making accessible_by action default to :index and parent action default to :show so we don't check :read action directly - closes #302

2011-03-15 23:00:40 -07:00 · 2011-03-15 23:00:40 -07:00 · fdd5ad022d
commit fdd5ad022d
parent 3639ca90eb
3 changed files with 6 additions and 6 deletions
--- a/lib/cancan/controller_resource.rb
+++ b/lib/cancan/controller_resource.rb
@ -105,7 +105,7 @@ module CanCan
    end

    def authorization_action
-      parent? ? :read : @params[:action].to_sym
+      parent? ? :show : @params[:action].to_sym
    end

    def id_param
--- a/lib/cancan/model_additions.rb
+++ b/lib/cancan/model_additions.rb
@ -4,7 +4,7 @@ module CanCan
  module ModelAdditions
    module ClassMethods
      # Returns a scope which fetches only the records that the passed ability
-      # can perform a given action on. The action defaults to :read. This
+      # can perform a given action on. The action defaults to :index. This
      # is usually called from a controller and passed the +current_ability+.
      #
      #   @articles = Article.accessible_by(current_ability)
@ -19,7 +19,7 @@ module CanCan
      #   @articles = Article.accessible_by(current_ability, :update)
      #
      # Here only the articles which the user can update are returned.
-      def accessible_by(ability, action = :read)
+      def accessible_by(ability, action = :index)
        ability.model_adapter(self, action).database_records
      end
    end
--- a/spec/cancan/controller_resource_spec.rb
+++ b/spec/cancan/controller_resource_spec.rb
@ -104,7 +104,7 @@ describe CanCan::ControllerResource do
  it "should authorize parent resource in collection action" do
    @params[:action] = "index"
    @controller.instance_variable_set(:@category, :some_category)
-    stub(@controller).authorize!(:read, :some_category) { raise CanCan::AccessDenied }
+    stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied }
    resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
  end
@ -293,10 +293,10 @@ describe CanCan::ControllerResource do
    @controller.instance_variable_get(:@project).name.should == "foobar"
  end

-  it "should only authorize :read action on parent resource" do
+  it "should only authorize :show action on parent resource" do
    project = Project.create!
    @params.merge!(:action => "new", :project_id => project.id)
-    stub(@controller).authorize!(:read, project) { raise CanCan::AccessDenied }
+    stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
    resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
    lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
  end