releasing gem v1.0.1

CHANGELOG.rdoc

@@ -1,3 +1,10 @@
+1.0.1 (Dec 14, 2009)
+
+* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
+
+* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
+
+
 1.0.0 (Dec 13, 2009)
 
 * Don't set resource instance variable if it has been set already - see issue #13

README.rdoc

@@ -65,11 +65,7 @@ Setting this for every action can be tedious, therefore the load_and_authorize_r
 If the user authorization fails, a CanCan::AccessDenied exception will be raised. You can catch this and modify its behavior in the ApplicationController.
 
   class ApplicationController < ActionController::Base
-    rescue_from CanCan::AccessDenied, :with => :access_denied
+    rescue_from CanCan::AccessDenied do |exception|
-  
-    protected
-  
-    def access_denied
       flash[:error] = "Sorry, you are not allowed to access that page."
       redirect_to root_url
     end

cancan.gemspec

@@ -4,8 +4,8 @@ Gem::Specification.new do |s|
   s.description = "Simple authorization solution for Rails which is completely decoupled from the user's roles. All permissions are stored in a single location for convenience."
   s.homepage = "http://github.com/ryanb/cancan"
   
-  s.version = "1.0.0"
+  s.version = "1.0.1"
-  s.date = "2009-12-13"
+  s.date = "2009-12-14"
   
   s.authors = ["Ryan Bates"]
   s.email = "ryan@railscasts.com"

lib/cancan/controller_additions.rb

@@ -59,6 +59,9 @@ module CanCan
       #   
       #     load_resource :nested => [:publisher, :author]
       #   
+      # [:+class+]
+      #   The class to use for the model.
+      #   
       # [:+collection+]
       #   Specify which actions are resource collection actions in addition to :+index+. This
       #   is usually not necessary because it will try to guess depending on if an :+id+
@@ -72,7 +75,7 @@ module CanCan
       #   fetch one.
       #   
       #     load_resource :new => :build
-      #   
+      # 
       def load_resource(options = {})
         before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).load_resource }
       end
@@ -99,6 +102,9 @@ module CanCan
       # [:+except+]
       #   Does not apply before filter to given actions.
       # 
+      # [:+class+]
+      #   The class to use for the model.
+      # 
       def authorize_resource(options = {})
         before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).authorize_resource }
       end

lib/cancan/controller_resource.rb

@@ -1,13 +1,14 @@
 module CanCan
   class ControllerResource # :nodoc:
-    def initialize(controller, name, parent = nil)
+    def initialize(controller, name, parent = nil, options = {})
       @controller = controller
       @name = name
       @parent = parent
+      @options = options
     end
     
     def model_class
-      @name.to_s.camelize.constantize
+      @options[:class] || @name.to_s.camelize.constantize
     end
     
     def find(id)

lib/cancan/resource_authorization.rb

@@ -30,14 +30,19 @@ module CanCan
     private
     
     def resource
-      @resource ||= ControllerResource.new(@controller, model_name, parent_resource)
+      @resource ||= ControllerResource.new(@controller, model_name, parent_resource, @options)
     end
     
     def parent_resource
       parent = nil
       [@options[:nested]].flatten.compact.each do |name|
-        parent = ControllerResource.new(@controller, name, parent)
+        id = @params["#{name}_id".to_sym]
-        parent.find(@params["#{name}_id".to_sym])
+        if id
+          parent = ControllerResource.new(@controller, name, parent)
+          parent.find(id)
+        else
+          parent = nil
+        end
       end
       parent
     end

spec/cancan/controller_resource_spec.rb

@@ -40,4 +40,10 @@ describe CanCan::ControllerResource do
     CanCan::ControllerResource.new(@controller, :ability).find(123)
     @controller.instance_variable_get(:@ability).should == :some_ability
   end
+  
+  it "should use the model class option if provided" do
+    stub(Person).find(123) { :some_resource }
+    CanCan::ControllerResource.new(@controller, :ability, nil, :class => Person).find(123)
+    @controller.instance_variable_get(:@ability).should == :some_resource
+  end
 end

spec/cancan/resource_authorization_spec.rb

@@ -96,4 +96,20 @@ describe CanCan::ResourceAuthorization do
     authorization.load_resource
     @controller.instance_variable_get(:@ability).should == :some_ability
   end
+  
+  it "should not load nested resource and build through this if *_id param isn't specified" do
+    stub(Person).find(456) { :some_person }
+    stub(Ability).new(nil) { :some_ability }
+    authorization = CanCan::ResourceAuthorization.new(@controller, {:controller => "abilities", :action => "new", :person_id => 456}, {:nested => [:person, :behavior]})
+    authorization.load_resource
+    @controller.instance_variable_get(:@person).should == :some_person
+    @controller.instance_variable_get(:@ability).should == :some_ability
+  end
+  
+  it "should load the model using a custom class" do
+    stub(Person).find(123) { :some_resource }
+    authorization = CanCan::ResourceAuthorization.new(@controller, {:controller => "abilities", :action => "show", :id => 123}, {:class => Person})
+    authorization.load_resource
+    @controller.instance_variable_get(:@ability).should == :some_resource
+  end
 end