cancan

Author	SHA1	Message	Date
Ryan Bates	a5f838a964	use I18n for unauthorization messages - closes #103	2010-09-02 17:01:10 -07:00
Ryan Bates	66314a89f8	support no arguments to 'can' definition which always calls block	2010-09-02 14:46:38 -07:00
Ryan Bates	b1fb179aaf	don't pass action into can block with :manage option - closes #129	2010-09-02 14:29:49 -07:00
Ryan Bates	6105edc6a7	skip block when only class is passed to ability check, also don't pass class to block for :all - closes #116	2010-09-02 14:23:00 -07:00
Ryan Bates	04b523eea4	releasing version 1.3.4	2010-08-31 15:46:26 -07:00
Ryan Bates	5a353c1cba	don't stop at cannot definition when checking class - closes #131	2010-08-30 15:20:06 -07:00
Ryan Bates	e893e12260	fixing broken spec and minor improvements to tableized_conditions method	2010-08-18 16:04:08 -07:00
McClain Looney	3d7742ea43	fix for bug 123	2010-08-17 09:33:11 -05:00
Ryan Bates	333ddf1970	properly pass along resource name without slice error - closes #112	2010-08-07 08:33:31 -07:00
Ryan Bates	f8631dcc93	fixing error on protected sanitize_sql - closes #111	2010-08-06 23:24:04 -07:00
Ryan Bates	75ce2bdefa	allow :parent => false option to work in load/authorize resource	2010-08-06 14:26:57 -07:00
Ryan Bates	c9e0f4e3ef	renaming :singular resource option to :singleton	2010-08-06 13:06:18 -07:00
Ryan Bates	236cece3b3	adding :find_by option to load_resource - closes #19	2010-08-06 11:18:54 -07:00
Ryan Bates	84f4c904b7	adding :singular option to support has_one associations in load/authorize resource - closes #93	2010-08-06 11:03:10 -07:00
Ryan Bates	6998e8bdd1	support multiple resources in :through option of load_resource, this makes polymorphic associations possible - closes #73	2010-08-06 10:35:42 -07:00
Ryan Bates	961b8c2477	consider ancestors when matching classes in Ability#can, this way it works with STI - closes #55	2010-08-06 10:06:37 -07:00
Ryan Bates	a157b65fbf	adding :instance_name option to load/authorize_resource - closes #44	2010-08-06 09:35:07 -07:00
Ryan Bates	47f0aa597e	change how params are passed to ControllerResource and use HashWithIndifferentAccess in tests	2010-08-06 09:24:01 -07:00
Ryan Bates	67b069579e	don't pass nil to 'new' call when no params are specified - closes #63	2010-08-05 16:52:37 -07:00
Ryan Bates	156839b73e	only use the :read action when authorizing parent resources	2010-08-05 16:24:08 -07:00
Ryan Bates	25a1c553bf	adding :through option to replace :nesting option and moving ResourceAuthorization class code into ControllerResource	2010-08-05 16:12:30 -07:00
Ryan Bates	9b26f4d767	fixing specs for older versions of ruby and rspec	2010-07-21 11:56:19 -07:00
Ryan Bates	25637bb33a	removing extra white space at end of lines	2010-07-21 11:45:26 -07:00
Ryan Bates	ba8cb3cf6d	refactoring query.joins	2010-07-20 17:05:17 -07:00
Ryan Bates	e098ddaacd	refactoring query.conditions	2010-07-20 16:00:22 -07:00
Ryan Bates	964a4765b1	removing need to pass tableize option around for query conditions	2010-07-20 13:43:43 -07:00
Ryan Bates	a42e067f3b	extracting out Query class for generating sql conditions and association joins	2010-07-20 13:20:01 -07:00
Ryan Bates	60848143b7	refactoring can definition matching behavior	2010-07-20 11:04:03 -07:00
Ryan Bates	5d8f04363d	merging with master and resolving a couple conflicts	2010-07-19 16:36:01 -07:00
Ryan Bates	cad425989e	supporting deeply nested aliases - closes #98	2010-07-19 16:03:09 -07:00
Yura Sokolov	75eb1917f9	add test for single `cannot` definition	2010-05-25 14:28:29 +04:00
Yura Sokolov	5fd793090a	fix logic error for single `cannot` condition - it should return no records	2010-05-25 14:09:01 +04:00
Yura Sokolov	ac19422a90	add tests for merging conditions and joins	2010-05-25 14:02:26 +04:00
Yura Sokolov	9c0346b90b	can accept array for sql sanitizing in conditions	2010-05-25 14:01:53 +04:00
Yura Sokolov	bcab8d6369	fix error with single cannot condition	2010-05-25 12:14:01 +04:00
Yura Sokolov	46f03013f3	Merge remote branch 'upstream/master' Conflicts: lib/cancan/ability.rb lib/cancan/active_record_additions.rb lib/cancan/can_definition.rb spec/cancan/ability_spec.rb	2010-05-24 15:17:10 +04:00
Ryan Bates	1ade44221a	load parent resources for collection actions such 'index'	2010-05-21 15:22:21 -07:00
Ryan Bates	2a3dd85a18	adding :name option to load_and_authorize_resource if it does not match controller - closes #65	2010-05-21 14:20:45 -07:00
Ryan Bates	dfd84a10ed	improving inline documentation	2010-05-21 13:41:24 -07:00
John Allison	7543eedd6a	fixing issue when using accessible_by with nil can conditions - closes #66	2010-05-20 17:06:10 -07:00
Logan Raarup	605063b974	Make sure conditions on associations are pluralized	2010-05-21 07:31:29 +08:00
Sokolov Yura	7d7d249182	passing throw matching rules with not matching conditions Main goal is to allow: cannot :manage, :all can :read, :all can :manage, User, :id=>user.id can :manage, User, :manager_id=>user.id Signed-off-by: Sokolov Yura <funny.falcon@gmail.com>	2010-05-16 22:13:02 +04:00
Ryan Bates	06296b0a40	support has_many association or arrays in can conditions hash	2010-04-22 17:39:22 -07:00
Ryan Bates	e20081454f	adding joins clause to accessible_by when conditions are across associations	2010-04-20 17:02:28 -07:00
Ryan Bates	4da31c0709	can has cheezburger? (thanks Seivan)	2010-04-20 14:24:26 -07:00
Ryan Bates	f1ba76b61b	supporting arrays, ranges, and nested hashes in ability conditions	2010-04-17 11:54:27 -07:00
Ryan Bates	f46696348e	allow access to classes when using hash conditions since you'll generally want to narrow it down with a database query	2010-04-16 15:56:07 -07:00
Ryan Bates	8903feee70	removing unauthorized! in favor of authorize! and including more information in AccessDenied exception - closes #40	2010-04-16 14:54:18 -07:00
Ryan Bates	240c281061	renaming ActiveRecordAdditions#can method to accessible_by since it flows better and makes more sense	2010-04-15 23:54:45 -07:00
Ryan Bates	37f482e8d5	default ActiveRecordAdditions#can method action to :read and use 'scoped' if 'where' is not available	2010-04-15 23:18:49 -07:00

1 2

89 Commits