Sergio Arbeo
1f7e4c8b6b
Solves problem when authorizing new action.
...
Given two models Category and Projects. A Category has_many
projects and Project belongs_to a category. Furthermore,
projects are shallow nested resources in a category.
Let's say that a user can edit certain category's projects
(and only one category can be edited by each user [1]), this is
expressed with the following line in Ability model:
can :new, :projects, category_id: user.category_id
Given the old implementation, we get that any user can 'new'
(though not 'create') a project in any category:
```ruby
def assign_attributes(resource)
resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
initial_attributes.each do |attr_name, value|
resource.send("#{attr_name}=", value)
end
resource
end
```
In this case, category_id in project would get overwritten
inside the initial_attributes loop and authorization would pass.
I consider this a buggy behaviour.
[1] User belongs_to a category, and a Category has many
users. On the other hand, there might be users without
any category.
Conflicts:
spec/cancan/controller_resource_spec.rb
2012-10-04 20:29:28 +02:00
Matt Culpepper
9550154b09
load hooks return ActiveRecord::Model in Rails 4, use Concern
2012-09-27 23:18:45 -05:00
Nugroho Herucahyono
6c1828acb6
fix namespace split, so we can use / for namespace
2012-06-29 18:29:08 +07:00
Ryan Bates
6886aecb9a
bringing up to date with master branch
2012-06-26 17:10:01 -07:00
Ryan Bates
2b89dbbdfa
Merge pull request #653 from andhapp/fix-pull-request-640
...
Init attributes in InheritedResources controller w/ specs
2012-06-19 10:53:22 -07:00
Ryan Bates
aff8ca60e4
Merge pull request #650 from andhapp/fix-pull-request-486
...
Fixes Nested Resource Loading
2012-06-19 10:50:29 -07:00
Ryan Bates
33e33c584e
Merge pull request #618 from spatil/master
...
Check for defined ActionController::Base instead ActionController
2012-06-19 10:41:14 -07:00
Anuj Dutta
a1254ca1c6
Fix pull request 640. For some reason github didn't allow a clean merge althought there weren't any conflicts. Fix it so that it's easier to just merge via the UI.
2012-06-19 00:13:19 +01:00
Mike Pack
88aba4664a
Refactor out attribute assignment
2012-06-19 00:08:27 +01:00
Mike Pack
b965f5bab4
Add specs for resource attributes.
...
Remove inconsistent line breaks.
2012-06-19 00:08:27 +01:00
mccraig mccraig of the clan mccraig
c2c0b86c3a
initialise attributes after a resource is created by an InheritedResources controller
2012-06-19 00:08:26 +01:00
Mark Sim
d5baed6281
Fixes Nested Resource Loading
2012-06-18 06:52:32 +01:00
Anuj Dutta
da663aaed1
Fix for issue-644 to allow users to specify a mix of can and cannot rules with mongo.
2012-06-10 22:54:45 +01:00
Oliver Morgan
354e34b8ab
Fixed bug where parent resources were being regarded as children
2012-06-04 17:44:33 +01:00
Oliver Morgan
245b83f6b4
Classify causes plural model names to be incorrectly renamed
...
Some model names will be renamed incorrectly e.g. 'business'. It should
be the responsibility of the user to make sure they use a name that
directly corresponds to the model name. The only filtering performed
should be camelize.
2012-05-31 10:45:55 +01:00
Oliver Morgan
78cbcf1db9
Named resources were not being loaded correctly. Fixes #633
2012-05-30 12:39:10 +01:00
Ryan Bates
80a8c39a93
Merge pull request #632 from andhapp/fix-issue-327
...
Fix to handle MetaWhere and non-MetaWhere conditions correctly.
2012-05-29 10:04:18 -07:00
Ryan Bates
b3f9ffe93b
Merge pull request #625 from rogercampos/merging
...
Adding Ability#merge
2012-05-28 11:02:51 -07:00
Anuj Dutta
c27ead5b9f
Fix to handle MetaWhere and non-MetaWhere conditions correctly.
2012-05-26 18:00:50 +01:00
Chris Gunther
b347c7b78c
port fix for namespaced params from 2.0 back to 1.6
2012-05-14 10:52:29 -04:00
Ryan Bates
7f4f469e58
Merge pull request #492 from soopa/master
...
Fix "uninitialized constant CanCan::Rule::ModelAdapters"
2012-05-11 08:51:50 -07:00
Gimi Liang
14e1f5cad4
Merge pull request #535 from manuelmeurer/patch-2
...
Fixed a small typo
2012-05-11 08:17:55 -07:00
Michael de Silva
48ed6f9353
cancan 2.0 fix for issue #565 ; fixes namespaced non-db/model backed resources authorization
2012-05-11 11:59:00 +03:00
Ryan Bates
a8a85f13a3
Merge pull request #541 from icrowley/master
...
Fixed bug with params for actions that build new instances with namespaced models
2012-05-10 13:51:45 -07:00
Ryan Bates
70515de8c1
Merge pull request #556 from mauriciozaffari/master
...
Pass forward :if and :unless options to the before filter.
2012-05-10 11:00:32 -07:00
Ryan Bates
b73bd062a8
Merge pull request #564 from flop/master
...
False positives on multiple nested abilities definitions
2012-05-10 10:59:08 -07:00
Ryan Bates
78e1a17258
Merge pull request #587 from route/patch-1
...
Just add singleton to description of authorize_resource
2012-05-10 09:27:03 -07:00
Aryk Grosz
65bbf0e354
Add check for Enumerable as condition value
2012-04-23 00:51:55 -07:00
Shailesh Patil
51702e0f7b
checked for ActionContoller::Base instead of just ActionContoller
2012-04-03 15:44:41 +05:30
Dmitriy Vorotilin
f166b5945a
Just add singleton to description of authorize_resource
2012-03-23 01:34:04 +04:00
Florent Piteau
ba01349eb0
Don't remove key-value from the subject hash we might want to use it again.
2012-02-29 15:49:19 +01:00
Mauricio Zaffari
83e2dcebd0
Pass forward :if and :unless options to the before filter. i.e:
...
load_and_authorize_resource :if => condition == true
2012-02-02 21:06:38 -02:00
Dmitry Afanasyev
baadcb923b
Fixed bug with params for actions that build new instances with namespaced models
2012-01-06 01:21:11 +04:00
Manuel Meurer
e65f9bd4fd
Fixed typo
2011-12-25 19:55:35 +01:00
Roger Campos
7797b37c7e
Adding Ability#merge
2011-10-31 14:08:50 +01:00
soopa
80ceaf8e17
fix uninitialized constant warning in CanCan::Rule#model_adapter
2011-10-14 20:06:43 -05:00
Ryan Bates
67a3038628
quick fix to get nested resources working again - closes #482
2011-10-04 15:02:59 -07:00
Patrick Morgan
b3fc5add34
Correct "return cant jump across threads" error when using check_authorization()
2011-09-28 16:05:38 -07:00
Ryan Bates
c94de4ab18
include namespace in params when creating/updating resource - closes #349
2011-09-28 16:00:46 -07:00
Ryan Bates
6de9e4675a
consider specificity when finding relevant rules so generic rules will not override specific ones - closes #321
2011-09-28 15:34:08 -07:00
Ryan Bates
1fb2c0160c
ignore cannot clause with attributes when not checking for with attributes - closes #406
2011-09-28 14:48:26 -07:00
Ryan Bates
67c93619c1
Merge branch 'master' into 2.0
2011-09-28 13:45:49 -07:00
Ryan Bates
610d7e3ec4
Merge pull request #425 from skhisma/master
...
Allow custom IDs to be specified when calling load_resource
2011-09-28 13:44:19 -07:00
Ryan Bates
2160183e86
Merge branch 'master' into 2.0
2011-09-28 13:35:52 -07:00
Ryan Bates
cfb801ed8d
Merge pull request #424 from whilefalse/master
...
Support for namespaced models and engines
2011-09-28 13:34:30 -07:00
Ryan Bates
86063e4846
merging 1.6 additions into 2.0 branch
2011-09-28 11:39:26 -07:00
Ryan Bates
0442634d5a
fixing ability generator
2011-09-28 11:18:12 -07:00
Ryan Bates
6c1d685f2c
include tests with cancan:ability generator - closes #350
2011-09-28 11:02:18 -07:00
Ryan Bates
987dce0dc2
Merge pull request #421 from amc-projects/master
...
Compatibility fix for rspec-instafail and rspec1
2011-07-23 14:46:37 -07:00
Manuel Meurer
e561532bab
Fixed typos.
2011-07-21 05:12:09 -07:00