releasing v1.0.2

CHANGELOG.rdoc

@@ -1,3 +1,12 @@
+1.0.2 (Dec 30, 2009)
+
+* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
+
+* Append aliased actions (don't overwrite them) - see issue #20
+
+* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
+
+
 1.0.1 (Dec 14, 2009)
 
 * Adding :class option to load_resource so one can customize which class to use for the model - see issue #17

README.rdoc

@@ -1,11 +1,11 @@
 = CanCan
 
+RDocs[http://rdoc.info/projects/ryanb/cancan] | Wiki[http://wiki.github.com/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan] | Metrics[http://getcaliper.com/caliper/project?repo=git%3A%2F%2Fgithub.com%2Fryanb%2Fcancan.git] | Tests[http://runcoderun.com/ryanb/cancan]
+
 This is a simple authorization solution for Ruby on Rails to restrict what a given user is allowed to access in the application. This is completely decoupled from any role based implementation allowing you to define user roles the way you want. All permissions are stored in a single location for convenience.
 
 This assumes you already have authentication (such as Authlogic[http://github.com/binarylogic/authlogic]) which provides a current_user model.
 
-See the RDocs[http://rdoc.info/projects/ryanb/cancan] and Wiki[http://wiki.github.com/ryanb/cancan] for additional documentation.
-
 == Installation
 
 You can set it up as a gem in your environment.rb file.
@@ -66,7 +66,7 @@ If the user authorization fails, a CanCan::AccessDenied exception will be raised
 
   class ApplicationController < ActionController::Base
     rescue_from CanCan::AccessDenied do |exception|
-      flash[:error] = "Sorry, you are not allowed to access that page."
+      flash[:error] = exception.message
       redirect_to root_url
     end
   end

Rakefile

@@ -9,3 +9,5 @@ Spec::Rake::SpecTask.new do |t|
   t.spec_files = spec_files
   t.spec_opts = ["-c"]
 end
+
+task :default => :spec

cancan.gemspec

@@ -4,8 +4,8 @@ Gem::Specification.new do |s|
   s.description = "Simple authorization solution for Rails which is completely decoupled from the user's roles. All permissions are stored in a single location for convenience."
   s.homepage = "http://github.com/ryanb/cancan"
   
-  s.version = "1.0.1"
-  s.date = "2009-12-14"
+  s.version = "1.0.2"
+  s.date = "2009-12-30"
   
   s.authors = ["Ryan Bates"]
   s.email = "ryan@railscasts.com"

lib/cancan/ability.rb

@@ -156,15 +156,22 @@ module CanCan
     # This way one can use params[:action] in the controller to determine the permission.
     def alias_action(*args)
       target = args.pop[:to]
-      aliased_actions[target] = args
+      aliased_actions[target] ||= []
+      aliased_actions[target] += args
     end
     
-    private
-    
+    # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
     def aliased_actions
       @aliased_actions ||= default_alias_actions
     end
     
+    # Removes previously aliased actions including the defaults.
+    def clear_aliased_actions
+      @aliased_actions = {}
+    end
+    
+    private
+    
     def default_alias_actions
       {
         :read => [:index, :show],

lib/cancan/controller_additions.rb

@@ -123,24 +123,22 @@ module CanCan
     #     unauthorized! if cannot? :read, @article
     #   end
     # 
-    # You can rescue from the exception in the controller to specify
-    # the user experience.
+    # The unauthorized! method accepts an optional argument which sets the
+    # message of the exception.
+    # 
+    # You can rescue from the exception in the controller to define the behavior.
     # 
     #   class ApplicationController < ActionController::Base
-    #     rescue_from CanCan::AccessDenied, :with => :access_denied
-    #   
-    #     protected
-    #   
-    #     def access_denied
-    #       flash[:error] = "Sorry, you are not allowed to access that page."
+    #     rescue_from CanCan::AccessDenied do |exception|
+    #       flash[:error] = exception.message
     #       redirect_to root_url
     #     end
     #   end
     # 
     # See the load_and_authorize_resource method to automatically add
     # the "unauthorized!" behavior to a RESTful controller's actions.
-    def unauthorized!
-      raise AccessDenied, "You are unable to access this page."
+    def unauthorized!(message = "You are not authorized to access this page.")
+      raise AccessDenied, message
     end
     
     # Creates and returns the current user's ability. You generally do not invoke

spec/cancan/ability_spec.rb

@@ -2,9 +2,8 @@ require File.dirname(__FILE__) + '/../spec_helper'
 
 describe CanCan::Ability do
   before(:each) do
-    @ability_class = Class.new
-    @ability_class.send(:include, CanCan::Ability)
-    @ability = @ability_class.new
+    @ability = Object.new
+    @ability.extend(CanCan::Ability)
   end
   
   it "should be able to :read anything" do
@@ -50,9 +49,7 @@ describe CanCan::Ability do
   
   it "should alias update or destroy actions to modify action" do
     @ability.alias_action :update, :destroy, :to => :modify
-    @ability.can :modify, :all do |object_class, object|
-      :modify_called
-    end
+    @ability.can(:modify, :all) { :modify_called }
     @ability.can?(:update, 123).should == :modify_called
     @ability.can?(:destroy, 123).should == :modify_called
   end
@@ -123,4 +120,16 @@ describe CanCan::Ability do
     @ability.can?(:read, 3).should be_true
     @ability.can?(:read, 123).should be_false
   end
+  
+  it "should append aliased actions" do
+    @ability.alias_action :update, :to => :modify
+    @ability.alias_action :destroy, :to => :modify
+    @ability.aliased_actions[:modify].should == [:update, :destroy]
+  end
+  
+  it "should clear aliased actions" do
+    @ability.alias_action :update, :to => :modify
+    @ability.clear_aliased_actions
+    @ability.aliased_actions[:modify].should be_nil
+  end
 end

spec/cancan/controller_additions_spec.rb

@@ -9,10 +9,16 @@ describe CanCan::ControllerAdditions do
     @controller_class.send(:include, CanCan::ControllerAdditions)
   end
   
-  it "should read from the cache with request uri as key and render that text" do
+  it "should raise access denied with default message when calling unauthorized!" do
     lambda {
       @controller.unauthorized!
-    }.should raise_error(CanCan::AccessDenied)
+    }.should raise_error(CanCan::AccessDenied, "You are not authorized to access this page.")
+  end
+  
+  it "should raise access denied with custom message when calling unauthorized!" do
+    lambda {
+      @controller.unauthorized! "Access denied!"
+    }.should raise_error(CanCan::AccessDenied, "Access denied!")
   end
   
   it "should have a current_ability method which generates an ability for the current user" do