releasing version 1.6.6

Allow custom IDs to be specified when calling load_resource

.travis.yml

@@ -0,0 +1,7 @@
+rvm:
+  - 1.8.7
+  - ree
+notifications:
+  recipients:
+    - graf.otodrakula@gmail.com
+    - ryan@railscasts.com

CHANGELOG.rdoc

@@ -1,3 +1,22 @@
+1.6.6 (September 28, 2011)
+
+* correct "return cant jump across threads" error when using check_authorization (thanks codeprimate) - issues #463, #469
+
+* fixing tests in development by specifying with_model version  (thanks kirkconnell) - issue #476
+
+* added travis.yml file for TravisCI support (thanks bai) - issue #427
+
+* better support for namespaced models (thanks whilefalse) - issues #424
+
+* adding :id_param option to load_and_authorize_resource (thanks skhisma) - issue #425
+
+* make default unauthorized message translatable text (thanks nhocki) - issue #409
+
+* improving DataMapper behavior (thanks psanford, maxsum-corin) - issue #410, #373
+
+* allow :find_by option to be full find method name - issue #335
+
+
 1.6.5 (May 18, 2011)
 
 * pass action and subject through AccessDenied exception when :through isn't found - issue #366
@@ -15,7 +34,6 @@
 * improve scope merging - issue #328
 
 
-
 1.6.4 (March 29, 2011)
 
 * Fixed mongoid 'or' error - see issue #322

Gemfile

@@ -3,8 +3,8 @@ source "http://rubygems.org"
 case ENV["MODEL_ADAPTER"]
 when nil, "active_record"
   gem "sqlite3"
-  gem "activerecord", :require => "active_record"
-  gem "with_model"
+  gem "activerecord", '~> 3.0.9', :require => "active_record"
+  gem "with_model", '~> 0.1.5'
   gem "meta_where"
 when "data_mapper"
   gem "dm-core", "~> 1.0.2"

cancan.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = "cancan"
-  s.version     = "1.6.5"
+  s.version     = "1.6.6"
   s.author      = "Ryan Bates"
   s.email       = "ryan@railscasts.com"
   s.homepage    = "http://github.com/ryanb/cancan"
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
   s.require_path = "lib"
 
   s.add_development_dependency 'rspec', '~> 2.1.0'
-  s.add_development_dependency 'rails', '~> 3.0.0'
+  s.add_development_dependency 'rails', '~> 3.0.9'
   s.add_development_dependency 'rr', '~> 0.10.11' # 1.0.0 has respond_to? issues: http://github.com/btakita/rr/issues/issue/43
   s.add_development_dependency 'supermodel', '~> 0.1.4'
 

lib/cancan/controller_additions.rb

@@ -186,7 +186,7 @@ module CanCan
         skip_authorize_resource(*args)
       end
 
-      # Skip both the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
+      # Skip the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
       # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
       # skip the effects on. It will apply to all actions by default.
       #
@@ -202,7 +202,7 @@ module CanCan
         cancan_skipper[:load][name] = options
       end
 
-      # Skip both the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
+      # Skip the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
       # only do loading on certain actions. You can pass :only and :except options to specify which actions to
       # skip the effects on. It will apply to all actions by default.
       #
@@ -247,9 +247,9 @@ module CanCan
       #
       def check_authorization(options = {})
         self.after_filter(options.slice(:only, :except)) do |controller|
-          return if controller.instance_variable_defined?(:@_authorized)
-          return if options[:if] && !controller.send(options[:if])
-          return if options[:unless] && controller.send(options[:unless])
+          next if controller.instance_variable_defined?(:@_authorized)
+          next if options[:if] && !controller.send(options[:if])
+          next if options[:unless] && controller.send(options[:unless])
           raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
         end
       end

lib/cancan/controller_resource.rb

@@ -100,8 +100,20 @@ module CanCan
       if @options[:singleton] && parent_resource.respond_to?(name)
         parent_resource.send(name)
       else
-        @options[:find_by] ? resource_base.send("find_by_#{@options[:find_by]}!", id_param) : resource_base.find(id_param)
+        if @options[:find_by]
+          if resource_base.respond_to? "find_by_#{@options[:find_by]}!"
+            resource_base.send("find_by_#{@options[:find_by]}!", id_param)
+          else
+            resource_base.send(@options[:find_by], id_param)
           end
+        else
+          adapter.find(resource_base, id_param)
+        end
+      end
+    end
+
+    def adapter
+      ModelAdapters::AbstractAdapter.adapter_class(resource_class)
     end
 
     def authorization_action
@@ -109,11 +121,15 @@ module CanCan
     end
 
     def id_param
+      if @options[:id_param]
+        @params[@options[:id_param]]
+      else
         @params[parent? ? :"#{name}_id" : :id]
       end
+    end
 
     def member_action?
-      new_actions.include?(@params[:action].to_sym) || @options[:singleton] || (@params[:id] && !collection_actions.include?(@params[:action].to_sym))
+      new_actions.include?(@params[:action].to_sym) || @options[:singleton] || ( (@params[:id] || @params[@options[:id_param]]) && !collection_actions.include?(@params[:action].to_sym))
     end
 
     # Returns the class used for this resource. This can be overriden by the :class option.
@@ -122,7 +138,7 @@ module CanCan
     def resource_class
       case @options[:class]
       when false  then name.to_sym
-      when nil    then name.to_s.camelize.constantize
+      when nil    then namespaced_name.to_s.camelize.constantize
       when String then @options[:class].constantize
       else @options[:class]
       end
@@ -191,6 +207,12 @@ module CanCan
       @name || name_from_controller
     end
 
+    def namespaced_name
+      @params[:controller].sub("Controller", "").singularize.camelize.constantize
+    rescue NameError
+      name
+    end
+
     def name_from_controller
       @params[:controller].sub("Controller", "").underscore.split('/').last.singularize
     end

lib/cancan/exceptions.rb

@@ -40,7 +40,7 @@ module CanCan
       @message = message
       @action = action
       @subject = subject
-      @default_message = "You are not authorized to access this page."
+      @default_message = I18n.t(:"unauthorized.default", :default => "You are not authorized to access this page.")
     end
 
     def to_s

lib/cancan/matchers.rb

@@ -1,5 +1,5 @@
-RSpec = Spec unless defined? RSpec # for RSpec 1 compatability
-RSpec::Matchers.define :be_able_to do |*args|
+rspec_module = defined?(RSpec::Core) ? 'RSpec' : 'Spec'  # for RSpec 1 compatability
+Kernel.const_get(rspec_module)::Matchers.define :be_able_to do |*args|
   match do |ability|
     ability.can?(*args)
   end

lib/cancan/model_adapters/abstract_adapter.rb

@@ -15,6 +15,11 @@ module CanCan
         false # override in subclass
       end
 
+      # Override if you need custom find behavior
+      def self.find(model_class, id)
+        model_class.find(id)
+      end
+
       # Used to determine if this model adapter will override the matching behavior for a hash of conditions.
       # If this returns true then matches_conditions_hash? will be called. See Rule#matches_conditions_hash
       def self.override_conditions_hash_matching?(subject, conditions)

lib/cancan/model_adapters/data_mapper_adapter.rb

@@ -5,6 +5,10 @@ module CanCan
         model_class <= DataMapper::Resource
       end
 
+      def self.find(model_class, id)
+        model_class.get(id)
+      end
+
       def self.override_conditions_hash_matching?(subject, conditions)
         conditions.any? { |k,v| !k.kind_of?(Symbol) }
       end
@@ -27,6 +31,4 @@ module CanCan
   end # module ModelAdapters
 end # module CanCan
 
-DataMapper::Model.class_eval do
-  include CanCan::ModelAdditions::ClassMethods
-end
+DataMapper::Model.append_extensions(CanCan::ModelAdditions::ClassMethods)

spec/cancan/controller_resource_spec.rb

@@ -35,6 +35,18 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_get(:@project).should == project
   end
 
+  it "should attempt to load a resource with the same namespace as the controller when using :: for namespace" do
+    module MyEngine
+      class Project < ::Project; end
+    end
+
+    project = MyEngine::Project.create!
+    @params.merge!(:controller => "MyEngine::ProjectsController", :action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
   it "should properly load resource for namespaced controller when using '::' for namespace" do
     project = Project.create!
     @params.merge!(:controller => "Admin::ProjectsController", :action => "show", :id => project.id)
@@ -328,6 +340,14 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_get(:@custom_project).should == project
   end
   
+  it "should load resource using custom ID param" do
+    project = Project.create!
+    @params.merge!(:action => "show", :the_project => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :id_param => :the_project)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+  
   it "should load resource using custom find_by attribute" do
     project = Project.create!(:name => "foo")
     @params.merge!(:action => "show", :id => "foo")
@@ -336,6 +356,14 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_get(:@project).should == project
   end
 
+  it "should allow full find method to be passed into find_by option" do
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "show", :id => "foo")
+    resource = CanCan::ControllerResource.new(@controller, :find_by => :find_by_name)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
   it "should raise ImplementationRemoved when adding :name option" do
     lambda {
       CanCan::ControllerResource.new(@controller, :name => :foo)

spec/cancan/exceptions_spec.rb

@@ -32,4 +32,27 @@ describe CanCan::AccessDenied do
       @exception.message.should == "Access denied!"
     end
   end
+  
+  describe "i18n in the default message" do
+    after(:each) do
+      I18n.backend = nil
+    end
+    
+    it "uses i18n for the default message" do
+      I18n.backend.store_translations :en, :unauthorized => {:default => "This is a different message"}
+      @exception = CanCan::AccessDenied.new
+      @exception.message.should == "This is a different message"
+    end
+    
+    it "defaults to a nice message" do
+      @exception = CanCan::AccessDenied.new
+      @exception.message.should == "You are not authorized to access this page."
+    end
+    
+    it "does not use translation if a message is given" do
+      @exception = CanCan::AccessDenied.new("Hey! You're not welcome here")
+      @exception.message.should == "Hey! You're not welcome here"
+      @exception.message.should_not == "You are not authorized to access this page."
+    end
+  end
 end

spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -56,6 +56,11 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
       CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article).should == CanCan::ModelAdapters::ActiveRecordAdapter
     end
 
+    it "should find record" do
+      article = Article.create!
+      CanCan::ModelAdapters::ActiveRecordAdapter.find(Article, article.id).should == article
+    end
+
     it "should not fetch any records when no abilities are defined" do
       Article.create!
       Article.accessible_by(@ability).should be_empty

spec/cancan/model_adapters/data_mapper_adapter_spec.rb

@@ -36,6 +36,11 @@ if ENV["MODEL_ADAPTER"] == "data_mapper"
       CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article).should == CanCan::ModelAdapters::DataMapperAdapter
     end
 
+    it "should find record" do
+      article = Article.create
+      CanCan::ModelAdapters::DataMapperAdapter.find(Article, article.id).should == article
+    end
+
     it "should not fetch any records when no abilities are defined" do
       Article.create
       Article.accessible_by(@ability).should be_empty

spec/cancan/model_adapters/mongoid_adapter_spec.rb

@@ -36,6 +36,11 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
         CanCan::ModelAdapters::AbstractAdapter.adapter_class(MongoidProject).should == CanCan::ModelAdapters::MongoidAdapter
       end
 
+      it "should find record" do
+        project = MongoidProject.create
+        CanCan::ModelAdapters::MongoidAdapter.find(MongoidProject, project.id).should == project
+      end
+
       it "should compare properties on mongoid documents with the conditions hash" do
         model = MongoidProject.new
         @ability.can :read, MongoidProject, :id => model.id

spec/spec_helper.rb

@@ -30,4 +30,12 @@ end
 class Project < SuperModel::Base
   belongs_to :category
   attr_accessor :category # why doesn't SuperModel do this automatically?
+
+  def self.respond_to?(method, include_private = false)
+    if method.to_s == "find_by_name!" # hack to simulate ActiveRecord
+      true
+    else
+      super
+    end
+  end
 end