Commit Graph

239 Commits

Author SHA1 Message Date
Adam Wróbel
3639ca90eb Fixes inherited_resources collection authorization
This reverts e3eab13b86

I don't know what was the idea of that, but it turned out REAL bad.

`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.

    1. def load_resource
    2.  unless skip?(:load)
    3.    if load_instance?
    4.      self.resource_instance ||= load_resource_instance
    5.    elsif load_collection?
    6.      self.collection_instance ||= load_collection
    7.    end
    8.  end
    9. end

`collection_instance` is set on line 5 instead of line 6.
2011-03-16 01:20:35 +01:00
Ryan Bates
9bee4a8d4b adding any/all support for MetaWhere conditions 2011-03-08 23:19:56 -08:00
Ryan Bates
eb2826f135 adding more MetaWhere comparison operators 2011-03-08 22:21:42 -08:00
Ryan Bates
a49269175e Merge branch 'master' into meta_where 2011-03-08 22:05:40 -08:00
Ryan Bates
0de43c445b raise an error when trying to make a rule with both hash conditions and a block - closes #269 2011-03-08 17:20:32 -08:00
Ryan Bates
f9b181af05 allow Active Record scope to be passed as Ability conditions - closes #257 2011-03-08 17:08:26 -08:00
Ryan Bates
80f1ab20fb adding :if and :unless options to check_authorization - closes #284 2011-03-08 16:35:01 -08:00
Ryan Bates
37102fe6f8 load collection resources in custom controller actions with no id param - closes #296 2011-03-08 16:10:40 -08:00
Ryan Bates
ba999970b1 add space in multiword model in I18n unauthorized message - closes #292 2011-03-08 15:56:23 -08:00
Ryan Bates
951d70e057 adding :prepend option to load_and_authorize_resource - closes #290 2011-03-08 15:50:34 -08:00
Ryan Bates
2c2fa306cc Merge branch 'master' of https://github.com/stefanoverna/cancan into stefanoverna-master 2011-03-08 15:33:47 -08:00
Ryan Bates
28a9a0ac07 Merge branch 'inherited_resources_collection_fix' of https://github.com/tanordheim/cancan into tanordheim-inherited_resources_collection_fix 2011-03-08 15:24:14 -08:00
Ryan Bates
c53ed1e497 raise a NotImplemented exception if it's an unrecognized MetaWhere condition 2011-03-08 11:06:46 -08:00
Ryan Bates
07088a0cdc making it easier to test all MetaWhere conditions 2011-03-08 10:52:49 -08:00
Ryan Bates
ff5aaf543b adding initial MetaWhere support 2011-03-08 10:37:25 -08:00
Ryan Bates
52435e97d9 fixing association conditions when MetaWhere is installed (thanks acmetech) - closes #261 2011-03-08 10:07:36 -08:00
Trond Arve Nordheim
e3eab13b86 Use collection instead of end_of_association_chain in the inherited_resources integration, as per suggested by aq1018 2011-03-08 10:45:34 +01:00
Stefano Verna
8722fbc7a5 Fix for deeply nested resources when using inherited resources 2011-02-17 22:31:17 +01:00
Ryan Bates
471d54ce01 Merge branch 'pass_action_to_accessible_by' of https://github.com/amw/cancan into amw-pass_action_to_accessible_by 2011-02-14 10:28:59 -08:00
Sam Pohlenz
f23bbe04ef Fix rule check on Hash-like subjects 2011-02-04 16:46:57 +10:30
Adam Wróbel
f1ea21b2a6 Pass action name to accessible_by. 2011-02-03 17:00:46 +01:00
Ryan Bates
b2028c8aa7 moving :alert into redirect_to call in documentation 2011-01-28 09:53:07 -08:00
Ryan Bates
f9ad4858f5 handle deeply nested conditions properly in active record adapter - closes #246 2011-01-20 10:12:46 -08:00
Ryan Bates
5c4c179c5a cleaning up mongoid adapter a little 2011-01-19 10:17:21 -08:00
Ryan Bates
78cbea5733 Merge branch 'master' of https://github.com/stellard/cancan into stellard-master 2011-01-19 09:25:08 -08:00
stellard
55c8a5045b added cannot support and multiple can support 2011-01-18 18:28:03 +00:00
Ryan Bates
52b33589dc changing flash[:error] to flash[:alert] in rdocs - closes #238 2011-01-18 09:19:22 -08:00
Ryan Bates
57327119a8 adding skip load and authorize behavior - closes #164 2011-01-08 12:04:55 -08:00
Mani Tadayon
12b0bff0b6 Use Mongoid::Matchers#matches? instead of a database query in MongoidAdapter#matches_conditions_hash? 2011-01-05 23:12:59 -08:00
Ryan Bates
bc9ecb226d don't authorize uncountable instance in collection action - closes #193 2011-01-05 13:47:38 -08:00
Ryan Bates
15ca8ade3b improving DataMapper adapter and specs 2011-01-05 13:22:06 -08:00
Ryan Bates
cef6c21232 allow model adapter to override condition hash matching in Rule, also clean up Mongoid adapter and specs 2011-01-04 11:43:41 -08:00
Mani Tadayon
f759ab7e54 Automatically add accessible_by to Mongoid Documents to match CanCan behavior for ActiveRecord and DataMapper.
Previously, CanCan::ModelAdditions had to be included in each and every Mongoid document separately. Also removed manual include of CanCan::ModelAdditions from Mongoid documents in Mongoid adapter specs.
2011-01-03 12:32:44 -08:00
Ryan Bates
f9f71d679d removing query.rb since it is no longer used 2010-12-30 15:45:22 -08:00
Ryan Bates
fc867c9c0d removing Mongoid::Components hack, tests are passing without it, add tests if this is actually needed 2010-12-30 15:43:36 -08:00
Ryan Bates
ec616ae75b moving accessible_by out into ModelAdditions module 2010-12-30 15:40:53 -08:00
Ryan Bates
f7a494dc51 switching mongoid over to new adapter 2010-12-30 15:06:59 -08:00
Ryan Bates
f5dce44697 switching data mapper to new adapter 2010-12-30 14:53:56 -08:00
Ryan Bates
8628aa0038 cleanup whitespace 2010-12-30 14:43:25 -08:00
Ryan Bates
bbb02f7c8f dynamically detect which model adapter to use given a class 2010-12-30 14:42:19 -08:00
Ryan Bates
cc30e838c0 fixing active record adapter behavior and improving specs for it 2010-12-30 00:43:22 -08:00
Ryan Bates
af9e77a79e adding initial active record adapter 2010-12-29 16:24:06 -08:00
Ryan Bates
4c5ba09f4c adding model adapter files in proper location with loading behavior 2010-12-29 15:01:49 -08:00
Nate Mueller
d315e22e7a Add support and tests for datamapper.
This broke some of the mongoid tests and I don't know how to fix them.  Both packages
  define Symbol#in, and when you load them both things don't behave properly.  Hopefully
  someone more versed in mongoid can rewrite the spec to not depend on the Symbol extensions.
2010-12-30 04:58:25 +08:00
Mani Tadayon
e14e1edec2 Fix bug with MongoidAdditions throwing a NameError when Mongoid is not defined by always checking if Mongoid is defined before referencing Mongoid-related constants
Also add spec for this bug
2010-12-26 02:17:50 -08:00
Ryan Bates
4339ac6546 improve support for rspec scaffolding (thanks voxik) - closes #176 2010-12-21 14:18:20 -08:00
Ryan Bates
5e1e6e182b allow query.conditions to be called multiple times without losing conditions 2010-12-21 14:01:28 -08:00
Ryan Bates
9b8e84944c adding ability generator - closes #170 2010-12-21 11:38:27 -08:00
Ryan Bates
37c149182c renaming CanDefinition to Rule 2010-12-21 10:41:55 -08:00
Ryan Bates
a6959c0ab2 Merge branch 'master' of https://github.com/bowsersenior/cancan into bowsersenior-master 2010-12-21 10:28:31 -08:00
Mani Tadayon
84c590e8c7 Add comments clarifying alias_method in MongoidAdditions 2010-11-17 09:52:30 -08:00
Tyler Gannon
f6aaa581ef can? should only go to db if there are mongoid criteria in the conditions.
Easier to just do a simple comparison on the object in memory
than to search the database.  Also this allows method calls
and other attributes that might not be found in the database.
2010-11-15 19:43:54 -08:00
Ryan Bates
787511a208 renaming skip_authorization to skip_authorization_check - closes #169 2010-11-12 10:46:03 -08:00
Ryan Bates
92995d791e adding :through_association option to load_resource (thanks hunterae) - closes #171 2010-11-12 10:42:26 -08:00
Nanda Lopes
9a7c427373 Fix NoMethodError
Raises NoMethodError when using ":singleton => true, :shallow => true" and parent_resource is nil
2010-11-13 02:24:31 +08:00
Ramon Tayag
cf263c105d checks if active record responds to 'joins', so this can work with internuity's quick_scopes gem; added .swp files to git ignore 2010-11-13 02:21:56 +08:00
Michael Halliday
79180de372 This fixes an odd error I was seeing in development mode when cache_classes = false (the default), specifically when loading an object throught the parent in load_and_authorize_resource.
Assume Photo model and User model where user has many photos:

@photo = current_user.photos.find(1) # this returns a photo
@photo1 = Photo.find(1)

@photo.kind_of?(Photo) is not always true for some reason when class_cacheing is false.  Where as @photo1.kind_of?(Photo) always appears to be true.  Of interesting note, in the above example @photo != @photo1 if kind_of? is false.  Very odd.
 
Again, this only appears to be when loading and object through an association.
2010-11-13 02:09:06 +08:00
Mani Tadayon
dbcd93e095 Fix bug with Mongoid document where :manage :all caused accessible_by to return nothing and add specs to test for :manage :all. 2010-10-14 18:21:59 -07:00
Mani Tadayon
d256aeb26e Fix bug with CanDefinition#tableized_conditions being used with Mongoid documents and add more specs for accesible_by with Mongoid. 2010-10-14 17:39:19 -07:00
Mani Tadayon
25bf479f48 Fix accessible_by for Mongoid documents when no ability is defined.
The previous spec that checked for this was not right, since there were no documents in the collection, so every query would return an empty result.
2010-10-13 19:41:30 -07:00
Mani Tadayon
ab82dcbc8f Add support for Mongoid::Criteria Symbol extensions (:age.gt => 10) along with specs. 2010-10-13 15:22:53 -07:00
Mani Tadayon
be74df0548 Add support for Mongoid documents along with basic specs. 2010-10-13 14:41:29 -07:00
Ryan Bates
6c3e87eea9 updating readme and documentation 2010-10-05 16:18:35 -07:00
Ryan Bates
b0cec5251c adding a couple things to the changelog 2010-10-05 12:00:50 -07:00
Ryan Bates
8f49f28713 don't stop at cannot definitions when there are no conditions - closes #161 2010-10-04 11:11:14 -07:00
Sokolov Yura
12037d7f43 should not allow to can? when raw sql without block is present 2010-10-05 02:01:48 +08:00
Ryan Bates
1f81b8dd1e use 'send' to access controller current_ability in case it's private 2010-09-23 11:58:55 -07:00
Ryan Bates
c11ffb6fd1 support loading resource :through method along with instance variable - closes #146 2010-09-21 11:42:47 -07:00
Ryan Bates
264e2d2b68 raise AccessDenied error when loading child while parent is nil, pass :shallow => true to bypass 2010-09-21 11:32:56 -07:00
Sokolov Yura
ebef3cc745 consistency addition for ability check on Module 2010-09-21 00:16:36 +08:00
Ryan Bates
cef55c95e7 fetch cancan_resource_class through controller class from ControllerResource 2010-09-16 16:01:58 -07:00
Sokolov Yura
a0f73fe0f7 fix error 2010-09-17 06:57:25 +08:00
Sokolov Yura
e2c341b8d3 allow to check ability by common module 2010-09-17 06:57:24 +08:00
Sokolov Yura
f236b1b5a4 resolve issue 149 2010-09-17 06:57:24 +08:00
Juan Manuel Barreneche
0b270f2d0f Use cancan_resource_class for before filters instead of hardcoded ControllerResource class 2010-09-17 06:40:16 +08:00
Juan Manuel Barreneche
961df90ecd Controllers which use 'inherit_resources' instead of Inheritance may have inherited_resource's methods protected 2010-09-17 06:40:15 +08:00
Ryan Bates
4eee637270 adding support for loading through Inherited Resources - closes #23 2010-09-09 16:28:00 -07:00
Ryan Bates
a5ff826e40 fix pluralize error on index action when passing resource name - closes #143 again 2010-09-07 22:10:16 -07:00
Ryan Bates
9d915457af load the collection instance variable on index action - closes #137 2010-09-07 16:25:02 -07:00
Ryan Bates
158c908d3b adding action and subject variables to I18n unauthorized message - closes #142 2010-09-07 15:48:07 -07:00
Ryan Bates
bf9b8ad1a6 filling in some inline documentation for 1.4 2010-09-03 16:19:39 -07:00
Ryan Bates
1af6c6f395 adding check_authorization and skip_authorization controller class methods to ensure authorization is triggered (thanks justinko) - closes #135 2010-09-03 14:38:55 -07:00
Ryan Bates
7c5243321f have params hash override initial attributes when building a new resource 2010-09-03 14:11:44 -07:00
Ryan Bates
721939babd cleaning up some internal specs and names 2010-09-03 14:00:46 -07:00
Ryan Bates
a744377ac9 the new and create actions will now build the resource with attributes based on ability conditions hash - closes #114 2010-09-03 11:53:47 -07:00
Ryan Bates
1be5bf7a57 don't fail if association conditions aren't specified for nested association check 2010-09-03 11:05:58 -07:00
Ryan Bates
c88cb8f459 passing a hash to can? will check permissions on association, this is done automatically in authorize_resource - closes #121 2010-09-03 11:01:55 -07:00
Ryan Bates
a5f838a964 use I18n for unauthorization messages - closes #103 2010-09-02 17:01:10 -07:00
Ryan Bates
66314a89f8 support no arguments to 'can' definition which always calls block 2010-09-02 14:46:38 -07:00
Ryan Bates
b1fb179aaf don't pass action into can block with :manage option - closes #129 2010-09-02 14:29:49 -07:00
Ryan Bates
6105edc6a7 skip block when only class is passed to ability check, also don't pass class to block for :all - closes #116 2010-09-02 14:23:00 -07:00
Ryan Bates
5a353c1cba don't stop at cannot definition when checking class - closes #131 2010-08-30 15:20:06 -07:00
Ryan Bates
4fe44af45d be more clear about blocks not working with accessible_by - closes #130 2010-08-30 13:40:31 -07:00
Ryan Bates
caed4fcee5 use RSpec namespace for matcher - closes #119 2010-08-18 16:22:43 -07:00
Ryan Bates
e893e12260 fixing broken spec and minor improvements to tableized_conditions method 2010-08-18 16:04:08 -07:00
McClain Looney
3d7742ea43 fix for bug 123 2010-08-17 09:33:11 -05:00
Ryan Bates
333ddf1970 properly pass along resource name without slice error - closes #112 2010-08-07 08:33:31 -07:00
Ryan Bates
f8631dcc93 fixing error on protected sanitize_sql - closes #111 2010-08-06 23:24:04 -07:00
Ryan Bates
1dccc0252a removing :resource option from rdocs since it's not longer used 2010-08-06 15:05:24 -07:00
Ryan Bates
75ce2bdefa allow :parent => false option to work in load/authorize resource 2010-08-06 14:26:57 -07:00