Ryan Bates
ff13a82dda
Merge pull request #355 from emmanuel/issue/245.
...
DataMapper adapter improvements
2011-05-02 13:52:11 -07:00
Emmanuel Gomez
16bdb8d42e
Return empty set early if no can rules are present.
...
Thanks dkubb!
2011-04-29 12:04:19 -07:00
Emmanuel Gomez
d6851debd4
Fix pending spec for DataMapper adapter.
2011-04-29 00:46:38 -07:00
Emmanuel Gomez
6d39b0ae07
Use dkubb's suggestion for evaluating conditions against a Resource.
2011-04-29 00:31:27 -07:00
Ryan Bates
a6af47d213
Merged pull request #352 from cardagin/topic/mongoid-adapter-enhancements.
...
Augments Mongoid adapter by handling case where attribute is an array
2011-04-27 09:40:28 -07:00
John Feminella
17c52a7983
Augments Mongoid adapter by handling case where attribute is an array
2011-04-27 09:54:37 -04:00
Ryan Bates
18c1007d3f
Merged pull request #343 from rahearn/mongoid-scope.
...
Adds ability to use Scope query with Mongoid
2011-04-25 09:19:53 -07:00
Ryan Bates
63865cc7d8
allow SQL conditions to be used with a block
2011-04-21 00:46:06 -07:00
Ryan Ahearn
2b6204117f
Adds ability to use Scope query with Mongoid
...
Same limitations apply as with active record
* can not be OR'd with other rules for same ability/controller
2011-04-15 16:58:19 -04:00
Ryan Bates
b1424dfa49
Merge branch 'optional-associations' of https://github.com/socialcast/cancan into socialcast-optional-associations
2011-04-01 15:13:02 -07:00
Mitch Williams
6aaab9e440
Fixed bug where conditions on an optionally associated object would throw exceptions if the associated object was not present at the rule match time.
2011-04-01 13:20:25 -07:00
Florent Piteau
a10243a569
When using an existing scope, it should be merged properly to the class. May fix ryanb/cancan#328 :)
2011-04-01 21:25:19 +02:00
Florent Piteau
81f00f9024
Failling test for nested resources with a scope for conditions
2011-04-01 18:45:33 +02:00
Ryan Bates
7bcfd3d295
releasing 1.6.4
2011-03-29 17:51:15 -07:00
Ryan Bates
e96cf5bea4
fixing mongoid 'or' error - closes #322
2011-03-29 17:49:18 -07:00
Ryan Bates
c6f9abb6ab
updating some documentation for CanCan 2.0
2011-03-25 18:48:37 -07:00
Ryan Bates
e5b76210e4
fixing marking fully_authorized on an object instance
2011-03-25 17:05:36 -07:00
Ryan Bates
baa1dacc21
authorize params passed in create and update action
2011-03-25 17:01:12 -07:00
Ryan Bates
f41b39406c
don't authorize based on resource name in authorize_resource since this is already handled by enable_authorization
2011-03-25 16:40:20 -07:00
Ryan Bates
27eba72e4b
mark index action as fully authorized when fetching records through accessible_by
2011-03-25 16:34:13 -07:00
Ryan Bates
5d68caefd0
removing skipping feature in ControllerResource for now
2011-03-25 16:29:04 -07:00
Ryan Bates
35fbee578f
passing block to enable_authorization will be executed when CanCan::Unauthorized exception is raised
2011-03-25 16:08:09 -07:00
Ryan Bates
cf2896f011
renaming AccessDenied exception to Unauthorized
2011-03-25 14:43:36 -07:00
Ryan Bates
bcac159b3e
merging with master
2011-03-25 14:32:29 -07:00
Ryan Bates
fb8e9bde57
releasing 1.6.3
2011-03-25 14:28:26 -07:00
Ryan Bates
89e40987d8
make sure ActiveRecord::Relation is defined before checking conditions against it so Rails 2 is supported again - closes #312
2011-03-25 14:26:33 -07:00
Ryan Bates
1ac8099f7a
return subject passed to authorize! - closes #314
2011-03-25 14:24:43 -07:00
Ryan Bates
346ca2c74e
check authorization is sufficient in an after_filter when doing enable_authorization
2011-03-25 14:11:59 -07:00
Ryan Bates
242e912519
refactoring fully authorized check and catching bug
2011-03-25 13:30:45 -07:00
Ryan Bates
488cc2dfdd
require attributes to be checked on create/update action in order to be fully authorized
2011-03-25 13:23:05 -07:00
Ryan Bates
0f3753491d
adding fully_authorized? method to Ability to check if conditions are considered in authorize! call
2011-03-25 12:01:53 -07:00
Ryan Bates
85efbdb8d0
adding attributes as 3rd argument to can and can? calls
2011-03-25 11:24:10 -07:00
Ryan Bates
a03d35272b
allow strings along with symbols in Ability definition and checking
2011-03-24 11:52:54 -07:00
Ryan Bates
7ee942c334
adding enable_authorization method and deprecating some other controller methods
2011-03-24 11:22:32 -07:00
Ryan Bates
3a825ed0d1
getting all specs passing again
2011-03-23 19:47:34 -07:00
Ryan Bates
98ed39264e
modifying Ability to use symbol for subject instead of class, also adding subject aliases
2011-03-23 17:00:33 -07:00
Ryan Bates
5d97cfb236
releasing 1.6.2
2011-03-18 09:44:39 -07:00
Ryan Bates
7688025404
fixing instance loading with :singleton option - closes #310
2011-03-18 09:42:30 -07:00
Ryan Bates
3efa069349
fixing failing MetaWhere spec
2011-03-18 09:14:17 -07:00
Ryan Bates
b0c1646fee
releasing 1.6.1
2011-03-15 23:40:14 -07:00
Ryan Bates
3f6cecbfcf
use Item.new instead of build_item for singleton resource so it doesn't mess up database - closes #304
2011-03-15 23:37:05 -07:00
Ryan Bates
fdd5ad022d
making accessible_by action default to :index and parent action default to :show so we don't check :read action directly - closes #302
2011-03-15 23:00:40 -07:00
Adam Wróbel
3639ca90eb
Fixes inherited_resources collection authorization
...
This reverts e3eab13b86
I don't know what was the idea of that, but it turned out REAL bad.
`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.
1. def load_resource
2. unless skip?(:load)
3. if load_instance?
4. self.resource_instance ||= load_resource_instance
5. elsif load_collection?
6. self.collection_instance ||= load_collection
7. end
8. end
9. end
`collection_instance` is set on line 5 instead of line 6.
2011-03-16 01:20:35 +01:00
Ryan Bates
efa3ff1c0f
releasing 1.6.0
2011-03-10 23:59:13 -08:00
Ryan Bates
9bee4a8d4b
adding any/all support for MetaWhere conditions
2011-03-08 23:19:56 -08:00
Ryan Bates
eb2826f135
adding more MetaWhere comparison operators
2011-03-08 22:21:42 -08:00
Ryan Bates
a49269175e
Merge branch 'master' into meta_where
2011-03-08 22:05:40 -08:00
Ryan Bates
0de43c445b
raise an error when trying to make a rule with both hash conditions and a block - closes #269
2011-03-08 17:20:32 -08:00
Ryan Bates
f9b181af05
allow Active Record scope to be passed as Ability conditions - closes #257
2011-03-08 17:08:26 -08:00
Ryan Bates
80f1ab20fb
adding :if and :unless options to check_authorization - closes #284
2011-03-08 16:35:01 -08:00