Commit Graph

258 Commits

Author SHA1 Message Date
Ryan Bates
c031f82dd2 allow :find_by option to be full find method name - closes #335 2011-05-19 23:37:36 -04:00
Ryan Bates
f6c2054f7e set resource attributes in update action and authorize after set - closes #141 2011-05-19 17:12:30 -04:00
Ryan Bates
a29e31606b changing the interface for ControllerResource load/authorize so they can be intertwined 2011-05-19 16:38:33 -04:00
Ryan Bates
e24d5d146b merging master into 2.0 2011-05-19 16:01:06 -04:00
Ryan Bates
843fe89c63 pass action and subject through AccessDenied exception when :through isn't found - closes #366 2011-05-18 12:58:02 -04:00
Ryan Bates
74c9d582b2 Merge pull request #363 from rahearn/mongoid-conditions-empty
Fixes bug in mongoid_adapter with empty conditions hash
2011-05-17 10:22:19 -07:00
Ryan Bates
4e4c5a9a7f adding current_ability to helper methods - closes #361 2011-05-17 13:21:11 -04:00
Ryan Ahearn
ad62d60b20 Fixes bug in mongoid_adapter with empty conditions hash
* adds mongoid query that matches every record when
rule.conditions.empty? is true
2011-05-10 11:52:29 -04:00
Emmanuel Gomez
d6851debd4 Fix pending spec for DataMapper adapter. 2011-04-29 00:46:38 -07:00
John Feminella
17c52a7983 Augments Mongoid adapter by handling case where attribute is an array 2011-04-27 09:54:37 -04:00
Ryan Bates
63865cc7d8 allow SQL conditions to be used with a block 2011-04-21 00:46:06 -07:00
Ryan Ahearn
2b6204117f Adds ability to use Scope query with Mongoid
Same limitations apply as with active record
* can not be OR'd with other rules for same ability/controller
2011-04-15 16:58:19 -04:00
Ryan Bates
b1424dfa49 Merge branch 'optional-associations' of https://github.com/socialcast/cancan into socialcast-optional-associations 2011-04-01 15:13:02 -07:00
Mitch Williams
6aaab9e440 Fixed bug where conditions on an optionally associated object would throw exceptions if the associated object was not present at the rule match time. 2011-04-01 13:20:25 -07:00
Florent Piteau
a10243a569 When using an existing scope, it should be merged properly to the class. May fix ryanb/cancan#328 :) 2011-04-01 21:25:19 +02:00
Florent Piteau
81f00f9024 Failling test for nested resources with a scope for conditions 2011-04-01 18:45:33 +02:00
Ryan Bates
e5b76210e4 fixing marking fully_authorized on an object instance 2011-03-25 17:05:36 -07:00
Ryan Bates
baa1dacc21 authorize params passed in create and update action 2011-03-25 17:01:12 -07:00
Ryan Bates
f41b39406c don't authorize based on resource name in authorize_resource since this is already handled by enable_authorization 2011-03-25 16:40:20 -07:00
Ryan Bates
27eba72e4b mark index action as fully authorized when fetching records through accessible_by 2011-03-25 16:34:13 -07:00
Ryan Bates
5d68caefd0 removing skipping feature in ControllerResource for now 2011-03-25 16:29:04 -07:00
Ryan Bates
35fbee578f passing block to enable_authorization will be executed when CanCan::Unauthorized exception is raised 2011-03-25 16:08:09 -07:00
Ryan Bates
cf2896f011 renaming AccessDenied exception to Unauthorized 2011-03-25 14:43:36 -07:00
Ryan Bates
bcac159b3e merging with master 2011-03-25 14:32:29 -07:00
Ryan Bates
1ac8099f7a return subject passed to authorize! - closes #314 2011-03-25 14:24:43 -07:00
Ryan Bates
346ca2c74e check authorization is sufficient in an after_filter when doing enable_authorization 2011-03-25 14:11:59 -07:00
Ryan Bates
242e912519 refactoring fully authorized check and catching bug 2011-03-25 13:30:45 -07:00
Ryan Bates
488cc2dfdd require attributes to be checked on create/update action in order to be fully authorized 2011-03-25 13:23:05 -07:00
Ryan Bates
0f3753491d adding fully_authorized? method to Ability to check if conditions are considered in authorize! call 2011-03-25 12:01:53 -07:00
Ryan Bates
85efbdb8d0 adding attributes as 3rd argument to can and can? calls 2011-03-25 11:24:10 -07:00
Ryan Bates
a03d35272b allow strings along with symbols in Ability definition and checking 2011-03-24 11:52:54 -07:00
Ryan Bates
7ee942c334 adding enable_authorization method and deprecating some other controller methods 2011-03-24 11:22:32 -07:00
Ryan Bates
3a825ed0d1 getting all specs passing again 2011-03-23 19:47:34 -07:00
Ryan Bates
98ed39264e modifying Ability to use symbol for subject instead of class, also adding subject aliases 2011-03-23 17:00:33 -07:00
Ryan Bates
7688025404 fixing instance loading with :singleton option - closes #310 2011-03-18 09:42:30 -07:00
Ryan Bates
3efa069349 fixing failing MetaWhere spec 2011-03-18 09:14:17 -07:00
Ryan Bates
3f6cecbfcf use Item.new instead of build_item for singleton resource so it doesn't mess up database - closes #304 2011-03-15 23:37:05 -07:00
Ryan Bates
fdd5ad022d making accessible_by action default to :index and parent action default to :show so we don't check :read action directly - closes #302 2011-03-15 23:00:40 -07:00
Adam Wróbel
3639ca90eb Fixes inherited_resources collection authorization
This reverts e3eab13b86

I don't know what was the idea of that, but it turned out REAL bad.

`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.

    1. def load_resource
    2.  unless skip?(:load)
    3.    if load_instance?
    4.      self.resource_instance ||= load_resource_instance
    5.    elsif load_collection?
    6.      self.collection_instance ||= load_collection
    7.    end
    8.  end
    9. end

`collection_instance` is set on line 5 instead of line 6.
2011-03-16 01:20:35 +01:00
Ryan Bates
9bee4a8d4b adding any/all support for MetaWhere conditions 2011-03-08 23:19:56 -08:00
Ryan Bates
eb2826f135 adding more MetaWhere comparison operators 2011-03-08 22:21:42 -08:00
Ryan Bates
a49269175e Merge branch 'master' into meta_where 2011-03-08 22:05:40 -08:00
Ryan Bates
0de43c445b raise an error when trying to make a rule with both hash conditions and a block - closes #269 2011-03-08 17:20:32 -08:00
Ryan Bates
f9b181af05 allow Active Record scope to be passed as Ability conditions - closes #257 2011-03-08 17:08:26 -08:00
Ryan Bates
80f1ab20fb adding :if and :unless options to check_authorization - closes #284 2011-03-08 16:35:01 -08:00
Ryan Bates
37102fe6f8 load collection resources in custom controller actions with no id param - closes #296 2011-03-08 16:10:40 -08:00
Ryan Bates
ba999970b1 add space in multiword model in I18n unauthorized message - closes #292 2011-03-08 15:56:23 -08:00
Ryan Bates
951d70e057 adding :prepend option to load_and_authorize_resource - closes #290 2011-03-08 15:50:34 -08:00
Ryan Bates
3a07d62782 fixing spec for Inherited Resource parent loading 2011-03-08 15:39:15 -08:00
Ryan Bates
07088a0cdc making it easier to test all MetaWhere conditions 2011-03-08 10:52:49 -08:00
Ryan Bates
ff5aaf543b adding initial MetaWhere support 2011-03-08 10:37:25 -08:00
Trond Arve Nordheim
e3eab13b86 Use collection instead of end_of_association_chain in the inherited_resources integration, as per suggested by aq1018 2011-03-08 10:45:34 +01:00
Ryan Bates
3901cbe499 fixing tests for passing action name through to accessible_by call 2011-02-14 10:33:53 -08:00
Sam Pohlenz
f23bbe04ef Fix rule check on Hash-like subjects 2011-02-04 16:46:57 +10:30
Ryan Bates
f9ad4858f5 handle deeply nested conditions properly in active record adapter - closes #246 2011-01-20 10:12:46 -08:00
stellard
cff922915e improved test assertion 2011-01-18 21:47:33 +00:00
stellard
55c8a5045b added cannot support and multiple can support 2011-01-18 18:28:03 +00:00
Ryan Bates
3885f469d5 updating changelog 2011-01-08 13:06:00 -08:00
Ryan Bates
57327119a8 adding skip load and authorize behavior - closes #164 2011-01-08 12:04:55 -08:00
Mani Tadayon
9a14c706d2 Add MongoidAdapter specs for unsaved instances 2011-01-06 08:09:37 -08:00
Mani Tadayon
12b0bff0b6 Use Mongoid::Matchers#matches? instead of a database query in MongoidAdapter#matches_conditions_hash? 2011-01-05 23:12:59 -08:00
Ryan Bates
bc9ecb226d don't authorize uncountable instance in collection action - closes #193 2011-01-05 13:47:38 -08:00
Ryan Bates
15ca8ade3b improving DataMapper adapter and specs 2011-01-05 13:22:06 -08:00
Ryan Bates
cef6c21232 allow model adapter to override condition hash matching in Rule, also clean up Mongoid adapter and specs 2011-01-04 11:43:41 -08:00
Ryan Bates
685e926d96 moving with_model rspec configuration into Active Record model adapter spec 2011-01-04 10:55:48 -08:00
Ryan Bates
bd9480cb51 removing unused sanitization code in mongoid spec 2011-01-04 10:53:31 -08:00
Mani Tadayon
f759ab7e54 Automatically add accessible_by to Mongoid Documents to match CanCan behavior for ActiveRecord and DataMapper.
Previously, CanCan::ModelAdditions had to be included in each and every Mongoid document separately. Also removed manual include of CanCan::ModelAdditions from Mongoid documents in Mongoid adapter specs.
2011-01-03 12:32:44 -08:00
Ryan Bates
6ccb4dd684 adding spec_all rake task to spec readme 2010-12-30 15:51:57 -08:00
Ryan Bates
ec616ae75b moving accessible_by out into ModelAdditions module 2010-12-30 15:40:53 -08:00
Ryan Bates
f7a494dc51 switching mongoid over to new adapter 2010-12-30 15:06:59 -08:00
Ryan Bates
f5dce44697 switching data mapper to new adapter 2010-12-30 14:53:56 -08:00
Ryan Bates
e8d298c223 removing fake sanitize methods in specs because we're using Active Record now 2010-12-30 14:44:31 -08:00
Ryan Bates
8628aa0038 cleanup whitespace 2010-12-30 14:43:25 -08:00
Ryan Bates
bbb02f7c8f dynamically detect which model adapter to use given a class 2010-12-30 14:42:19 -08:00
Ryan Bates
cc30e838c0 fixing active record adapter behavior and improving specs for it 2010-12-30 00:43:22 -08:00
Ryan Bates
af9e77a79e adding initial active record adapter 2010-12-29 16:24:06 -08:00
Ryan Bates
4c5ba09f4c adding model adapter files in proper location with loading behavior 2010-12-29 15:01:49 -08:00
Ryan Bates
f8760b7149 adding some documentation for running specs with different model adapters 2010-12-29 13:37:37 -08:00
Ryan Bates
f9a498d2fc moving model adapter specs into their own directory with MODEL_ADAPTER environment variable for choosing which one to run 2010-12-29 13:15:56 -08:00
Nate Mueller
d315e22e7a Add support and tests for datamapper.
This broke some of the mongoid tests and I don't know how to fix them.  Both packages
  define Symbol#in, and when you load them both things don't behave properly.  Hopefully
  someone more versed in mongoid can rewrite the spec to not depend on the Symbol extensions.
2010-12-30 04:58:25 +08:00
Mani Tadayon
e14e1edec2 Fix bug with MongoidAdditions throwing a NameError when Mongoid is not defined by always checking if Mongoid is defined before referencing Mongoid-related constants
Also add spec for this bug
2010-12-26 02:17:50 -08:00
Mani Tadayon
ebb8e1bf8b Rename Mongoid collection used in spec and fix description for first spec 2010-12-26 01:37:29 -08:00
Ryan Bates
4339ac6546 improve support for rspec scaffolding (thanks voxik) - closes #176 2010-12-21 14:18:20 -08:00
Ryan Bates
5e1e6e182b allow query.conditions to be called multiple times without losing conditions 2010-12-21 14:01:28 -08:00
Ryan Bates
37c149182c renaming CanDefinition to Rule 2010-12-21 10:41:55 -08:00
Ryan Bates
a6959c0ab2 Merge branch 'master' of https://github.com/bowsersenior/cancan into bowsersenior-master 2010-12-21 10:28:31 -08:00
Mani Tadayon
5ebca1f9bf Update specs for MongoidAdditions to use rr mocks 2010-11-16 15:47:07 -08:00
Tyler Gannon
f6aaa581ef can? should only go to db if there are mongoid criteria in the conditions.
Easier to just do a simple comparison on the object in memory
than to search the database.  Also this allows method calls
and other attributes that might not be found in the database.
2010-11-15 19:43:54 -08:00
Ryan Bates
787511a208 renaming skip_authorization to skip_authorization_check - closes #169 2010-11-12 10:46:03 -08:00
Ryan Bates
92995d791e adding :through_association option to load_resource (thanks hunterae) - closes #171 2010-11-12 10:42:26 -08:00
Ryan Bates
ebf77ed647 fixing specs due to joins method check in active record additions 2010-11-12 10:31:36 -08:00
Nanda Lopes
9a7c427373 Fix NoMethodError
Raises NoMethodError when using ":singleton => true, :shallow => true" and parent_resource is nil
2010-11-13 02:24:31 +08:00
Mani Tadayon
dbcd93e095 Fix bug with Mongoid document where :manage :all caused accessible_by to return nothing and add specs to test for :manage :all. 2010-10-14 18:21:59 -07:00
Mani Tadayon
d256aeb26e Fix bug with CanDefinition#tableized_conditions being used with Mongoid documents and add more specs for accesible_by with Mongoid. 2010-10-14 17:39:19 -07:00
Mani Tadayon
25bf479f48 Fix accessible_by for Mongoid documents when no ability is defined.
The previous spec that checked for this was not right, since there were no documents in the collection, so every query would return an empty result.
2010-10-13 19:41:30 -07:00
Mani Tadayon
ab82dcbc8f Add support for Mongoid::Criteria Symbol extensions (:age.gt => 10) along with specs. 2010-10-13 15:22:53 -07:00
Mani Tadayon
be74df0548 Add support for Mongoid documents along with basic specs. 2010-10-13 14:41:29 -07:00
Ryan Bates
f901c367fc using supermodel in specs to remove some of the model stubs 2010-10-08 11:46:41 -07:00
Ryan Bates
fa766e71ed looks like Bundler automatically requires cancan for the specs 2010-10-05 14:02:01 -07:00
Ryan Bates
b0cec5251c adding a couple things to the changelog 2010-10-05 12:00:50 -07:00