Commit Graph

233 Commits

Author SHA1 Message Date
Michael Halliday
79180de372 This fixes an odd error I was seeing in development mode when cache_classes = false (the default), specifically when loading an object throught the parent in load_and_authorize_resource.
Assume Photo model and User model where user has many photos:

@photo = current_user.photos.find(1) # this returns a photo
@photo1 = Photo.find(1)

@photo.kind_of?(Photo) is not always true for some reason when class_cacheing is false.  Where as @photo1.kind_of?(Photo) always appears to be true.  Of interesting note, in the above example @photo != @photo1 if kind_of? is false.  Very odd.
 
Again, this only appears to be when loading and object through an association.
2010-11-13 02:09:06 +08:00
Mani Tadayon
dbcd93e095 Fix bug with Mongoid document where :manage :all caused accessible_by to return nothing and add specs to test for :manage :all. 2010-10-14 18:21:59 -07:00
Mani Tadayon
d256aeb26e Fix bug with CanDefinition#tableized_conditions being used with Mongoid documents and add more specs for accesible_by with Mongoid. 2010-10-14 17:39:19 -07:00
Mani Tadayon
25bf479f48 Fix accessible_by for Mongoid documents when no ability is defined.
The previous spec that checked for this was not right, since there were no documents in the collection, so every query would return an empty result.
2010-10-13 19:41:30 -07:00
Mani Tadayon
ab82dcbc8f Add support for Mongoid::Criteria Symbol extensions (:age.gt => 10) along with specs. 2010-10-13 15:22:53 -07:00
Mani Tadayon
be74df0548 Add support for Mongoid documents along with basic specs. 2010-10-13 14:41:29 -07:00
Ryan Bates
6c3e87eea9 updating readme and documentation 2010-10-05 16:18:35 -07:00
Ryan Bates
b0cec5251c adding a couple things to the changelog 2010-10-05 12:00:50 -07:00
Ryan Bates
8f49f28713 don't stop at cannot definitions when there are no conditions - closes #161 2010-10-04 11:11:14 -07:00
Sokolov Yura
12037d7f43 should not allow to can? when raw sql without block is present 2010-10-05 02:01:48 +08:00
Ryan Bates
1f81b8dd1e use 'send' to access controller current_ability in case it's private 2010-09-23 11:58:55 -07:00
Ryan Bates
c11ffb6fd1 support loading resource :through method along with instance variable - closes #146 2010-09-21 11:42:47 -07:00
Ryan Bates
264e2d2b68 raise AccessDenied error when loading child while parent is nil, pass :shallow => true to bypass 2010-09-21 11:32:56 -07:00
Sokolov Yura
ebef3cc745 consistency addition for ability check on Module 2010-09-21 00:16:36 +08:00
Ryan Bates
cef55c95e7 fetch cancan_resource_class through controller class from ControllerResource 2010-09-16 16:01:58 -07:00
Sokolov Yura
a0f73fe0f7 fix error 2010-09-17 06:57:25 +08:00
Sokolov Yura
e2c341b8d3 allow to check ability by common module 2010-09-17 06:57:24 +08:00
Sokolov Yura
f236b1b5a4 resolve issue 149 2010-09-17 06:57:24 +08:00
Juan Manuel Barreneche
0b270f2d0f Use cancan_resource_class for before filters instead of hardcoded ControllerResource class 2010-09-17 06:40:16 +08:00
Juan Manuel Barreneche
961df90ecd Controllers which use 'inherit_resources' instead of Inheritance may have inherited_resource's methods protected 2010-09-17 06:40:15 +08:00
Ryan Bates
4eee637270 adding support for loading through Inherited Resources - closes #23 2010-09-09 16:28:00 -07:00
Ryan Bates
a5ff826e40 fix pluralize error on index action when passing resource name - closes #143 again 2010-09-07 22:10:16 -07:00
Ryan Bates
9d915457af load the collection instance variable on index action - closes #137 2010-09-07 16:25:02 -07:00
Ryan Bates
158c908d3b adding action and subject variables to I18n unauthorized message - closes #142 2010-09-07 15:48:07 -07:00
Ryan Bates
bf9b8ad1a6 filling in some inline documentation for 1.4 2010-09-03 16:19:39 -07:00
Ryan Bates
1af6c6f395 adding check_authorization and skip_authorization controller class methods to ensure authorization is triggered (thanks justinko) - closes #135 2010-09-03 14:38:55 -07:00
Ryan Bates
7c5243321f have params hash override initial attributes when building a new resource 2010-09-03 14:11:44 -07:00
Ryan Bates
721939babd cleaning up some internal specs and names 2010-09-03 14:00:46 -07:00
Ryan Bates
a744377ac9 the new and create actions will now build the resource with attributes based on ability conditions hash - closes #114 2010-09-03 11:53:47 -07:00
Ryan Bates
1be5bf7a57 don't fail if association conditions aren't specified for nested association check 2010-09-03 11:05:58 -07:00
Ryan Bates
c88cb8f459 passing a hash to can? will check permissions on association, this is done automatically in authorize_resource - closes #121 2010-09-03 11:01:55 -07:00
Ryan Bates
a5f838a964 use I18n for unauthorization messages - closes #103 2010-09-02 17:01:10 -07:00
Ryan Bates
66314a89f8 support no arguments to 'can' definition which always calls block 2010-09-02 14:46:38 -07:00
Ryan Bates
b1fb179aaf don't pass action into can block with :manage option - closes #129 2010-09-02 14:29:49 -07:00
Ryan Bates
6105edc6a7 skip block when only class is passed to ability check, also don't pass class to block for :all - closes #116 2010-09-02 14:23:00 -07:00
Ryan Bates
5a353c1cba don't stop at cannot definition when checking class - closes #131 2010-08-30 15:20:06 -07:00
Ryan Bates
4fe44af45d be more clear about blocks not working with accessible_by - closes #130 2010-08-30 13:40:31 -07:00
Ryan Bates
caed4fcee5 use RSpec namespace for matcher - closes #119 2010-08-18 16:22:43 -07:00
Ryan Bates
e893e12260 fixing broken spec and minor improvements to tableized_conditions method 2010-08-18 16:04:08 -07:00
McClain Looney
3d7742ea43 fix for bug 123 2010-08-17 09:33:11 -05:00
Ryan Bates
333ddf1970 properly pass along resource name without slice error - closes #112 2010-08-07 08:33:31 -07:00
Ryan Bates
f8631dcc93 fixing error on protected sanitize_sql - closes #111 2010-08-06 23:24:04 -07:00
Ryan Bates
1dccc0252a removing :resource option from rdocs since it's not longer used 2010-08-06 15:05:24 -07:00
Ryan Bates
75ce2bdefa allow :parent => false option to work in load/authorize resource 2010-08-06 14:26:57 -07:00
Ryan Bates
c9e0f4e3ef renaming :singular resource option to :singleton 2010-08-06 13:06:18 -07:00
Ryan Bates
236cece3b3 adding :find_by option to load_resource - closes #19 2010-08-06 11:18:54 -07:00
Ryan Bates
84f4c904b7 adding :singular option to support has_one associations in load/authorize resource - closes #93 2010-08-06 11:03:10 -07:00
Ryan Bates
6998e8bdd1 support multiple resources in :through option of load_resource, this makes polymorphic associations possible - closes #73 2010-08-06 10:35:42 -07:00
Ryan Bates
961b8c2477 consider ancestors when matching classes in Ability#can, this way it works with STI - closes #55 2010-08-06 10:06:37 -07:00
Ryan Bates
a157b65fbf adding :instance_name option to load/authorize_resource - closes #44 2010-08-06 09:35:07 -07:00
Ryan Bates
47f0aa597e change how params are passed to ControllerResource and use HashWithIndifferentAccess in tests 2010-08-06 09:24:01 -07:00
Ryan Bates
67b069579e don't pass nil to 'new' call when no params are specified - closes #63 2010-08-05 16:52:37 -07:00
Ryan Bates
156839b73e only use the :read action when authorizing parent resources 2010-08-05 16:24:08 -07:00
Ryan Bates
25a1c553bf adding :through option to replace :nesting option and moving ResourceAuthorization class code into ControllerResource 2010-08-05 16:12:30 -07:00
Ryan Bates
8dee01195d improving inline documentation for Query 2010-07-21 12:16:08 -07:00
Ryan Bates
25637bb33a removing extra white space at end of lines 2010-07-21 11:45:26 -07:00
Ryan Bates
ba8cb3cf6d refactoring query.joins 2010-07-20 17:05:17 -07:00
Ryan Bates
e098ddaacd refactoring query.conditions 2010-07-20 16:00:22 -07:00
Ryan Bates
964a4765b1 removing need to pass tableize option around for query conditions 2010-07-20 13:43:43 -07:00
Ryan Bates
a42e067f3b extracting out Query class for generating sql conditions and association joins 2010-07-20 13:20:01 -07:00
Ryan Bates
60848143b7 refactoring can definition matching behavior 2010-07-20 11:04:03 -07:00
Ryan Bates
5d8f04363d merging with master and resolving a couple conflicts 2010-07-19 16:36:01 -07:00
Ryan Bates
cad425989e supporting deeply nested aliases - closes #98 2010-07-19 16:03:09 -07:00
Yura Sokolov
5fd793090a fix logic error for single cannot condition - it should return no records 2010-05-25 14:09:01 +04:00
Yura Sokolov
9c0346b90b can accept array for sql sanitizing in conditions 2010-05-25 14:01:53 +04:00
Yura Sokolov
b473d8827f CanDefinition#only_block? 2010-05-25 12:23:39 +04:00
Yura Sokolov
bcab8d6369 fix error with single cannot condition 2010-05-25 12:14:01 +04:00
Yura Sokolov
dbc1538054 small refactoring: CanDefinition #definitive? #conditions_empty? 2010-05-24 18:15:20 +04:00
Yura Sokolov
46f03013f3 Merge remote branch 'upstream/master'
Conflicts:
	lib/cancan/ability.rb
	lib/cancan/active_record_additions.rb
	lib/cancan/can_definition.rb
	spec/cancan/ability_spec.rb
2010-05-24 15:17:10 +04:00
Ryan Bates
1ade44221a load parent resources for collection actions such 'index' 2010-05-21 15:22:21 -07:00
Ryan Bates
2a3dd85a18 adding :name option to load_and_authorize_resource if it does not match controller - closes #65 2010-05-21 14:20:45 -07:00
Ryan Bates
dfd84a10ed improving inline documentation 2010-05-21 13:41:24 -07:00
John Allison
7543eedd6a fixing issue when using accessible_by with nil can conditions - closes #66 2010-05-20 17:06:10 -07:00
Logan Raarup
605063b974 Make sure conditions on associations are pluralized 2010-05-21 07:31:29 +08:00
Sokolov Yura
7d7d249182 passing throw matching rules with not matching conditions
Main goal is to allow:

cannot :manage, :all
can :read, :all
can :manage, User, :id=>user.id
can :manage, User, :manager_id=>user.id

Signed-off-by: Sokolov Yura <funny.falcon@gmail.com>
2010-05-16 22:13:02 +04:00
Ryan Bates
06296b0a40 support has_many association or arrays in can conditions hash 2010-04-22 17:39:22 -07:00
Ryan Bates
e20081454f adding joins clause to accessible_by when conditions are across associations 2010-04-20 17:02:28 -07:00
Ryan Bates
4da31c0709 can has cheezburger? (thanks Seivan) 2010-04-20 14:24:26 -07:00
Ryan Bates
5aa6252df6 removing unused methods and a bit more refactoring 2010-04-18 00:44:42 -07:00
Ryan Bates
bbbc8a68e0 refactoring much of Ability class into separate CanDefinition class 2010-04-18 00:11:15 -07:00
Ryan Bates
232ecd5b4b releasing 1.1.1 which fixes behavior in Rails 3 by properly initializing ResourceAuthorization 2010-04-17 14:01:20 -07:00
Ryan Bates
f1ba76b61b supporting arrays, ranges, and nested hashes in ability conditions 2010-04-17 11:54:27 -07:00
Ryan Bates
283f58ee16 improving readme with links to wiki 2010-04-17 11:45:41 -07:00
Ryan Bates
f46696348e allow access to classes when using hash conditions since you'll generally want to narrow it down with a database query 2010-04-16 15:56:07 -07:00
Ryan Bates
8903feee70 removing unauthorized! in favor of authorize! and including more information in AccessDenied exception - closes #40 2010-04-16 14:54:18 -07:00
Ryan Bates
ecf2818a9e removing apparently unnecessary user attr_accessor in Ability 2010-04-16 08:57:10 -07:00
Ryan Bates
d9f3c8b0ae renaming noun to subject internally 2010-04-16 08:55:36 -07:00
Ryan Bates
240c281061 renaming ActiveRecordAdditions#can method to accessible_by since it flows better and makes more sense 2010-04-15 23:54:45 -07:00
Ryan Bates
ef5900c5b1 adding caching to current_ability class method, if you're overriding this be sure to add caching there too 2010-04-15 23:28:04 -07:00
Ryan Bates
37f482e8d5 default ActiveRecordAdditions#can method action to :read and use 'scoped' if 'where' is not available 2010-04-15 23:18:49 -07:00
Ryan Bates
3c68a911d0 adding can method to Active Record for fetching records matching a specific ability, still needs documentation 2010-04-15 17:04:36 -07:00
Ryan Bates
baeef0b9dd adding conditions behavior to Ability#can and fetch with Ability#conditions - closes #53 2010-04-15 16:50:47 -07:00
Ryan Bates
23a5888fe0 renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - closes #45 2010-04-15 14:14:22 -07:00
Ryan Bates
f2a1695636 properly handle Admin::AbilitiesController in params[:controller] - closes #46 2010-04-15 13:10:12 -07:00
Ryan Bates
6e1e96c85a allow additional arguments for be_able_to matcher, this requires Ruby 1.8.7 or higher to use matcher 2010-04-15 12:04:43 -07:00
David Chelimsky
cf49c5b9de add be_able_to matcher 2010-04-16 02:46:03 +08:00
David Chelimsky
35c4864de4 simplify paths 2010-04-16 02:46:02 +08:00
Ryan Bates
510cf509ee adding documentation for passing additional arguments to can? 2010-04-15 11:28:58 -07:00
Ryan Bates
69f7a65914 support additional arguments to can? which get passed to the block - closes #48 2010-04-15 11:21:44 -07:00
Ryan Bates
7d3b4cdbc2 Adding clear_aliased_actions to Ability which removes previously defined actions including defaults 2009-12-30 18:01:40 -08:00
Ryan Bates
f99d506050 Append aliased actions (don't overwrite them) - closes #20 2009-12-30 17:49:49 -08:00
Ryan Bates
ef22de689b adding custom message argument to unauthorized! method - closes #18 2009-12-15 10:53:05 -08:00
Ryan Bates
021f33c9a0 Adding :class option to load_resource so one can customize which class to use for the model - closes #17 2009-12-14 08:31:49 -08:00
Ryan Bates
e9f01300b6 Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - closes #14 2009-12-14 08:18:08 -08:00
Ryan Bates
ffa677b2b0 Don't set resource instance variable if it has been set already - closes #13 2009-12-13 12:32:09 -08:00
Ryan Bates
a75aee751b Allowing :nested option to accept an array for deep nesting 2009-12-13 12:22:05 -08:00
Ryan Bates
51fa61bbae refactoring out resource loading/building logic into separate class 2009-12-13 12:11:02 -08:00
Ryan Bates
cd217eb9cf adding :nested option for load_resource - closes #10 2009-12-13 11:39:02 -08:00
Ryan Bates
94e031bf96 Pass :only and :except options to before filters for load/authorize resource methods. 2009-12-13 11:00:12 -08:00
Ryan Bates
63634b4f5d Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed. 2009-12-13 10:42:10 -08:00
Ryan Bates
a5f98824a0 turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments 2009-12-13 10:03:21 -08:00
Ryan Bates
e32c5d0dfb calling controller's load_resource and authorize_resource from load_and_authorize_resource to maintain backwards compatability, even though it's not the most efficient way 2009-11-26 09:53:16 -08:00
Ryan Bates
da5a5c031f refactoring out controller logic into separate ResourceAuthorization class - closes #11 2009-11-26 09:29:53 -08:00
Rafael Silva
e92a7d8bf4 Some refactor to be more DRY 2009-11-26 09:38:14 +08:00
Ryan Bates
c40490d672 refactoring ability can? method - closes #12 2009-11-25 17:31:40 -08:00
Ryan Bates
d4405e6070 adding cannot method to define which abilities cannot be done - closes #7 2009-11-25 10:25:58 -08:00
Ryan Bates
e60365505c support custom objects (usually symbols) in can definition - closes #8 2009-11-25 09:55:50 -08:00
Ryan Bates
5bd1a85410 little fixes to inline documentation (rdocs) 2009-11-19 09:46:30 -08:00
Ryan Bates
b9227eb971 adding a lot of inline documentation to code for rdocs 2009-11-17 16:56:16 -08:00
Ryan Bates
15a01a579c fixing behavior of load_and_authorize_resource for namespaced controllers - closes #3 2009-11-17 11:59:59 -08:00
Ryan Bates
766fe86a9f support arrays being passed to 'can' to specify multiple actions or classes - closes #2 2009-11-17 11:46:27 -08:00
Ryan Bates
0f49b5478f adding 'cannot?' method which performs opposite check of 'can?' - closes #1 2009-11-17 10:46:16 -08:00
Ryan Bates
1edf583110 BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - closes #4 2009-11-17 10:25:47 -08:00
Ryan Bates
4b6f538663 moving can definition into ability instance instead of class, this removes ugly instance_exec command 2009-11-16 19:59:40 -08:00
Ryan Bates
7b299b50fc fix resource loading for new action 2009-11-16 19:26:33 -08:00
Ryan Bates
aaed265c91 turning into a funtioning Rails plugin 2009-11-16 19:24:04 -08:00
Ryan Bates
1034c81763 adding a before filter for loading and authorizing a resource 2009-11-16 19:00:10 -08:00
Ryan Bates
44b36ce2fc adding controller additions with basic behavior. 2009-11-16 17:02:49 -08:00
Ryan Bates
c663effc06 using instance_exec to change scope of can blocks to instance of ability, this is a bit ugly so I may end up using methods instead 2009-11-16 16:24:36 -08:00
Ryan Bates
be1892cca8 adding initial aliases for index, show, new and edit 2009-11-16 15:09:25 -08:00
Ryan Bates
0b8b51b4fc adding aliasing of actions 2009-11-16 14:58:00 -08:00
Ryan Bates
6c89c32059 adding manage action which applies to everything 2009-11-16 14:42:41 -08:00
Ryan Bates
0cfb8c7c41 adding basic ability module 2009-11-16 14:28:52 -08:00