will/cancan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: will:1.0.0
Branches Tags
will:master will:2.0
will:1.6.10 will:1.6.9 will:1.6.8 will:1.6.7 will:1.6.6 will:1.6.5 will:1.6.4 will:1.6.3 will:1.6.2 will:1.6.1 will:1.6.0 will:1.5.1 will:1.5.0 will:1.4.1 will:1.4.0 will:1.3.4 will:1.3.3 will:1.3.2 will:1.3.1 will:1.3.0 will:1.2.0 will:1.1.1 will:1.1 will:1.0.2 will:1.0.1 will:1.0.0 will:0.2.1 will:0.2.0 will:0.1.0
..
compare: will:1.0.1
Branches Tags
will:master will:2.0
will:1.6.10 will:1.6.9 will:1.6.8 will:1.6.7 will:1.6.6 will:1.6.5 will:1.6.4 will:1.6.3 will:1.6.2 will:1.6.1 will:1.6.0 will:1.5.1 will:1.5.0 will:1.4.1 will:1.4.0 will:1.3.4 will:1.3.3 will:1.3.2 will:1.3.1 will:1.3.0 will:1.2.0 will:1.1.1 will:1.1 will:1.0.2 will:1.0.1 will:1.0.0 will:0.2.1 will:0.2.0 will:0.1.0

3 Commits
1.0.0 ... 1.0.1

Author SHA1 Message Date
Ryan Bates
f919ac53bb releasing gem v1.0.1 2009-12-14 08:37:30 -08:00
Ryan Bates
021f33c9a0 Adding :class option to load_resource so one can customize which class to use for the model - closes #17 2009-12-14 08:31:49 -08:00
Ryan Bates
e9f01300b6 Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - closes #14 2009-12-14 08:18:08 -08:00
8 changed files with 50 additions and 13 deletions
Expand all files Collapse all files

7
CHANGELOG.rdoc
View File

@@ -1,3 +1,10 @@
1.0.1 (Dec 14, 2009)
* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
1.0.0 (Dec 13, 2009)
* Don't set resource instance variable if it has been set already - see issue #13

6
README.rdoc
View File

@@ -65,11 +65,7 @@ Setting this for every action can be tedious, therefore the load_and_authorize_r
If the user authorization fails, a CanCan::AccessDenied exception will be raised. You can catch this and modify its behavior in the ApplicationController.
class ApplicationController < ActionController::Base
rescue_from CanCan::AccessDenied, :with => :access_denied
protected
def access_denied
rescue_from CanCan::AccessDenied do |exception|
flash[:error] = "Sorry, you are not allowed to access that page."
redirect_to root_url
end

4
cancan.gemspec
View File

@@ -4,8 +4,8 @@ Gem::Specification.new do |s|
s.description = "Simple authorization solution for Rails which is completely decoupled from the user's roles. All permissions are stored in a single location for convenience."
s.homepage = "http://github.com/ryanb/cancan"
s.version = "1.0.0"
s.date = "2009-12-13"
s.version = "1.0.1"
s.date = "2009-12-14"
s.authors = ["Ryan Bates"]
s.email = "ryan@railscasts.com"

6
lib/cancan/controller_additions.rb
View File

@@ -59,6 +59,9 @@ module CanCan
#
# load_resource :nested => [:publisher, :author]
#
# [:+class+]
# The class to use for the model.
#
# [:+collection+]
# Specify which actions are resource collection actions in addition to :+index+. This
# is usually not necessary because it will try to guess depending on if an :+id+
@@ -99,6 +102,9 @@ module CanCan
# [:+except+]
# Does not apply before filter to given actions.
#
# [:+class+]
# The class to use for the model.
#
def authorize_resource(options = {})
before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).authorize_resource }
end

5
lib/cancan/controller_resource.rb
View File

@@ -1,13 +1,14 @@
module CanCan
class ControllerResource # :nodoc:
def initialize(controller, name, parent = nil)
def initialize(controller, name, parent = nil, options = {})
@controller = controller
@name = name
@parent = parent
@options = options
end
def model_class
@name.to_s.camelize.constantize
@options[:class] || @name.to_s.camelize.constantize
end
def find(id)

11
lib/cancan/resource_authorization.rb
View File

@@ -30,14 +30,19 @@ module CanCan
private
def resource
@resource ||= ControllerResource.new(@controller, model_name, parent_resource)
@resource ||= ControllerResource.new(@controller, model_name, parent_resource, @options)
end
def parent_resource
parent = nil
[@options[:nested]].flatten.compact.each do |name|
parent = ControllerResource.new(@controller, name, parent)
parent.find(@params["#{name}_id".to_sym])
id = @params["#{name}_id".to_sym]
if id
parent = ControllerResource.new(@controller, name, parent)
parent.find(id)
else
parent = nil
end
end
parent
end

6
spec/cancan/controller_resource_spec.rb
View File

@@ -40,4 +40,10 @@ describe CanCan::ControllerResource do
CanCan::ControllerResource.new(@controller, :ability).find(123)
@controller.instance_variable_get(:@ability).should == :some_ability
end
it "should use the model class option if provided" do
stub(Person).find(123) { :some_resource }
CanCan::ControllerResource.new(@controller, :ability, nil, :class => Person).find(123)
@controller.instance_variable_get(:@ability).should == :some_resource
end
end

16
spec/cancan/resource_authorization_spec.rb
View File

@@ -96,4 +96,20 @@ describe CanCan::ResourceAuthorization do
authorization.load_resource
@controller.instance_variable_get(:@ability).should == :some_ability
end
it "should not load nested resource and build through this if *_id param isn't specified" do
stub(Person).find(456) { :some_person }
stub(Ability).new(nil) { :some_ability }
authorization = CanCan::ResourceAuthorization.new(@controller, {:controller => "abilities", :action => "new", :person_id => 456}, {:nested => [:person, :behavior]})
authorization.load_resource
@controller.instance_variable_get(:@person).should == :some_person
@controller.instance_variable_get(:@ability).should == :some_ability
end
it "should load the model using a custom class" do
stub(Person).find(123) { :some_resource }
authorization = CanCan::ResourceAuthorization.new(@controller, {:controller => "abilities", :action => "show", :id => 123}, {:class => Person})
authorization.load_resource
@controller.instance_variable_get(:@ability).should == :some_resource
end
end