will/cancan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
434 Commits 2 Branches 29 Tags 791 KiB
1f7e4c8b6b
Commit Graph

258 Commits

Author SHA1 Message Date
Sergio Arbeo
1f7e4c8b6b Solves problem when authorizing new action. 
Given two models Category and Projects. A Category has_many
projects and Project belongs_to a category. Furthermore,
projects are shallow nested resources in a category.

Let's say that a user can edit certain category's projects
(and only one category can be edited by each user [1]), this is
expressed with the following line in Ability model:

can :new, :projects, category_id: user.category_id

Given the old implementation, we get that any user can 'new'
(though not 'create') a project in any category:

```ruby
def assign_attributes(resource)
  resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
  initial_attributes.each do |attr_name, value|
    resource.send("#{attr_name}=", value)
  end
  resource
end
```

In this case, category_id in project would get overwritten
inside the initial_attributes loop and authorization would pass.
I consider this a buggy behaviour.

[1] User belongs_to a category, and a Category has many
users. On the other hand, there might be users without
any category.

Conflicts:
	spec/cancan/controller_resource_spec.rb
 2012-10-04 20:29:28 +02:00
Nugroho Herucahyono
6c1828acb6 fix namespace split, so we can use / for namespace 2012-06-29 18:29:08 +07:00
Ryan Bates
6886aecb9a bringing up to date with master branch 2012-06-26 17:10:01 -07:00
Ryan Bates
de000fdec7 tests passing with Rails 3.2.6 2012-06-26 15:13:35 -07:00
Ryan Bates
112a995327 clearing leftover whitespace 2012-06-19 11:36:59 -07:00
Ryan Bates
944804183e load ostruct for OpenStruct used in spec 2012-06-19 11:35:58 -07:00
Ryan Bates
2b89dbbdfa Merge pull request #653 from andhapp/fix-pull-request-640 
Init attributes in InheritedResources controller w/ specs
 2012-06-19 10:53:22 -07:00
Mike Pack
b965f5bab4 Add specs for resource attributes. 
Remove inconsistent line breaks.
 2012-06-19 00:08:27 +01:00
Mark Sim
d5baed6281 Fixes Nested Resource Loading 2012-06-18 06:52:32 +01:00
Anuj Dutta
da663aaed1 Fix for issue-644 to allow users to specify a mix of can and cannot rules with mongo. 2012-06-10 22:54:45 +01:00
Oliver Morgan
354e34b8ab Fixed bug where parent resources were being regarded as children 2012-06-04 17:44:33 +01:00
Oliver Morgan
245b83f6b4 Classify causes plural model names to be incorrectly renamed 
Some model names will be renamed incorrectly e.g. 'business'. It should
be the responsibility of the user to make sure they use a name that
directly corresponds to the model name. The only filtering performed
should be camelize.
 2012-05-31 10:45:55 +01:00
Oliver Morgan
78cbcf1db9 Named resources were not being loaded correctly. Fixes #633 2012-05-30 12:39:10 +01:00
Ryan Bates
80a8c39a93 Merge pull request #632 from andhapp/fix-issue-327 
Fix to handle MetaWhere and non-MetaWhere conditions correctly.
 2012-05-29 10:04:18 -07:00
Ryan Bates
b3f9ffe93b Merge pull request #625 from rogercampos/merging 
Adding Ability#merge
 2012-05-28 11:02:51 -07:00
Anuj Dutta
c27ead5b9f Fix to handle MetaWhere and non-MetaWhere conditions correctly. 2012-05-26 18:00:50 +01:00
Chris Gunther
b347c7b78c port fix for namespaced params from 2.0 back to 1.6 2012-05-14 10:52:29 -04:00
Ryan Bates
1cdd7b3c18 Merge pull request #509 from moffff/master 
Fix 'spec/spec_helper.rb:20: uninitialized constant WithModel (NameError)'
 2012-05-11 08:59:41 -07:00
Michael de Silva
0e8c7ca01f cancan 2.0 fix for issue #565; test to properly authorize resource for namespaced controller 2012-05-11 12:00:46 +03:00
Ryan Bates
a8a85f13a3 Merge pull request #541 from icrowley/master 
Fixed bug with params for actions that build new instances with namespaced models
 2012-05-10 13:51:45 -07:00
Ryan Bates
70515de8c1 Merge pull request #556 from mauriciozaffari/master 
Pass forward :if and :unless options to the before filter.
 2012-05-10 11:00:32 -07:00
Ryan Bates
b73bd062a8 Merge pull request #564 from flop/master 
False positives on multiple nested abilities definitions
 2012-05-10 10:59:08 -07:00
Aryk Grosz
65bbf0e354 Add check for Enumerable as condition value 2012-04-23 00:51:55 -07:00
Ryan Bates
167d3832fc getting data_mapper and mongoid specs passwing with latest versions 2012-04-22 17:01:10 -07:00
Ryan Bates
1ff1b70de4 disabling MetaWhere feature and making Acitve Record fixture that is always loaded 2012-04-22 16:06:59 -07:00
Ryan Bates
ec36137aa6 changing should spec wording 2012-04-22 15:15:09 -07:00
Ryan Bates
b37f2d083e switching to Rspec stubbing/mocking - no more RR 2012-04-22 14:59:32 -07:00
Florent Piteau
ba01349eb0 Don't remove key-value from the subject hash we might want to use it again. 2012-02-29 15:49:19 +01:00
Mauricio Zaffari
83e2dcebd0 Pass forward :if and :unless options to the before filter. i.e: 
load_and_authorize_resource :if => condition == true
 2012-02-02 21:06:38 -02:00
Dmitry Afanasyev
baadcb923b Fixed bug with params for actions that build new instances with namespaced models 2012-01-06 01:21:11 +04:00
Artem Kornienko
f18f53c9ce Fixed problem with 'with_model' gem in DataMapper tests and Mongoid tests. 2011-11-09 18:38:19 +02:00
Roger Campos
7797b37c7e Adding Ability#merge 2011-10-31 14:08:50 +01:00
Ryan Bates
67a3038628 quick fix to get nested resources working again - closes #482 2011-10-04 15:02:59 -07:00
Ryan Bates
c94de4ab18 include namespace in params when creating/updating resource - closes #349 2011-09-28 16:00:46 -07:00
Ryan Bates
6de9e4675a consider specificity when finding relevant rules so generic rules will not override specific ones - closes #321 2011-09-28 15:34:08 -07:00
Ryan Bates
1fb2c0160c ignore cannot clause with attributes when not checking for with attributes - closes #406 2011-09-28 14:48:26 -07:00
Jan Vlnas
aa83fee7a4 Add failing example of cannot for attribute, corresponds to #406 2011-09-28 14:11:43 -07:00
Ryan Bates
eafd6cfcde fixing spec for new id_param option 2011-09-28 13:50:46 -07:00
Ryan Bates
67c93619c1 Merge branch 'master' into 2.0 2011-09-28 13:45:49 -07:00
Ryan Bates
610d7e3ec4 Merge pull request #425 from skhisma/master 
Allow custom IDs to be specified when calling load_resource
 2011-09-28 13:44:19 -07:00
Ryan Bates
092b510a2f fixing namespace controller resource spec 2011-09-28 13:43:34 -07:00
Ryan Bates
2160183e86 Merge branch 'master' into 2.0 2011-09-28 13:35:52 -07:00
Ryan Bates
86063e4846 merging 1.6 additions into 2.0 branch 2011-09-28 11:39:26 -07:00
Ryan Bates
6ef2c44f57 fixing model comparison spec, I believe this bug is caused by recent version of with_model 2011-09-28 10:08:21 -07:00
Geoff Parsons
7937a282a3 :id_param option to load_resource allows specification of the param name to find members 2011-07-20 13:42:24 -04:00
Steven Anderson
6c497b8dd9 Added support for engines and namespaced models. 2011-07-20 09:31:53 +01:00
Nicolás Hock Isaza
1c3e61725f Change the i18n default name to :"unauthorized.default" 2011-07-01 13:10:20 -05:00
Nicolás Hock Isaza
71f60bc4ac Adding tests for i18n translation for default messages 2011-06-30 18:16:47 -05:00
Ryan Bates
b8ff2dbc6a load member through method instead of instance variable to improve decent_exposure support 2011-06-13 15:16:08 -07:00
Ryan Bates
613ab1c1ab delegating ControllerResource find to model adapter, uses 'get' for DataMapper - closes #373 2011-05-21 13:57:17 -07:00