Ryan Bates
787511a208
renaming skip_authorization to skip_authorization_check - closes #169
2010-11-12 10:46:03 -08:00
Ryan Bates
92995d791e
adding :through_association option to load_resource (thanks hunterae) - closes #171
2010-11-12 10:42:26 -08:00
Nanda Lopes
9a7c427373
Fix NoMethodError
...
Raises NoMethodError when using ":singleton => true, :shallow => true" and parent_resource is nil
2010-11-13 02:24:31 +08:00
Ramon Tayag
cf263c105d
checks if active record responds to 'joins', so this can work with internuity's quick_scopes gem; added .swp files to git ignore
2010-11-13 02:21:56 +08:00
Michael Halliday
79180de372
This fixes an odd error I was seeing in development mode when cache_classes = false (the default), specifically when loading an object throught the parent in load_and_authorize_resource.
...
Assume Photo model and User model where user has many photos:
@photo = current_user.photos.find(1) # this returns a photo
@photo1 = Photo.find(1)
@photo.kind_of?(Photo) is not always true for some reason when class_cacheing is false. Where as @photo1.kind_of?(Photo) always appears to be true. Of interesting note, in the above example @photo != @photo1 if kind_of? is false. Very odd.
Again, this only appears to be when loading and object through an association.
2010-11-13 02:09:06 +08:00
Ryan Bates
6c3e87eea9
updating readme and documentation
2010-10-05 16:18:35 -07:00
Ryan Bates
b0cec5251c
adding a couple things to the changelog
2010-10-05 12:00:50 -07:00
Ryan Bates
8f49f28713
don't stop at cannot definitions when there are no conditions - closes #161
2010-10-04 11:11:14 -07:00
Sokolov Yura
12037d7f43
should not allow to can? when raw sql without block is present
2010-10-05 02:01:48 +08:00
Ryan Bates
1f81b8dd1e
use 'send' to access controller current_ability in case it's private
2010-09-23 11:58:55 -07:00
Ryan Bates
c11ffb6fd1
support loading resource :through method along with instance variable - closes #146
2010-09-21 11:42:47 -07:00
Ryan Bates
264e2d2b68
raise AccessDenied error when loading child while parent is nil, pass :shallow => true to bypass
2010-09-21 11:32:56 -07:00
Sokolov Yura
ebef3cc745
consistency addition for ability check on Module
2010-09-21 00:16:36 +08:00
Ryan Bates
cef55c95e7
fetch cancan_resource_class through controller class from ControllerResource
2010-09-16 16:01:58 -07:00
Sokolov Yura
a0f73fe0f7
fix error
2010-09-17 06:57:25 +08:00
Sokolov Yura
e2c341b8d3
allow to check ability by common module
2010-09-17 06:57:24 +08:00
Sokolov Yura
f236b1b5a4
resolve issue 149
2010-09-17 06:57:24 +08:00
Juan Manuel Barreneche
0b270f2d0f
Use cancan_resource_class for before filters instead of hardcoded ControllerResource class
2010-09-17 06:40:16 +08:00
Juan Manuel Barreneche
961df90ecd
Controllers which use 'inherit_resources' instead of Inheritance may have inherited_resource's methods protected
2010-09-17 06:40:15 +08:00
Ryan Bates
4eee637270
adding support for loading through Inherited Resources - closes #23
2010-09-09 16:28:00 -07:00
Ryan Bates
a5ff826e40
fix pluralize error on index action when passing resource name - closes #143 again
2010-09-07 22:10:16 -07:00
Ryan Bates
9d915457af
load the collection instance variable on index action - closes #137
2010-09-07 16:25:02 -07:00
Ryan Bates
158c908d3b
adding action and subject variables to I18n unauthorized message - closes #142
2010-09-07 15:48:07 -07:00
Ryan Bates
bf9b8ad1a6
filling in some inline documentation for 1.4
2010-09-03 16:19:39 -07:00
Ryan Bates
1af6c6f395
adding check_authorization and skip_authorization controller class methods to ensure authorization is triggered (thanks justinko) - closes #135
2010-09-03 14:38:55 -07:00
Ryan Bates
7c5243321f
have params hash override initial attributes when building a new resource
2010-09-03 14:11:44 -07:00
Ryan Bates
721939babd
cleaning up some internal specs and names
2010-09-03 14:00:46 -07:00
Ryan Bates
a744377ac9
the new and create actions will now build the resource with attributes based on ability conditions hash - closes #114
2010-09-03 11:53:47 -07:00
Ryan Bates
1be5bf7a57
don't fail if association conditions aren't specified for nested association check
2010-09-03 11:05:58 -07:00
Ryan Bates
c88cb8f459
passing a hash to can? will check permissions on association, this is done automatically in authorize_resource - closes #121
2010-09-03 11:01:55 -07:00
Ryan Bates
a5f838a964
use I18n for unauthorization messages - closes #103
2010-09-02 17:01:10 -07:00
Ryan Bates
66314a89f8
support no arguments to 'can' definition which always calls block
2010-09-02 14:46:38 -07:00
Ryan Bates
b1fb179aaf
don't pass action into can block with :manage option - closes #129
2010-09-02 14:29:49 -07:00
Ryan Bates
6105edc6a7
skip block when only class is passed to ability check, also don't pass class to block for :all - closes #116
2010-09-02 14:23:00 -07:00
Ryan Bates
5a353c1cba
don't stop at cannot definition when checking class - closes #131
2010-08-30 15:20:06 -07:00
Ryan Bates
4fe44af45d
be more clear about blocks not working with accessible_by - closes #130
2010-08-30 13:40:31 -07:00
Ryan Bates
caed4fcee5
use RSpec namespace for matcher - closes #119
2010-08-18 16:22:43 -07:00
Ryan Bates
e893e12260
fixing broken spec and minor improvements to tableized_conditions method
2010-08-18 16:04:08 -07:00
McClain Looney
3d7742ea43
fix for bug 123
2010-08-17 09:33:11 -05:00
Ryan Bates
333ddf1970
properly pass along resource name without slice error - closes #112
2010-08-07 08:33:31 -07:00
Ryan Bates
f8631dcc93
fixing error on protected sanitize_sql - closes #111
2010-08-06 23:24:04 -07:00
Ryan Bates
1dccc0252a
removing :resource option from rdocs since it's not longer used
2010-08-06 15:05:24 -07:00
Ryan Bates
75ce2bdefa
allow :parent => false option to work in load/authorize resource
2010-08-06 14:26:57 -07:00
Ryan Bates
c9e0f4e3ef
renaming :singular resource option to :singleton
2010-08-06 13:06:18 -07:00
Ryan Bates
236cece3b3
adding :find_by option to load_resource - closes #19
2010-08-06 11:18:54 -07:00
Ryan Bates
84f4c904b7
adding :singular option to support has_one associations in load/authorize resource - closes #93
2010-08-06 11:03:10 -07:00
Ryan Bates
6998e8bdd1
support multiple resources in :through option of load_resource, this makes polymorphic associations possible - closes #73
2010-08-06 10:35:42 -07:00
Ryan Bates
961b8c2477
consider ancestors when matching classes in Ability#can, this way it works with STI - closes #55
2010-08-06 10:06:37 -07:00
Ryan Bates
a157b65fbf
adding :instance_name option to load/authorize_resource - closes #44
2010-08-06 09:35:07 -07:00
Ryan Bates
47f0aa597e
change how params are passed to ControllerResource and use HashWithIndifferentAccess in tests
2010-08-06 09:24:01 -07:00