Merge branch 'master' into meta_where

spec/cancan/ability_spec.rb

@@ -357,6 +357,14 @@ describe CanCan::Ability do
     @ability.model_adapter(model_class, :read).should == :adapter_instance
   end
 
+  it "should raise an error when attempting to use a block with a hash condition since it's not likely what they want" do
+    lambda {
+      @ability.can :read, Array, :published => true do
+        false
+      end
+    }.should raise_error(CanCan::Error, "You are not able to supply a block with a hash of conditions in read Array ability. Use either one.")
+  end
+
   describe "unauthorized message" do
     after(:each) do
       I18n.backend = nil
@@ -395,6 +403,7 @@ describe CanCan::Ability do
     it "should have variables for action and subject" do
       I18n.backend.store_translations :en, :unauthorized => {:manage => {:all => "%{action} %{subject}"}} # old syntax for now in case testing with old I18n
       @ability.unauthorized_message(:update, Array).should == "update array"
+      @ability.unauthorized_message(:update, ArgumentError).should == "update argument error"
       @ability.unauthorized_message(:edit, 1..3).should == "edit range"
     end
   end

spec/cancan/controller_additions_spec.rb

@@ -42,6 +42,11 @@ describe CanCan::ControllerAdditions do
     @controller_class.load_and_authorize_resource :project, :foo => :bar
   end
 
+  it "load_and_authorize_resource with :prepend should prepend the before filter" do
+    mock(@controller_class).prepend_before_filter({})
+    @controller_class.load_and_authorize_resource :foo => :bar, :prepend => true
+  end
+
   it "authorize_resource should setup a before filter which passes call to ControllerResource" do
     stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.authorize_resource
     mock(@controller_class).before_filter(:except => :show) { |options, block| block.call(@controller) }
@@ -61,17 +66,33 @@ describe CanCan::ControllerAdditions do
   end
 
   it "check_authorization should trigger AuthorizationNotPerformed in after filter" do
-    mock(@controller_class).after_filter(:some_options) { |options, block| block.call(@controller) }
+    mock(@controller_class).after_filter(:only => [:test]) { |options, block| block.call(@controller) }
     lambda {
-      @controller_class.check_authorization(:some_options)
+      @controller_class.check_authorization(:only => [:test])
     }.should raise_error(CanCan::AuthorizationNotPerformed)
   end
 
+  it "check_authorization should not trigger AuthorizationNotPerformed when :if is false" do
+    stub(@controller).check_auth? { false }
+    mock(@controller_class).after_filter({}) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:if => :check_auth?)
+    }.should_not raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
+  it "check_authorization should not trigger AuthorizationNotPerformed when :unless is true" do
+    stub(@controller).engine_controller? { true }
+    mock(@controller_class).after_filter({}) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:unless => :engine_controller?)
+    }.should_not raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
   it "check_authorization should not raise error when @_authorized is set" do
     @controller.instance_variable_set(:@_authorized, true)
-    mock(@controller_class).after_filter(:some_options) { |options, block| block.call(@controller) }
+    mock(@controller_class).after_filter(:only => [:test]) { |options, block| block.call(@controller) }
     lambda {
-      @controller_class.check_authorization(:some_options)
+      @controller_class.check_authorization(:only => [:test])
     }.should_not raise_error(CanCan::AuthorizationNotPerformed)
   end
 

spec/cancan/controller_resource_spec.rb

@@ -110,7 +110,7 @@ describe CanCan::ControllerResource do
   end
 
   it "should perform authorization using controller action and loaded model" do
-    @params[:action] = "show"
+    @params.merge!(:action => "show", :id => 123)
     @controller.instance_variable_set(:@project, :some_project)
     stub(@controller).authorize!(:show, :some_project) { raise CanCan::AccessDenied }
     resource = CanCan::ControllerResource.new(@controller)
@@ -118,27 +118,36 @@ describe CanCan::ControllerResource do
   end
 
   it "should perform authorization using controller action and non loaded model" do
-    @params[:action] = "show"
+    @params.merge!(:action => "show", :id => 123)
     stub(@controller).authorize!(:show, Project) { raise CanCan::AccessDenied }
     resource = CanCan::ControllerResource.new(@controller)
     lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
   end
 
   it "should call load_resource and authorize_resource for load_and_authorize_resource" do
-    @params[:action] = "show"
+    @params.merge!(:action => "show", :id => 123)
     resource = CanCan::ControllerResource.new(@controller)
     mock(resource).load_resource
     mock(resource).authorize_resource
     resource.load_and_authorize_resource
   end
 
-  it "should not build a resource when on custom collection action" do
-    @params[:action] = "sort"
+  it "should not build a single resource when on custom collection action even with id" do
+    @params.merge!(:action => "sort", :id => 123)
     resource = CanCan::ControllerResource.new(@controller, :collection => [:sort, :list])
     resource.load_resource
     @controller.instance_variable_get(:@project).should be_nil
   end
 
+  it "should load a collection resource when on custom action with no id param" do
+    stub(Project).accessible_by(@ability, :sort) { :found_projects }
+    @params[:action] = "sort"
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_get(:@projects).should == :found_projects
+  end
+
   it "should build a resource when on custom new action even when params[:id] exists" do
     @params.merge!(:action => "build", :id => 123)
     stub(Project).new { :some_project }
@@ -250,7 +259,7 @@ describe CanCan::ControllerResource do
   end
 
   it "should find record through has_one association with :singleton option" do
-    @params.merge!(:action => "show")
+    @params.merge!(:action => "show", :id => 123)
     category = Object.new
     @controller.instance_variable_set(:@category, category)
     stub(category).project { :some_project }

spec/cancan/inherited_resource_spec.rb

@@ -12,7 +12,7 @@ describe CanCan::InheritedResource do
   end
 
   it "show should load resource through @controller.resource" do
-    @params[:action] = "show"
+    @params.merge!(:action => "show", :id => 123)
     stub(@controller).resource { :project_resource }
     CanCan::InheritedResource.new(@controller).load_resource
     @controller.instance_variable_get(:@project).should == :project_resource
@@ -25,17 +25,17 @@ describe CanCan::InheritedResource do
     @controller.instance_variable_get(:@project).should == :project_resource
   end
 
-  it "index should load through @controller.parent when parent" do
+  it "index should load through @controller.association_chain when parent" do
     @params[:action] = "index"
-    stub(@controller).parent { :project_resource }
+    stub(@controller).association_chain { @controller.instance_variable_set(:@project, :project_resource) }
     CanCan::InheritedResource.new(@controller, :parent => true).load_resource
     @controller.instance_variable_get(:@project).should == :project_resource
   end
 
-  it "index should load through @controller.end_of_association_chain" do
+  it "index should load through @controller.collection" do
     @params[:action] = "index"
     stub(Project).accessible_by(@ability, :index) { :projects }
-    stub(@controller).end_of_association_chain { Project }
+    stub(@controller).collection { Project }
     CanCan::InheritedResource.new(@controller).load_resource
     @controller.instance_variable_get(:@projects).should == :projects
   end

spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -111,10 +111,25 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
       @ability.can :read, Article, :published => true
       @ability.can :read, Article, ["secret=?", true]
       article1 = Article.create!(:published => true, :secret => false)
+      article2 = Article.create!(:published => true, :secret => true)
+      article3 = Article.create!(:published => false, :secret => true)
       article4 = Article.create!(:published => false, :secret => false)
+      Article.accessible_by(@ability).should == [article1, article2, article3]
+    end
+
+    it "should allow a scope for conditions" do
+      @ability.can :read, Article, Article.where(:secret => true)
+      article1 = Article.create!(:secret => true)
+      article2 = Article.create!(:secret => false)
       Article.accessible_by(@ability).should == [article1]
     end
 
+    it "should raise an exception when trying to merge scope with other conditions" do
+      @ability.can :read, Article, :published => true
+      @ability.can :read, Article, Article.where(:secret => true)
+      lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error, "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for read Article ability.")
+    end
+
     it "should not allow to fetch records when ability with just block present" do
       @ability.can :read, Article do
         false