec.rb
index d41e925..31e1eb0 100644
--- a/spec/cancan/controller_additions_spec.rb
+++ b/spec/cancan/controller_additions_spec.rb
@@ -29,19 +29,19 @@ describe CanCan::ControllerAdditions do
   
   it "load_and_authorize_resource should setup a before filter which passes call to ResourceAuthorization" do
     stub(CanCan::ResourceAuthorization).new(@controller, @controller.params, :foo => :bar).mock!.load_and_authorize_resource
-    mock(@controller_class).before_filter { |block| block.call(@controller) }
+    mock(@controller_class).before_filter({}) { |options, block| block.call(@controller) }
     @controller_class.load_and_authorize_resource :foo => :bar
   end
   
   it "authorize_resource should setup a before filter which passes call to ResourceAuthorization" do
     stub(CanCan::ResourceAuthorization).new(@controller, @controller.params, :foo => :bar).mock!.authorize_resource
-    mock(@controller_class).before_filter { |block| block.call(@controller) }
-    @controller_class.authorize_resource :foo => :bar
+    mock(@controller_class).before_filter(:except => :show) { |options, block| block.call(@controller) }
+    @controller_class.authorize_resource :foo => :bar, :except => :show
   end
   
   it "load_resource should setup a before filter which passes call to ResourceAuthorization" do
     stub(CanCan::ResourceAuthorization).new(@controller, @controller.params, :foo => :bar).mock!.load_resource
-    mock(@controller_class).before_filter { |block| block.call(@controller) }
-    @controller_class.load_resource :foo => :bar
+    mock(@controller_class).before_filter(:only => [:show, :index]) { |options, block| block.call(@controller) }
+    @controller_class.load_resource :foo => :bar, :only => [:show, :index]
   end
 end