From f7480d1f5aa1d87f85f909411e92825894eda1c3 Mon Sep 17 00:00:00 2001 From: Ryan Bates Date: Sun, 13 Dec 2009 13:47:49 -0800 Subject: [PATCH] releasing gem v1.0.0 (backwards incompatible, see changelog) --- CHANGELOG.rdoc | 4 ++++ README.rdoc | 32 ++++++++++++++++++++++++++++---- cancan.gemspec | 4 ++-- 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index c4078b2..0fbe317 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,5 @@ +1.0.0 (Dec 13, 2009) + * Don't set resource instance variable if it has been set already - see issue #13 * Allowing :nested option to accept an array for deep nesting @@ -10,6 +12,7 @@ * BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments. + 0.2.1 (Nov 26, 2009) * many internal refactorings - see issues #11 and #12 @@ -18,6 +21,7 @@ * support custom objects (usually symbols) in can definition - see issue #8 + 0.2.0 (Nov 17, 2009) * fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3 diff --git a/README.rdoc b/README.rdoc index f86b7b4..58c61e3 100644 --- a/README.rdoc +++ b/README.rdoc @@ -10,7 +10,7 @@ See the RDocs[http://rdoc.info/projects/ryanb/cancan] and Wiki[http://wiki.githu You can set it up as a gem in your environment.rb file. - config.gem "cancan", :source => "http://gemcutter.org" + config.gem "cancan" And then install the gem. @@ -21,7 +21,7 @@ Alternatively you can install it as a Rails plugin. script/plugin install git://github.com/ryanb/cancan.git -== Setup +== Getting Started First, define a class called Ability in "models/ability.rb". @@ -52,10 +52,10 @@ You can also use these methods in a controller along with the "unauthorized!" me unauthorized! if cannot? :read, @article end -Setting this for every action can be tedious, therefore a before filter is also provided to automatically authorize all actions in a RESTful style resource controller. +Setting this for every action can be tedious, therefore the load_and_authorize_resource method is also provided to automatically authorize all actions in a RESTful style resource controller. It will set up a before filter which loads the resource into the instance variable and authorizes it. class ArticlesController < ApplicationController - before_filter :load_and_authorize_resource + load_and_authorize_resource def show # @article is already loaded @@ -150,6 +150,30 @@ The following aliases are added by default for conveniently mapping common contr alias_action :edit, :to => :update +== Authorizing Controller Actions + +As mentioned in the Getting Started section, you can use the +load_and_authorize_resource+ method in your controller to load the resource into an instance variable and authorize it. If you have a nested resource you can specify that as well. + + load_and_authorize_resource :nested => :author + +You can also pass an array to the :+nested+ attribute for deep nesting. + +If you want to customize the loading behavior on certain actions, you can do so in a before filter. + + class BooksController < ApplicationController + before_filter :find_book_by_permalink, :only => :show + load_and_authorize_resource + + private + + def find_book_by_permalink + @book = Book.find_by_permalink!(params[:id) + end + end + +Here the @book instance variable is already set so it will not be loaded again for that action. This works for nested resources as well. + + == Assumptions & Configuring CanCan makes two assumptions about your application. diff --git a/cancan.gemspec b/cancan.gemspec index fa6362d..b6c7f3c 100644 --- a/cancan.gemspec +++ b/cancan.gemspec @@ -4,8 +4,8 @@ Gem::Specification.new do |s| s.description = "Simple authorization solution for Rails which is completely decoupled from the user's roles. All permissions are stored in a single location for convenience." s.homepage = "http://github.com/ryanb/cancan" - s.version = "0.2.1" - s.date = "2009-11-26" + s.version = "1.0.0" + s.date = "2009-12-13" s.authors = ["Ryan Bates"] s.email = "ryan@railscasts.com"