Ryan Bates
156839b73e
only use the :read action when authorizing parent resources
2010-08-05 16:24:08 -07:00
Ryan Bates
25a1c553bf
adding :through option to replace :nesting option and moving ResourceAuthorization class code into ControllerResource
2010-08-05 16:12:30 -07:00
Ryan Bates
8dee01195d
improving inline documentation for Query
2010-07-21 12:16:08 -07:00
Ryan Bates
5eae169d7b
mentioning CanCan contributors in README
2010-07-21 12:06:28 -07:00
Ryan Bates
66ff1f2ea3
removing metrics link in readme, farewell Caliper :(
2010-07-21 12:02:27 -07:00
Ryan Bates
18dcf2a121
mention Rails 3 installation in README - closes #56
2010-07-21 11:59:24 -07:00
Ryan Bates
9b26f4d767
fixing specs for older versions of ruby and rspec
2010-07-21 11:56:19 -07:00
Ryan Bates
25637bb33a
removing extra white space at end of lines
2010-07-21 11:45:26 -07:00
Ryan Bates
c5737f6d28
adding thanks to changelog
2010-07-20 17:11:05 -07:00
Ryan Bates
1659f21bb3
updating changelong with support for multiple can calls in accessible_by - closes #71
2010-07-20 17:09:46 -07:00
Ryan Bates
ba8cb3cf6d
refactoring query.joins
2010-07-20 17:05:17 -07:00
Ryan Bates
e098ddaacd
refactoring query.conditions
2010-07-20 16:00:22 -07:00
Ryan Bates
964a4765b1
removing need to pass tableize option around for query conditions
2010-07-20 13:43:43 -07:00
Ryan Bates
a42e067f3b
extracting out Query class for generating sql conditions and association joins
2010-07-20 13:20:01 -07:00
Ryan Bates
60848143b7
refactoring can definition matching behavior
2010-07-20 11:04:03 -07:00
Ryan Bates
5d8f04363d
merging with master and resolving a couple conflicts
2010-07-19 16:36:01 -07:00
Ryan Bates
cad425989e
supporting deeply nested aliases - closes #98
2010-07-19 16:03:09 -07:00
Ryan Bates
1b4377cbf3
releasing version 1.2.0
1.2.0
2010-07-19 09:21:14 -07:00
Yura Sokolov
75eb1917f9
add test for single cannot
definition
2010-05-25 14:28:29 +04:00
Yura Sokolov
5fd793090a
fix logic error for single cannot
condition - it should return no records
2010-05-25 14:09:01 +04:00
Yura Sokolov
ac19422a90
add tests for merging conditions and joins
2010-05-25 14:02:26 +04:00
Yura Sokolov
9c0346b90b
can accept array for sql sanitizing in conditions
2010-05-25 14:01:53 +04:00
Yura Sokolov
b473d8827f
CanDefinition#only_block?
2010-05-25 12:23:39 +04:00
Yura Sokolov
bcab8d6369
fix error with single cannot condition
2010-05-25 12:14:01 +04:00
Yura Sokolov
dbc1538054
small refactoring: CanDefinition #definitive? #conditions_empty?
2010-05-24 18:15:20 +04:00
Yura Sokolov
46f03013f3
Merge remote branch 'upstream/master'
...
Conflicts:
lib/cancan/ability.rb
lib/cancan/active_record_additions.rb
lib/cancan/can_definition.rb
spec/cancan/ability_spec.rb
2010-05-24 15:17:10 +04:00
Ryan Bates
1ade44221a
load parent resources for collection actions such 'index'
2010-05-21 15:22:21 -07:00
Ryan Bates
2a3dd85a18
adding :name option to load_and_authorize_resource if it does not match controller - closes #65
2010-05-21 14:20:45 -07:00
Ryan Bates
dfd84a10ed
improving inline documentation
2010-05-21 13:41:24 -07:00
John Allison
7543eedd6a
fixing issue when using accessible_by with nil can conditions - closes #66
2010-05-20 17:06:10 -07:00
Logan Raarup
605063b974
Make sure conditions on associations are pluralized
2010-05-21 07:31:29 +08:00
Sokolov Yura
7d7d249182
passing throw matching rules with not matching conditions
...
Main goal is to allow:
cannot :manage, :all
can :read, :all
can :manage, User, :id=>user.id
can :manage, User, :manager_id=>user.id
Signed-off-by: Sokolov Yura <funny.falcon@gmail.com>
2010-05-16 22:13:02 +04:00
Ryan Bates
06296b0a40
support has_many association or arrays in can conditions hash
2010-04-22 17:39:22 -07:00
Ryan Bates
e20081454f
adding joins clause to accessible_by when conditions are across associations
2010-04-20 17:02:28 -07:00
Ryan Bates
4da31c0709
can has cheezburger? (thanks Seivan)
2010-04-20 14:24:26 -07:00
Ryan Bates
5aa6252df6
removing unused methods and a bit more refactoring
2010-04-18 00:44:42 -07:00
Ryan Bates
bbbc8a68e0
refactoring much of Ability class into separate CanDefinition class
2010-04-18 00:11:15 -07:00
Ryan Bates
232ecd5b4b
releasing 1.1.1 which fixes behavior in Rails 3 by properly initializing ResourceAuthorization
1.1.1
2010-04-17 14:01:20 -07:00
Ryan Bates
e1652ea424
adding admin namespace wiki page link to readme
2010-04-17 13:27:01 -07:00
Ryan Bates
b9995c6147
minor changes to readme
2010-04-17 12:37:32 -07:00
Ryan Bates
ff8c11cfc5
releasing version 1.1, see wiki and changelog for details
1.1
2010-04-17 12:06:06 -07:00
Ryan Bates
f1ba76b61b
supporting arrays, ranges, and nested hashes in ability conditions
2010-04-17 11:54:27 -07:00
Ryan Bates
283f58ee16
improving readme with links to wiki
2010-04-17 11:45:41 -07:00
Ryan Bates
f46696348e
allow access to classes when using hash conditions since you'll generally want to narrow it down with a database query
2010-04-16 15:56:07 -07:00
Ryan Bates
8903feee70
removing unauthorized! in favor of authorize! and including more information in AccessDenied exception - closes #40
2010-04-16 14:54:18 -07:00
Ryan Bates
ecf2818a9e
removing apparently unnecessary user attr_accessor in Ability
2010-04-16 08:57:10 -07:00
Ryan Bates
d9f3c8b0ae
renaming noun to subject internally
2010-04-16 08:55:36 -07:00
Ryan Bates
240c281061
renaming ActiveRecordAdditions#can method to accessible_by since it flows better and makes more sense
2010-04-15 23:54:45 -07:00
Ryan Bates
ef5900c5b1
adding caching to current_ability class method, if you're overriding this be sure to add caching there too
2010-04-15 23:28:04 -07:00
Ryan Bates
37f482e8d5
default ActiveRecordAdditions#can method action to :read and use 'scoped' if 'where' is not available
2010-04-15 23:18:49 -07:00