Michael de Silva
|
0e8c7ca01f
|
cancan 2.0 fix for issue #565; test to properly authorize resource for namespaced controller
|
2012-05-11 12:00:46 +03:00 |
|
Ryan Bates
|
167d3832fc
|
getting data_mapper and mongoid specs passwing with latest versions
|
2012-04-22 17:01:10 -07:00 |
|
Ryan Bates
|
1ff1b70de4
|
disabling MetaWhere feature and making Acitve Record fixture that is always loaded
|
2012-04-22 16:06:59 -07:00 |
|
Ryan Bates
|
ec36137aa6
|
changing should spec wording
|
2012-04-22 15:15:09 -07:00 |
|
Ryan Bates
|
b37f2d083e
|
switching to Rspec stubbing/mocking - no more RR
|
2012-04-22 14:59:32 -07:00 |
|
Ryan Bates
|
c94de4ab18
|
include namespace in params when creating/updating resource - closes #349
|
2011-09-28 16:00:46 -07:00 |
|
Ryan Bates
|
6de9e4675a
|
consider specificity when finding relevant rules so generic rules will not override specific ones - closes #321
|
2011-09-28 15:34:08 -07:00 |
|
Ryan Bates
|
1fb2c0160c
|
ignore cannot clause with attributes when not checking for with attributes - closes #406
|
2011-09-28 14:48:26 -07:00 |
|
Jan Vlnas
|
aa83fee7a4
|
Add failing example of cannot for attribute, corresponds to #406
|
2011-09-28 14:11:43 -07:00 |
|
Ryan Bates
|
eafd6cfcde
|
fixing spec for new id_param option
|
2011-09-28 13:50:46 -07:00 |
|
Ryan Bates
|
67c93619c1
|
Merge branch 'master' into 2.0
|
2011-09-28 13:45:49 -07:00 |
|
Ryan Bates
|
610d7e3ec4
|
Merge pull request #425 from skhisma/master
Allow custom IDs to be specified when calling load_resource
|
2011-09-28 13:44:19 -07:00 |
|
Ryan Bates
|
092b510a2f
|
fixing namespace controller resource spec
|
2011-09-28 13:43:34 -07:00 |
|
Ryan Bates
|
2160183e86
|
Merge branch 'master' into 2.0
|
2011-09-28 13:35:52 -07:00 |
|
Ryan Bates
|
86063e4846
|
merging 1.6 additions into 2.0 branch
|
2011-09-28 11:39:26 -07:00 |
|
Ryan Bates
|
6ef2c44f57
|
fixing model comparison spec, I believe this bug is caused by recent version of with_model
|
2011-09-28 10:08:21 -07:00 |
|
Geoff Parsons
|
7937a282a3
|
:id_param option to load_resource allows specification of the param name to find members
|
2011-07-20 13:42:24 -04:00 |
|
Steven Anderson
|
6c497b8dd9
|
Added support for engines and namespaced models.
|
2011-07-20 09:31:53 +01:00 |
|
Nicolás Hock Isaza
|
1c3e61725f
|
Change the i18n default name to :"unauthorized.default"
|
2011-07-01 13:10:20 -05:00 |
|
Nicolás Hock Isaza
|
71f60bc4ac
|
Adding tests for i18n translation for default messages
|
2011-06-30 18:16:47 -05:00 |
|
Ryan Bates
|
b8ff2dbc6a
|
load member through method instead of instance variable to improve decent_exposure support
|
2011-06-13 15:16:08 -07:00 |
|
Ryan Bates
|
613ab1c1ab
|
delegating ControllerResource find to model adapter, uses 'get' for DataMapper - closes #373
|
2011-05-21 13:57:17 -07:00 |
|
Ryan Bates
|
c031f82dd2
|
allow :find_by option to be full find method name - closes #335
|
2011-05-19 23:37:36 -04:00 |
|
Ryan Bates
|
f6c2054f7e
|
set resource attributes in update action and authorize after set - closes #141
|
2011-05-19 17:12:30 -04:00 |
|
Ryan Bates
|
a29e31606b
|
changing the interface for ControllerResource load/authorize so they can be intertwined
|
2011-05-19 16:38:33 -04:00 |
|
Ryan Bates
|
e24d5d146b
|
merging master into 2.0
|
2011-05-19 16:01:06 -04:00 |
|
Ryan Bates
|
843fe89c63
|
pass action and subject through AccessDenied exception when :through isn't found - closes #366
|
2011-05-18 12:58:02 -04:00 |
|
Ryan Bates
|
74c9d582b2
|
Merge pull request #363 from rahearn/mongoid-conditions-empty
Fixes bug in mongoid_adapter with empty conditions hash
|
2011-05-17 10:22:19 -07:00 |
|
Ryan Bates
|
4e4c5a9a7f
|
adding current_ability to helper methods - closes #361
|
2011-05-17 13:21:11 -04:00 |
|
Ryan Ahearn
|
ad62d60b20
|
Fixes bug in mongoid_adapter with empty conditions hash
* adds mongoid query that matches every record when
rule.conditions.empty? is true
|
2011-05-10 11:52:29 -04:00 |
|
Emmanuel Gomez
|
d6851debd4
|
Fix pending spec for DataMapper adapter.
|
2011-04-29 00:46:38 -07:00 |
|
John Feminella
|
17c52a7983
|
Augments Mongoid adapter by handling case where attribute is an array
|
2011-04-27 09:54:37 -04:00 |
|
Ryan Bates
|
63865cc7d8
|
allow SQL conditions to be used with a block
|
2011-04-21 00:46:06 -07:00 |
|
Ryan Ahearn
|
2b6204117f
|
Adds ability to use Scope query with Mongoid
Same limitations apply as with active record
* can not be OR'd with other rules for same ability/controller
|
2011-04-15 16:58:19 -04:00 |
|
Ryan Bates
|
b1424dfa49
|
Merge branch 'optional-associations' of https://github.com/socialcast/cancan into socialcast-optional-associations
|
2011-04-01 15:13:02 -07:00 |
|
Mitch Williams
|
6aaab9e440
|
Fixed bug where conditions on an optionally associated object would throw exceptions if the associated object was not present at the rule match time.
|
2011-04-01 13:20:25 -07:00 |
|
Florent Piteau
|
a10243a569
|
When using an existing scope, it should be merged properly to the class. May fix ryanb/cancan#328 :)
|
2011-04-01 21:25:19 +02:00 |
|
Florent Piteau
|
81f00f9024
|
Failling test for nested resources with a scope for conditions
|
2011-04-01 18:45:33 +02:00 |
|
Ryan Bates
|
e5b76210e4
|
fixing marking fully_authorized on an object instance
|
2011-03-25 17:05:36 -07:00 |
|
Ryan Bates
|
baa1dacc21
|
authorize params passed in create and update action
|
2011-03-25 17:01:12 -07:00 |
|
Ryan Bates
|
f41b39406c
|
don't authorize based on resource name in authorize_resource since this is already handled by enable_authorization
|
2011-03-25 16:40:20 -07:00 |
|
Ryan Bates
|
27eba72e4b
|
mark index action as fully authorized when fetching records through accessible_by
|
2011-03-25 16:34:13 -07:00 |
|
Ryan Bates
|
5d68caefd0
|
removing skipping feature in ControllerResource for now
|
2011-03-25 16:29:04 -07:00 |
|
Ryan Bates
|
35fbee578f
|
passing block to enable_authorization will be executed when CanCan::Unauthorized exception is raised
|
2011-03-25 16:08:09 -07:00 |
|
Ryan Bates
|
cf2896f011
|
renaming AccessDenied exception to Unauthorized
|
2011-03-25 14:43:36 -07:00 |
|
Ryan Bates
|
bcac159b3e
|
merging with master
|
2011-03-25 14:32:29 -07:00 |
|
Ryan Bates
|
1ac8099f7a
|
return subject passed to authorize! - closes #314
|
2011-03-25 14:24:43 -07:00 |
|
Ryan Bates
|
346ca2c74e
|
check authorization is sufficient in an after_filter when doing enable_authorization
|
2011-03-25 14:11:59 -07:00 |
|
Ryan Bates
|
242e912519
|
refactoring fully authorized check and catching bug
|
2011-03-25 13:30:45 -07:00 |
|
Ryan Bates
|
488cc2dfdd
|
require attributes to be checked on create/update action in order to be fully authorized
|
2011-03-25 13:23:05 -07:00 |
|