releasing v1.0.2

listing additional resources at top of readme page (including metrics and tests)
making spec the default rake task so it works at runcoderun.com
2009-12-30 21:33:31 -08:00 · 2009-12-30 20:29:19 -08:00 · 2009-12-30 20:22:26 -08:00 · 2009-12-30 18:01:40 -08:00 · 2009-12-30 17:49:49 -08:00 · 2009-12-15 10:53:05 -08:00
12 changed files with 105 additions and 37 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,3 +1,19 @@
 1.0.2 (Dec 30, 2009)
 * Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
 * Append aliased actions (don't overwrite them) - see issue #20
 * Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
 1.0.1 (Dec 14, 2009)
 * Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
 * Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
 1.0.0 (Dec 13, 2009)
 * Don't set resource instance variable if it has been set already - see issue #13
--- a/README.rdoc
+++ b/README.rdoc
@@ -1,11 +1,11 @@
 = CanCan
 RDocs[http://rdoc.info/projects/ryanb/cancan] | Wiki[http://wiki.github.com/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan] | Metrics[http://getcaliper.com/caliper/project?repo=git%3A%2F%2Fgithub.com%2Fryanb%2Fcancan.git] | Tests[http://runcoderun.com/ryanb/cancan]
 This is a simple authorization solution for Ruby on Rails to restrict what a given user is allowed to access in the application. This is completely decoupled from any role based implementation allowing you to define user roles the way you want. All permissions are stored in a single location for convenience.
 This assumes you already have authentication (such as Authlogic[http://github.com/binarylogic/authlogic]) which provides a current_user model.
 See the RDocs[http://rdoc.info/projects/ryanb/cancan] and Wiki[http://wiki.github.com/ryanb/cancan] for additional documentation.
 == Installation
 You can set it up as a gem in your environment.rb file.
@@ -65,12 +65,8 @@ Setting this for every action can be tedious, therefore the load_and_authorize_r
 If the user authorization fails, a CanCan::AccessDenied exception will be raised. You can catch this and modify its behavior in the ApplicationController.
  class ApplicationController < ActionController::Base
-    rescue_from CanCan::AccessDenied, :with => :access_denied
+    rescue_from CanCan::AccessDenied do |exception|
-  
+      flash[:error] = exception.message
    protected
    def access_denied
      flash[:error] = "Sorry, you are not allowed to access that page."
      redirect_to root_url
    end
  end
--- a/2
+++ b/2
@@ -9,3 +9,5 @@ Spec::Rake::SpecTask.new do |t|
  t.spec_files = spec_files
  t.spec_opts = ["-c"]
 end
 task :default => :spec
--- a/cancan.gemspec
+++ b/cancan.gemspec
@@ -4,8 +4,8 @@ Gem::Specification.new do |s|
  s.description = "Simple authorization solution for Rails which is completely decoupled from the user's roles. All permissions are stored in a single location for convenience."
  s.homepage = "http://github.com/ryanb/cancan"
-  s.version = "1.0.0"
+  s.version = "1.0.2"
-  s.date = "2009-12-13"
+  s.date = "2009-12-30"
  s.authors = ["Ryan Bates"]
  s.email = "ryan@railscasts.com"
--- a/lib/cancan/ability.rb
+++ b/lib/cancan/ability.rb
@@ -156,15 +156,22 @@ module CanCan
    # This way one can use params[:action] in the controller to determine the permission.
    def alias_action(*args)
      target = args.pop[:to]
-      aliased_actions[target] = args
+      aliased_actions[target] ||= []
      aliased_actions[target] += args
    end
-    private
+    # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
    def aliased_actions
      @aliased_actions ||= default_alias_actions
    end
    # Removes previously aliased actions including the defaults.
    def clear_aliased_actions
      @aliased_actions = {}
    end
    private
    def default_alias_actions
      {
        :read => [:index, :show],
--- a/lib/cancan/controller_additions.rb
+++ b/lib/cancan/controller_additions.rb
@@ -59,6 +59,9 @@ module CanCan
      #   
      #     load_resource :nested => [:publisher, :author]
      #   
      # [:+class+]
      #   The class to use for the model.
      #   
      # [:+collection+]
      #   Specify which actions are resource collection actions in addition to :+index+. This
      #   is usually not necessary because it will try to guess depending on if an :+id+
@@ -99,6 +102,9 @@ module CanCan
      # [:+except+]
      #   Does not apply before filter to given actions.
      # 
      # [:+class+]
      #   The class to use for the model.
      # 
      def authorize_resource(options = {})
        before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).authorize_resource }
      end
@@ -117,24 +123,22 @@ module CanCan
    #     unauthorized! if cannot? :read, @article
    #   end
    # 
-    # You can rescue from the exception in the controller to specify
+    # The unauthorized! method accepts an optional argument which sets the
-    # the user experience.
+    # message of the exception.
    # 
    # You can rescue from the exception in the controller to define the behavior.
    # 
    #   class ApplicationController < ActionController::Base
-    #     rescue_from CanCan::AccessDenied, :with => :access_denied
+    #     rescue_from CanCan::AccessDenied do |exception|
-    #   
+    #       flash[:error] = exception.message
    #     protected
    #   
    #     def access_denied
    #       flash[:error] = "Sorry, you are not allowed to access that page."
    #       redirect_to root_url
    #     end
    #   end
    # 
    # See the load_and_authorize_resource method to automatically add
    # the "unauthorized!" behavior to a RESTful controller's actions.
-    def unauthorized!
+    def unauthorized!(message = "You are not authorized to access this page.")
-      raise AccessDenied, "You are unable to access this page."
+      raise AccessDenied, message
    end
    # Creates and returns the current user's ability. You generally do not invoke
--- a/lib/cancan/controller_resource.rb
+++ b/lib/cancan/controller_resource.rb
@@ -1,13 +1,14 @@
 module CanCan
  class ControllerResource # :nodoc:
-    def initialize(controller, name, parent = nil)
+    def initialize(controller, name, parent = nil, options = {})
      @controller = controller
      @name = name
      @parent = parent
      @options = options
    end
    def model_class
-      @name.to_s.camelize.constantize
+      @options[:class] || @name.to_s.camelize.constantize
    end
    def find(id)
--- a/lib/cancan/resource_authorization.rb
+++ b/lib/cancan/resource_authorization.rb
@@ -30,14 +30,19 @@ module CanCan
    private
    def resource
-      @resource ||= ControllerResource.new(@controller, model_name, parent_resource)
+      @resource ||= ControllerResource.new(@controller, model_name, parent_resource, @options)
    end
    def parent_resource
      parent = nil
      [@options[:nested]].flatten.compact.each do |name|
        id = @params["#{name}_id".to_sym]
        if id
          parent = ControllerResource.new(@controller, name, parent)
-        parent.find(@params["#{name}_id".to_sym])
+          parent.find(id)
        else
          parent = nil
        end
      end
      parent
    end
--- a/spec/cancan/ability_spec.rb
+++ b/spec/cancan/ability_spec.rb
@@ -2,9 +2,8 @@ require File.dirname(__FILE__) + '/../spec_helper'
 describe CanCan::Ability do
  before(:each) do
-    @ability_class = Class.new
+    @ability = Object.new
-    @ability_class.send(:include, CanCan::Ability)
+    @ability.extend(CanCan::Ability)
    @ability = @ability_class.new
  end
  it "should be able to :read anything" do
@@ -50,9 +49,7 @@ describe CanCan::Ability do
  it "should alias update or destroy actions to modify action" do
    @ability.alias_action :update, :destroy, :to => :modify
-    @ability.can :modify, :all do |object_class, object|
+    @ability.can(:modify, :all) { :modify_called }
      :modify_called
    end
    @ability.can?(:update, 123).should == :modify_called
    @ability.can?(:destroy, 123).should == :modify_called
  end
@@ -123,4 +120,16 @@ describe CanCan::Ability do
    @ability.can?(:read, 3).should be_true
    @ability.can?(:read, 123).should be_false
  end
  it "should append aliased actions" do
    @ability.alias_action :update, :to => :modify
    @ability.alias_action :destroy, :to => :modify
    @ability.aliased_actions[:modify].should == [:update, :destroy]
  end
  it "should clear aliased actions" do
    @ability.alias_action :update, :to => :modify
    @ability.clear_aliased_actions
    @ability.aliased_actions[:modify].should be_nil
  end
 end
--- a/spec/cancan/controller_additions_spec.rb
+++ b/spec/cancan/controller_additions_spec.rb
@@ -9,10 +9,16 @@ describe CanCan::ControllerAdditions do
    @controller_class.send(:include, CanCan::ControllerAdditions)
  end
-  it "should read from the cache with request uri as key and render that text" do
+  it "should raise access denied with default message when calling unauthorized!" do
    lambda {
      @controller.unauthorized!
-    }.should raise_error(CanCan::AccessDenied)
+    }.should raise_error(CanCan::AccessDenied, "You are not authorized to access this page.")
  end
  it "should raise access denied with custom message when calling unauthorized!" do
    lambda {
      @controller.unauthorized! "Access denied!"
    }.should raise_error(CanCan::AccessDenied, "Access denied!")
  end
  it "should have a current_ability method which generates an ability for the current user" do
--- a/spec/cancan/controller_resource_spec.rb
+++ b/spec/cancan/controller_resource_spec.rb
@@ -40,4 +40,10 @@ describe CanCan::ControllerResource do
    CanCan::ControllerResource.new(@controller, :ability).find(123)
    @controller.instance_variable_get(:@ability).should == :some_ability
  end
  it "should use the model class option if provided" do
    stub(Person).find(123) { :some_resource }
    CanCan::ControllerResource.new(@controller, :ability, nil, :class => Person).find(123)
    @controller.instance_variable_get(:@ability).should == :some_resource
  end
 end
--- a/spec/cancan/resource_authorization_spec.rb
+++ b/spec/cancan/resource_authorization_spec.rb
@@ -96,4 +96,20 @@ describe CanCan::ResourceAuthorization do
    authorization.load_resource
    @controller.instance_variable_get(:@ability).should == :some_ability
  end
  it "should not load nested resource and build through this if *_id param isn't specified" do
    stub(Person).find(456) { :some_person }
    stub(Ability).new(nil) { :some_ability }
    authorization = CanCan::ResourceAuthorization.new(@controller, {:controller => "abilities", :action => "new", :person_id => 456}, {:nested => [:person, :behavior]})
    authorization.load_resource
    @controller.instance_variable_get(:@person).should == :some_person
    @controller.instance_variable_get(:@ability).should == :some_ability
  end
  it "should load the model using a custom class" do
    stub(Person).find(123) { :some_resource }
    authorization = CanCan::ResourceAuthorization.new(@controller, {:controller => "abilities", :action => "show", :id => 123}, {:class => Person})
    authorization.load_resource
    @controller.instance_variable_get(:@ability).should == :some_resource
  end
 end
Author	SHA1	Message	Date
Ryan Bates	3b9cdce09a	releasing v1.0.2	2009-12-30 21:33:31 -08:00
Ryan Bates	a13f78d6f9	listing additional resources at top of readme page (including metrics and tests)	2009-12-30 20:29:19 -08:00
Ryan Bates	41f67ad6d0	making spec the default rake task so it works at runcoderun.com	2009-12-30 20:22:26 -08:00
Ryan Bates	7d3b4cdbc2	Adding clear_aliased_actions to Ability which removes previously defined actions including defaults	2009-12-30 18:01:40 -08:00
Ryan Bates	f99d506050	Append aliased actions (don't overwrite them) - closes #20	2009-12-30 17:49:49 -08:00
Ryan Bates	ef22de689b	adding custom message argument to unauthorized! method - closes #18	2009-12-15 10:53:05 -08:00
Ryan Bates	67416532f4	adding Railscasts episode to documentation	2009-12-14 09:42:51 -08:00
Ryan Bates	f919ac53bb	releasing gem v1.0.1	2009-12-14 08:37:30 -08:00
Ryan Bates	021f33c9a0	Adding :class option to load_resource so one can customize which class to use for the model - closes #17	2009-12-14 08:31:49 -08:00
Ryan Bates	e9f01300b6	Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - closes #14	2009-12-14 08:18:08 -08:00