Commit Graph

297 Commits

Author SHA1 Message Date
Ryan Bates
63865cc7d8 allow SQL conditions to be used with a block 2011-04-21 00:46:06 -07:00
Ryan Bates
c6f9abb6ab updating some documentation for CanCan 2.0 2011-03-25 18:48:37 -07:00
Ryan Bates
e5b76210e4 fixing marking fully_authorized on an object instance 2011-03-25 17:05:36 -07:00
Ryan Bates
baa1dacc21 authorize params passed in create and update action 2011-03-25 17:01:12 -07:00
Ryan Bates
f41b39406c don't authorize based on resource name in authorize_resource since this is already handled by enable_authorization 2011-03-25 16:40:20 -07:00
Ryan Bates
27eba72e4b mark index action as fully authorized when fetching records through accessible_by 2011-03-25 16:34:13 -07:00
Ryan Bates
5d68caefd0 removing skipping feature in ControllerResource for now 2011-03-25 16:29:04 -07:00
Ryan Bates
35fbee578f passing block to enable_authorization will be executed when CanCan::Unauthorized exception is raised 2011-03-25 16:08:09 -07:00
Ryan Bates
cf2896f011 renaming AccessDenied exception to Unauthorized 2011-03-25 14:43:36 -07:00
Ryan Bates
bcac159b3e merging with master 2011-03-25 14:32:29 -07:00
Ryan Bates
fb8e9bde57 releasing 1.6.3 2011-03-25 14:28:26 -07:00
Ryan Bates
89e40987d8 make sure ActiveRecord::Relation is defined before checking conditions against it so Rails 2 is supported again - closes #312 2011-03-25 14:26:33 -07:00
Ryan Bates
1ac8099f7a return subject passed to authorize! - closes #314 2011-03-25 14:24:43 -07:00
Ryan Bates
346ca2c74e check authorization is sufficient in an after_filter when doing enable_authorization 2011-03-25 14:11:59 -07:00
Ryan Bates
242e912519 refactoring fully authorized check and catching bug 2011-03-25 13:30:45 -07:00
Ryan Bates
488cc2dfdd require attributes to be checked on create/update action in order to be fully authorized 2011-03-25 13:23:05 -07:00
Ryan Bates
0f3753491d adding fully_authorized? method to Ability to check if conditions are considered in authorize! call 2011-03-25 12:01:53 -07:00
Ryan Bates
85efbdb8d0 adding attributes as 3rd argument to can and can? calls 2011-03-25 11:24:10 -07:00
Ryan Bates
a03d35272b allow strings along with symbols in Ability definition and checking 2011-03-24 11:52:54 -07:00
Ryan Bates
7ee942c334 adding enable_authorization method and deprecating some other controller methods 2011-03-24 11:22:32 -07:00
Ryan Bates
3a825ed0d1 getting all specs passing again 2011-03-23 19:47:34 -07:00
Ryan Bates
98ed39264e modifying Ability to use symbol for subject instead of class, also adding subject aliases 2011-03-23 17:00:33 -07:00
Ryan Bates
5d97cfb236 releasing 1.6.2 2011-03-18 09:44:39 -07:00
Ryan Bates
7688025404 fixing instance loading with :singleton option - closes #310 2011-03-18 09:42:30 -07:00
Ryan Bates
3efa069349 fixing failing MetaWhere spec 2011-03-18 09:14:17 -07:00
Ryan Bates
b0c1646fee releasing 1.6.1 2011-03-15 23:40:14 -07:00
Ryan Bates
3f6cecbfcf use Item.new instead of build_item for singleton resource so it doesn't mess up database - closes #304 2011-03-15 23:37:05 -07:00
Ryan Bates
fdd5ad022d making accessible_by action default to :index and parent action default to :show so we don't check :read action directly - closes #302 2011-03-15 23:00:40 -07:00
Adam Wróbel
3639ca90eb Fixes inherited_resources collection authorization
This reverts e3eab13b86

I don't know what was the idea of that, but it turned out REAL bad.

`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.

    1. def load_resource
    2.  unless skip?(:load)
    3.    if load_instance?
    4.      self.resource_instance ||= load_resource_instance
    5.    elsif load_collection?
    6.      self.collection_instance ||= load_collection
    7.    end
    8.  end
    9. end

`collection_instance` is set on line 5 instead of line 6.
2011-03-16 01:20:35 +01:00
Ryan Bates
efa3ff1c0f releasing 1.6.0 2011-03-10 23:59:13 -08:00
Ryan Bates
9bee4a8d4b adding any/all support for MetaWhere conditions 2011-03-08 23:19:56 -08:00
Ryan Bates
eb2826f135 adding more MetaWhere comparison operators 2011-03-08 22:21:42 -08:00
Ryan Bates
a49269175e Merge branch 'master' into meta_where 2011-03-08 22:05:40 -08:00
Ryan Bates
0de43c445b raise an error when trying to make a rule with both hash conditions and a block - closes #269 2011-03-08 17:20:32 -08:00
Ryan Bates
f9b181af05 allow Active Record scope to be passed as Ability conditions - closes #257 2011-03-08 17:08:26 -08:00
Ryan Bates
80f1ab20fb adding :if and :unless options to check_authorization - closes #284 2011-03-08 16:35:01 -08:00
Ryan Bates
37102fe6f8 load collection resources in custom controller actions with no id param - closes #296 2011-03-08 16:10:40 -08:00
Ryan Bates
ba999970b1 add space in multiword model in I18n unauthorized message - closes #292 2011-03-08 15:56:23 -08:00
Ryan Bates
951d70e057 adding :prepend option to load_and_authorize_resource - closes #290 2011-03-08 15:50:34 -08:00
Ryan Bates
3a07d62782 fixing spec for Inherited Resource parent loading 2011-03-08 15:39:15 -08:00
Ryan Bates
2c2fa306cc Merge branch 'master' of https://github.com/stefanoverna/cancan into stefanoverna-master 2011-03-08 15:33:47 -08:00
Ryan Bates
28a9a0ac07 Merge branch 'inherited_resources_collection_fix' of https://github.com/tanordheim/cancan into tanordheim-inherited_resources_collection_fix 2011-03-08 15:24:14 -08:00
Ryan Bates
bcf2756ad2 simplifying .rvmrc 2011-03-08 15:23:31 -08:00
Ryan Bates
c53ed1e497 raise a NotImplemented exception if it's an unrecognized MetaWhere condition 2011-03-08 11:06:46 -08:00
Ryan Bates
07088a0cdc making it easier to test all MetaWhere conditions 2011-03-08 10:52:49 -08:00
Ryan Bates
ff5aaf543b adding initial MetaWhere support 2011-03-08 10:37:25 -08:00
Ryan Bates
52435e97d9 fixing association conditions when MetaWhere is installed (thanks acmetech) - closes #261 2011-03-08 10:07:36 -08:00
Trond Arve Nordheim
e3eab13b86 Use collection instead of end_of_association_chain in the inherited_resources integration, as per suggested by aq1018 2011-03-08 10:45:34 +01:00
Ryan Bates
79995e4309 adding Lock It Down section to readme 2011-02-22 09:37:53 -08:00
Stefano Verna
8722fbc7a5 Fix for deeply nested resources when using inherited resources 2011-02-17 22:31:17 +01:00