Commit Graph

188 Commits

Author SHA1 Message Date
Ryan Bates
610d7e3ec4 Merge pull request #425 from skhisma/master
Allow custom IDs to be specified when calling load_resource
2011-09-28 13:44:19 -07:00
Geoff Parsons
7937a282a3 :id_param option to load_resource allows specification of the param name to find members 2011-07-20 13:42:24 -04:00
Steven Anderson
6c497b8dd9 Added support for engines and namespaced models. 2011-07-20 09:31:53 +01:00
Nicolás Hock Isaza
1c3e61725f Change the i18n default name to :"unauthorized.default" 2011-07-01 13:10:20 -05:00
Nicolás Hock Isaza
71f60bc4ac Adding tests for i18n translation for default messages 2011-06-30 18:16:47 -05:00
Ryan Bates
613ab1c1ab delegating ControllerResource find to model adapter, uses 'get' for DataMapper - closes #373 2011-05-21 13:57:17 -07:00
Ryan Bates
c031f82dd2 allow :find_by option to be full find method name - closes #335 2011-05-19 23:37:36 -04:00
Ryan Bates
843fe89c63 pass action and subject through AccessDenied exception when :through isn't found - closes #366 2011-05-18 12:58:02 -04:00
Ryan Bates
74c9d582b2 Merge pull request #363 from rahearn/mongoid-conditions-empty
Fixes bug in mongoid_adapter with empty conditions hash
2011-05-17 10:22:19 -07:00
Ryan Bates
4e4c5a9a7f adding current_ability to helper methods - closes #361 2011-05-17 13:21:11 -04:00
Ryan Ahearn
ad62d60b20 Fixes bug in mongoid_adapter with empty conditions hash
* adds mongoid query that matches every record when
rule.conditions.empty? is true
2011-05-10 11:52:29 -04:00
Emmanuel Gomez
d6851debd4 Fix pending spec for DataMapper adapter. 2011-04-29 00:46:38 -07:00
John Feminella
17c52a7983 Augments Mongoid adapter by handling case where attribute is an array 2011-04-27 09:54:37 -04:00
Ryan Ahearn
2b6204117f Adds ability to use Scope query with Mongoid
Same limitations apply as with active record
* can not be OR'd with other rules for same ability/controller
2011-04-15 16:58:19 -04:00
Ryan Bates
b1424dfa49 Merge branch 'optional-associations' of https://github.com/socialcast/cancan into socialcast-optional-associations 2011-04-01 15:13:02 -07:00
Mitch Williams
6aaab9e440 Fixed bug where conditions on an optionally associated object would throw exceptions if the associated object was not present at the rule match time. 2011-04-01 13:20:25 -07:00
Florent Piteau
a10243a569 When using an existing scope, it should be merged properly to the class. May fix ryanb/cancan#328 :) 2011-04-01 21:25:19 +02:00
Florent Piteau
81f00f9024 Failling test for nested resources with a scope for conditions 2011-04-01 18:45:33 +02:00
Ryan Bates
1ac8099f7a return subject passed to authorize! - closes #314 2011-03-25 14:24:43 -07:00
Ryan Bates
7688025404 fixing instance loading with :singleton option - closes #310 2011-03-18 09:42:30 -07:00
Ryan Bates
3efa069349 fixing failing MetaWhere spec 2011-03-18 09:14:17 -07:00
Ryan Bates
3f6cecbfcf use Item.new instead of build_item for singleton resource so it doesn't mess up database - closes #304 2011-03-15 23:37:05 -07:00
Ryan Bates
fdd5ad022d making accessible_by action default to :index and parent action default to :show so we don't check :read action directly - closes #302 2011-03-15 23:00:40 -07:00
Adam Wróbel
3639ca90eb Fixes inherited_resources collection authorization
This reverts e3eab13b86

I don't know what was the idea of that, but it turned out REAL bad.

`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.

    1. def load_resource
    2.  unless skip?(:load)
    3.    if load_instance?
    4.      self.resource_instance ||= load_resource_instance
    5.    elsif load_collection?
    6.      self.collection_instance ||= load_collection
    7.    end
    8.  end
    9. end

`collection_instance` is set on line 5 instead of line 6.
2011-03-16 01:20:35 +01:00
Ryan Bates
9bee4a8d4b adding any/all support for MetaWhere conditions 2011-03-08 23:19:56 -08:00
Ryan Bates
eb2826f135 adding more MetaWhere comparison operators 2011-03-08 22:21:42 -08:00
Ryan Bates
a49269175e Merge branch 'master' into meta_where 2011-03-08 22:05:40 -08:00
Ryan Bates
0de43c445b raise an error when trying to make a rule with both hash conditions and a block - closes #269 2011-03-08 17:20:32 -08:00
Ryan Bates
f9b181af05 allow Active Record scope to be passed as Ability conditions - closes #257 2011-03-08 17:08:26 -08:00
Ryan Bates
80f1ab20fb adding :if and :unless options to check_authorization - closes #284 2011-03-08 16:35:01 -08:00
Ryan Bates
37102fe6f8 load collection resources in custom controller actions with no id param - closes #296 2011-03-08 16:10:40 -08:00
Ryan Bates
ba999970b1 add space in multiword model in I18n unauthorized message - closes #292 2011-03-08 15:56:23 -08:00
Ryan Bates
951d70e057 adding :prepend option to load_and_authorize_resource - closes #290 2011-03-08 15:50:34 -08:00
Ryan Bates
3a07d62782 fixing spec for Inherited Resource parent loading 2011-03-08 15:39:15 -08:00
Ryan Bates
07088a0cdc making it easier to test all MetaWhere conditions 2011-03-08 10:52:49 -08:00
Ryan Bates
ff5aaf543b adding initial MetaWhere support 2011-03-08 10:37:25 -08:00
Trond Arve Nordheim
e3eab13b86 Use collection instead of end_of_association_chain in the inherited_resources integration, as per suggested by aq1018 2011-03-08 10:45:34 +01:00
Ryan Bates
3901cbe499 fixing tests for passing action name through to accessible_by call 2011-02-14 10:33:53 -08:00
Sam Pohlenz
f23bbe04ef Fix rule check on Hash-like subjects 2011-02-04 16:46:57 +10:30
Ryan Bates
f9ad4858f5 handle deeply nested conditions properly in active record adapter - closes #246 2011-01-20 10:12:46 -08:00
stellard
cff922915e improved test assertion 2011-01-18 21:47:33 +00:00
stellard
55c8a5045b added cannot support and multiple can support 2011-01-18 18:28:03 +00:00
Ryan Bates
3885f469d5 updating changelog 2011-01-08 13:06:00 -08:00
Ryan Bates
57327119a8 adding skip load and authorize behavior - closes #164 2011-01-08 12:04:55 -08:00
Mani Tadayon
9a14c706d2 Add MongoidAdapter specs for unsaved instances 2011-01-06 08:09:37 -08:00
Mani Tadayon
12b0bff0b6 Use Mongoid::Matchers#matches? instead of a database query in MongoidAdapter#matches_conditions_hash? 2011-01-05 23:12:59 -08:00
Ryan Bates
bc9ecb226d don't authorize uncountable instance in collection action - closes #193 2011-01-05 13:47:38 -08:00
Ryan Bates
15ca8ade3b improving DataMapper adapter and specs 2011-01-05 13:22:06 -08:00
Ryan Bates
cef6c21232 allow model adapter to override condition hash matching in Rule, also clean up Mongoid adapter and specs 2011-01-04 11:43:41 -08:00
Ryan Bates
685e926d96 moving with_model rspec configuration into Active Record model adapter spec 2011-01-04 10:55:48 -08:00