releasing version 1.3.4

CHANGELOG.rdoc

@@ -1,11 +1,32 @@
+1.3.4 (August 31, 2010)
+
+* Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131
+
+
+1.3.3 (August 20, 2010)
+
+* Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119
+
+* Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123
+
+
+1.3.2 (August 7, 2010)
+
+* Fixing slice error when passing in custom resource name - see issue #112
+
+
+1.3.1 (August 6, 2010)
+
+* Fixing protected sanitize_sql error - see issue #111
+
+
 1.3.0 (August 6, 2010)
 
 * Adding :find_by option to load_resource - see issue #19
 
 * Adding :singleton option to load_resource - see issue #93
 
-* Supporting multiple resources in :through option for polymorphic
-associations - see issue #73
+* Supporting multiple resources in :through option for polymorphic associations - see issue #73
 
 * Supporting Single Table Inheritance for "can" comparisons - see issue #55
 

README.rdoc

@@ -135,7 +135,7 @@ In the controller +index+ action you may want to fetch only the records which th
 
   @articles = Article.accessible_by(current_ability)
 
-See {Fetching Records}[http://wiki.github.com/ryanb/cancan/fetching-records] for more information.
+This will only work when abilities are defined using hash conditions, not blocks. See {Fetching Records}[http://wiki.github.com/ryanb/cancan/fetching-records] for more information.
 
 
 == Additional Docs

cancan.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = "cancan"
-  s.version     = "1.3.0"
+  s.version     = "1.3.4"
   s.author      = "Ryan Bates"
   s.email       = "ryan@railscasts.com"
   s.homepage    = "http://github.com/ryanb/cancan"

lib/cancan/ability.rb

@@ -216,7 +216,7 @@ module CanCan
     def relevant_can_definitions_for_query(action, subject)
       relevant_can_definitions(action, subject).each do |can_definition|
         if can_definition.only_block?
-          raise Error, "Cannot determine SQL conditions or joins from block for #{action.inspect} #{subject.inspect}"
+          raise Error, "The accessible_by call cannot be used with a block 'can' definition. The SQL cannot be determined for #{action.inspect} #{subject.inspect}"
         end
       end
     end

lib/cancan/can_definition.rb

@@ -30,18 +30,18 @@ module CanCan
       elsif @conditions.kind_of?(Hash) && subject.class != Class
         matches_conditions_hash?(subject)
       else
-        true
+        @base_behavior
       end
     end
 
-    # Returns a hash of conditions, pluralizing the table names
-    def tableized_conditions
-      if @conditions
-        @conditions.inject({}) do |tableized_conditions, (name, value)|
-          name = name.to_s.tableize.to_sym if value.kind_of? Hash
-          tableized_conditions[name] = value
-          tableized_conditions
+    def tableized_conditions(conditions = @conditions)
+      conditions.inject({}) do |result_hash, (name, value)|
+        if value.kind_of? Hash
+          name = name.to_s.tableize.to_sym
+          value = tableized_conditions(value)
         end
+        result_hash[name] = value
+        result_hash
       end
     end
 

lib/cancan/controller_resource.rb

@@ -2,9 +2,11 @@ module CanCan
   # Handle the load and authorization controller logic so we don't clutter up all controllers with non-interface methods.
   # This class is used internally, so you do not need to call methods directly on it.
   class ControllerResource # :nodoc:
-    def self.add_before_filter(controller_class, method, options = {})
+    def self.add_before_filter(controller_class, method, *args)
+      options = args.extract_options!
+      resource_name = args.first
       controller_class.before_filter(options.slice(:only, :except)) do |controller|
-        ControllerResource.new(controller, options.except(:only, :except)).send(method)
+        ControllerResource.new(controller, resource_name, options.except(:only, :except)).send(method)
       end
     end
 

lib/cancan/matchers.rb

@@ -1,4 +1,5 @@
-Spec::Matchers.define :be_able_to do |*args|
+RSpec = Spec unless defined? RSpec # for RSpec 1 compatability
+RSpec::Matchers.define :be_able_to do |*args|
   match do |ability|
     ability.can?(*args)
   end

lib/cancan/query.rb

@@ -71,7 +71,7 @@ module CanCan
     end
 
     def sanitize_sql(conditions)
-      @sanitizer.sanitize_sql(conditions)
+      @sanitizer.send(:sanitize_sql, conditions)
     end
 
     # Takes two hashes and does a deep merge.

spec/cancan/ability_spec.rb

@@ -246,6 +246,14 @@ describe CanCan::Ability do
     @ability.can?(:read, [[4, 5, 6]]).should be_false
   end
 
+  it "should not stop at cannot definition when comparing class" do
+    @ability.can :read, Array
+    @ability.cannot :read, Array, :first => 1
+    @ability.can?(:read, [2, 3, 5]).should be_true
+    @ability.can?(:read, [1, 3, 5]).should be_false
+    @ability.can?(:read, Array).should be_true
+  end
+
   it "should has eated cheezburger" do
     lambda {
       @ability.can? :has, :cheezburger

spec/cancan/active_record_additions_spec.rb

@@ -31,8 +31,8 @@ describe CanCan::ActiveRecordAdditions do
     @ability.can :read, @model_class, :too => {:car => 1, :far => {:bar => 1}}
 
     condition_variants = [
-        '(toos.far.bar=1 AND toos.car=1) OR (foos.bar=1)', # faked sql sanitizer is stupid ;-)
-        '(toos.car=1 AND toos.far.bar=1) OR (foos.bar=1)'
+        '(toos.fars.bar=1 AND toos.car=1) OR (foos.bar=1)', # faked sql sanitizer is stupid ;-)
+        '(toos.car=1 AND toos.fars.bar=1) OR (foos.bar=1)'
     ]
     joins_variants = [
         [:foo, {:too => [:far]}],

spec/cancan/can_definition_spec.rb

@@ -31,6 +31,18 @@ describe CanCan::CanDefinition do
     @can.associations_hash.should == {:foo => {:bar => {}}}
   end
 
+  it "should tableize correctly for absurdly complex permissions" do
+    @conditions[:unit] = {:property=>{:landlord=>{:weasle_id=>560}}}
+    @conditions[:test] = 1
+    @can.tableized_conditions.should == {:units => {:properties => {:landlords=>{:weasle_id=>560}}}, :test => 1}
+  end
+
+  it "should tableize correctly for complex permissions" do
+    @conditions[:unit] = {:property=>{:landlord_id=>560}}
+    @conditions[:test] = 1
+    @can.tableized_conditions.should == {:units => {:properties => {:landlord_id=>560}}, :test => 1}
+  end
+
   it "should return table names in conditions for association joins" do
     @conditions[:foo] = {:bar => 1}
     @conditions[:test] = 1

spec/cancan/controller_additions_spec.rb

@@ -53,19 +53,25 @@ describe CanCan::ControllerAdditions do
   end
 
   it "load_and_authorize_resource should setup a before filter which passes call to ControllerResource" do
-    stub(CanCan::ControllerResource).new(@controller, :foo => :bar).mock!.load_and_authorize_resource
+    stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.load_and_authorize_resource
     mock(@controller_class).before_filter({}) { |options, block| block.call(@controller) }
     @controller_class.load_and_authorize_resource :foo => :bar
   end
 
+  it "load_and_authorize_resource should properly pass first argument as the resource name" do
+    stub(CanCan::ControllerResource).new(@controller, :project, :foo => :bar).mock!.load_and_authorize_resource
+    mock(@controller_class).before_filter({}) { |options, block| block.call(@controller) }
+    @controller_class.load_and_authorize_resource :project, :foo => :bar
+  end
+
   it "authorize_resource should setup a before filter which passes call to ControllerResource" do
-    stub(CanCan::ControllerResource).new(@controller, :foo => :bar).mock!.authorize_resource
+    stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.authorize_resource
     mock(@controller_class).before_filter(:except => :show) { |options, block| block.call(@controller) }
     @controller_class.authorize_resource :foo => :bar, :except => :show
   end
 
   it "load_resource should setup a before filter which passes call to ControllerResource" do
-    stub(CanCan::ControllerResource).new(@controller, :foo => :bar).mock!.load_resource
+    stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.load_resource
     mock(@controller_class).before_filter(:only => [:show, :index]) { |options, block| block.call(@controller) }
     @controller_class.load_resource :foo => :bar, :only => [:show, :index]
   end

spec/spec_helper.rb

@@ -19,25 +19,29 @@ class Ability
   end
 end
 
-# this class helps out in testing nesting and SQL conditions
+# this class helps out in testing SQL conditions
 class Person
-  def self.sanitize_sql(hash_cond)
-    case hash_cond
-    when Hash
-      sanitize_hash(hash_cond).join(' AND ')
-    when Array
-      hash_cond.shift.gsub('?'){"#{hash_cond.shift.inspect}"}
-    when String then hash_cond
+  class << self
+    protected
+
+    def sanitize_sql(hash_cond)
+      case hash_cond
+      when Hash
+        sanitize_hash(hash_cond).join(' AND ')
+      when Array
+        hash_cond.shift.gsub('?'){"#{hash_cond.shift.inspect}"}
+      when String then hash_cond
+      end
+    end
+
+    def sanitize_hash(hash)
+      hash.map do |name, value|
+        if Hash === value
+          sanitize_hash(value).map{|cond| "#{name}.#{cond}"}
+        else
+          "#{name}=#{value}"
+        end
+      end.flatten
     end
   end
-
-  def self.sanitize_hash(hash)
-    hash.map do |name, value|
-      if Hash === value
-        sanitize_hash(value).map{|cond| "#{name}.#{cond}"}
-      else
-        "#{name}=#{value}"
-      end
-    end.flatten
-  end
 end