releasing 1.6.8

Init attributes in InheritedResources controller w/ specs

.rbenv-version

@@ -0,0 +1 @@
+1.8.7-p357

CHANGELOG.rdoc

@@ -1,7 +1,26 @@
+1.6.8 (June 25, 2012)
+
+* improved support for namespaced controllers and models
+
+* pass :if and :unless options for load and authorize resource (thanks mauriciozaffari)
+
+* Travis CI badge (thanks plentz)
+
+* adding Ability#merge for combining multiple abilities (thanks rogercampos)
+
+* support for multiple MetaWhere rules (thanks andhapp)
+
+* various fixes for DataMapper, Mongoid, and Inherited Resource integration
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.7...1.6.8]
+
+
 1.6.7 (October 4, 2011)
 
 * fixing nested resource problem caused by namespace addition - issue #482
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.6...1.6.7]
+
 
 1.6.6 (September 28, 2011)
 
@@ -21,6 +40,8 @@
 
 * allow :find_by option to be full find method name - issue #335
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.5...1.6.6]
+
 
 1.6.5 (May 18, 2011)
 
@@ -38,11 +59,15 @@
 
 * improve scope merging - issue #328
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.4...1.6.5]
+
 
 1.6.4 (March 29, 2011)
 
 * Fixed mongoid 'or' error - see issue #322
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.3...1.6.4]
+
 
 1.6.3 (March 25, 2011)
 
@@ -50,11 +75,15 @@
 
 * Return subject passed to authorize! - see issue #314
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.2...1.6.3]
+
 
 1.6.2 (March 18, 2011)
 
 * Fixed instance loading when :singleton option is used - see issue #310
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.1...1.6.2]
+
 
 1.6.1 (March 15, 2011)
 
@@ -64,6 +93,8 @@
 
 * Reverted Inherited Resources "collection" override since it doesn't seem to be working - see issue #305
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.0...1.6.1]
+
 
 1.6.0 (March 11, 2011)
 
@@ -85,6 +116,8 @@
 
 * Raise an exception when trying to make a Ability condition with both a hash of conditions and a block - see issue #269
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.5.1...1.6.0]
+
 
 1.5.1 (January 20, 2011)
 
@@ -92,6 +125,8 @@
 
 * Improving Mongoid support for multiple can and cannot definitions (thanks stellard) - see issue #239
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.5.0...1.5.1]
+
 
 1.5.0 (January 11, 2011)
 
@@ -113,6 +148,8 @@
 
 * Internal: added .rvmrc to auto-switch to 1.8.7 with gemset - see issue #231
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.4.1...1.5.0]
+
 
 1.4.1 (November 12, 2010)
 
@@ -126,6 +163,8 @@
 
 * Fix odd behavior when "cache_classes = false" (thanks mphalliday) - see issue #174
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.4.0...1.4.1]
+
 
 1.4.0 (October 5, 2010)
 
@@ -165,11 +204,15 @@
 
 * No longer calling block in +can+ definition when checking on class - see issue #116
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.4...1.4.0]
+
 
 1.3.4 (August 31, 2010)
 
 * Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.3...1.3.4]
+
 
 1.3.3 (August 20, 2010)
 
@@ -177,16 +220,22 @@
 
 * Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.2...1.3.3]
+
 
 1.3.2 (August 7, 2010)
 
 * Fixing slice error when passing in custom resource name - see issue #112
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.1...1.3.2]
+
 
 1.3.1 (August 6, 2010)
 
 * Fixing protected sanitize_sql error - see issue #111
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.0...1.3.1]
+
 
 1.3.0 (August 6, 2010)
 
@@ -214,6 +263,8 @@
 
 * Supporting deeply nested aliases - see issue #98
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.2.0...1.3.0]
+
 
 1.2.0 (July 16, 2010)
 
@@ -229,11 +280,15 @@
 
 * Adding joins clause to accessible_by when conditions are across associations
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.1.1...1.2.0]
+
 
 1.1.1 (April 17, 2010)
 
 * Fixing behavior in Rails 3 by properly initializing ResourceAuthorization
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.1...1.1.1]
+
 
 1.1.0 (April 17, 2010)
 
@@ -257,6 +312,8 @@
 
 * Support additional arguments to can? which get passed to the block - see issue #48
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.2...1.1]
+
 
 1.0.2 (Dec 30, 2009)
 
@@ -266,6 +323,8 @@
 
 * Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.1...1.0.2]
+
 
 1.0.1 (Dec 14, 2009)
 
@@ -273,6 +332,8 @@
 
 * Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.0...1.0.1]
+
 
 1.0.0 (Dec 13, 2009)
 
@@ -288,6 +349,8 @@
 
 * BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.2.1...1.0.0]
+
 
 0.2.1 (Nov 26, 2009)
 
@@ -297,6 +360,8 @@
 
 * support custom objects (usually symbols) in can definition - see issue #8
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.2.0...0.2.1]
+
 
 0.2.0 (Nov 17, 2009)
 
@@ -308,6 +373,8 @@
 
 * BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4
 
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.1.0...0.2.0]
+
 
 0.1.0 (Nov 16, 2009)
 

Gemfile

@@ -4,7 +4,7 @@ case ENV["MODEL_ADAPTER"]
 when nil, "active_record"
   gem "sqlite3"
   gem "activerecord", '~> 3.0.9', :require => "active_record"
-  gem "with_model", '~> 0.1.5'
+  gem "with_model", "~> 0.2.5"
   gem "meta_where"
 when "data_mapper"
   gem "dm-core", "~> 1.0.2"

README.rdoc

@@ -1,4 +1,4 @@
-= CanCan
+= CanCan {<img src="https://secure.travis-ci.org/ryanb/cancan.png" />}[http://travis-ci.org/ryanb/cancan]
 
 Wiki[https://github.com/ryanb/cancan/wiki] | RDocs[http://rdoc.info/projects/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan]
 
@@ -31,6 +31,15 @@ User permissions are defined in an +Ability+ class. CanCan 1.5 includes a Rails
 
   rails g cancan:ability
 
+In Rails 2.3, just add a new class in `app/models/ability.rb` with the folowing contents:
+
+  class Ability
+    include CanCan::Ability
+
+    def initialize(user)
+    end
+  end
+
 See {Defining Abilities}[https://github.com/ryanb/cancan/wiki/defining-abilities] for details.
 
 

cancan.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = "cancan"
-  s.version     = "1.6.7"
+  s.version     = "1.6.8"
   s.author      = "Ryan Bates"
   s.email       = "ryan@railscasts.com"
   s.homepage    = "http://github.com/ryanb/cancan"

lib/cancan/ability.rb

@@ -228,6 +228,13 @@ module CanCan
       relevant_rules(action, subject).any?(&:only_raw_sql?)
     end
 
+    def merge(ability)
+      ability.send(:rules).each do |rule|
+        rules << rule.dup
+      end
+      self
+    end
+
     private
 
     def unauthorized_message_keys(action, subject)

lib/cancan/controller_additions.rb

@@ -94,7 +94,7 @@ module CanCan
       # [:+find_by+]
       #   Find using a different attribute other than id. For example.
       #
-      #     load_resource :find_by => :permalink # will use find_by_permlink!(params[:id])
+      #     load_resource :find_by => :permalink # will use find_by_permalink!(params[:id])
       #
       # [:+collection+]
       #   Specify which actions are resource collection actions in addition to :+index+. This
@@ -151,6 +151,9 @@ module CanCan
       # [:+except+]
       #   Does not apply before filter to given actions.
       #
+      # [:+singleton+]
+      #   Pass +true+ if this is a singleton resource through a +has_one+ association.
+      #
       # [:+parent+]
       #   True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
       #   name is given which does not match the controller.
@@ -382,7 +385,7 @@ module CanCan
   end
 end
 
-if defined? ActionController
+if defined? ActionController::Base
   ActionController::Base.class_eval do
     include CanCan::ControllerAdditions
   end

lib/cancan/controller_resource.rb

@@ -6,8 +6,8 @@ module CanCan
       options = args.extract_options!
       resource_name = args.first
       before_filter_method = options.delete(:prepend) ? :prepend_before_filter : :before_filter
-      controller_class.send(before_filter_method, options.slice(:only, :except)) do |controller|
-        controller.class.cancan_resource_class.new(controller, resource_name, options.except(:only, :except)).send(method)
+      controller_class.send(before_filter_method, options.slice(:only, :except, :if, :unless)) do |controller|
+        controller.class.cancan_resource_class.new(controller, resource_name, options.except(:only, :except, :if, :unless)).send(method)
       end
     end
 
@@ -82,7 +82,11 @@ module CanCan
     end
 
     def build_resource
-      resource = resource_base.new(@params[name] || {})
+      resource = resource_base.new(resource_params || {})
+      assign_attributes(resource)
+    end
+
+    def assign_attributes(resource)
       resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
       initial_attributes.each do |attr_name, value|
         resource.send("#{attr_name}=", value)
@@ -92,7 +96,7 @@ module CanCan
 
     def initial_attributes
       current_ability.attributes_for(@params[:action].to_sym, resource_class).delete_if do |key, value|
-        @params[name] && @params[name].include?(key)
+        resource_params && resource_params.include?(key)
       end
     end
 
@@ -207,8 +211,20 @@ module CanCan
       @name || name_from_controller
     end
 
+    def resource_params
+      if @options[:class]
+        @params[@options[:class].to_s.underscore.gsub('/', '_')]
+      else
+        @params[namespaced_name.to_s.underscore.gsub("/", "_")]
+      end
+    end
+
+    def namespace
+      @params[:controller].split("::")[0..-2]
+    end
+
     def namespaced_name
-      @name || @params[:controller].sub("Controller", "").singularize.camelize.constantize
+      [namespace, name.camelize].join('::').singularize.camelize.constantize
     rescue NameError
       name
     end

lib/cancan/inherited_resource.rb

@@ -6,7 +6,8 @@ module CanCan
         @controller.send :association_chain
         @controller.instance_variable_get("@#{instance_name}")
       elsif new_actions.include? @params[:action].to_sym
-        @controller.send :build_resource
+        resource = @controller.send :build_resource
+        assign_attributes(resource)
       else
         @controller.send :resource
       end

lib/cancan/model_adapters/active_record_adapter.rb

@@ -89,7 +89,12 @@ module CanCan
         if override_scope
           @model_class.scoped.merge(override_scope)
         elsif @model_class.respond_to?(:where) && @model_class.respond_to?(:joins)
-          @model_class.where(conditions).joins(joins)
+          mergeable_conditions = @rules.select {|rule| rule.unmergeable? }.blank?
+          if mergeable_conditions
+            @model_class.where(conditions).joins(joins)
+          else
+            @model_class.where(*(@rules.map(&:conditions))).joins(joins)
+          end
         else
           @model_class.scoped(:conditions => conditions, :joins => joins)
         end

lib/cancan/model_adapters/mongoid_adapter.rb

@@ -30,8 +30,9 @@ module CanCan
         else
           # we only need to process can rules if
           # there are no rules with empty conditions
-          rules = @rules.reject { |rule| rule.conditions.empty? }
+          rules = @rules.reject { |rule| rule.conditions.empty? && rule.base_behavior }
           process_can_rules = @rules.count == rules.count
+
           rules.inject(@model_class.all) do |records, rule|
             if process_can_rules && rule.base_behavior
               records.or rule.conditions

lib/cancan/rule.rb

@@ -54,6 +54,10 @@ module CanCan
       @conditions == {} || @conditions.nil?
     end
 
+    def unmergeable?
+      @conditions.respond_to?(:keys) && (! @conditions.keys.first.kind_of? Symbol)
+    end
+
     def associations_hash(conditions = @conditions)
       hash = {}
       conditions.map do |name, value|
@@ -111,7 +115,7 @@ module CanCan
                 else
                   !attribute.nil? && matches_conditions_hash?(attribute, value)
                 end
-              elsif value.kind_of?(Array) || value.kind_of?(Range)
+              elsif value.kind_of?(Enumerable)
                 value.include? attribute
               else
                 attribute == value
@@ -123,7 +127,7 @@ module CanCan
     end
 
     def nested_subject_matches_conditions?(subject_hash)
-      parent, child = subject_hash.shift
+      parent, child = subject_hash.first
       matches_conditions_hash?(parent, @conditions[parent.class.name.downcase.to_sym] || {})
     end
 
@@ -136,7 +140,7 @@ module CanCan
     end
 
     def model_adapter(subject)
-      ModelAdapters::AbstractAdapter.adapter_class(subject_class?(subject) ? subject : subject.class)
+      CanCan::ModelAdapters::AbstractAdapter.adapter_class(subject_class?(subject) ? subject : subject.class)
     end
   end
 end

spec/cancan/ability_spec.rb

@@ -249,7 +249,15 @@ describe CanCan::Ability do
     @ability.can?(:read, 1..5).should be_true
     @ability.can?(:read, 4..6).should be_false
   end
-  
+
+  it "should accept a set as a condition value" do
+    mock(object_with_foo_2 = Object.new).foo { 2 }
+    mock(object_with_foo_3 = Object.new).foo { 3 }
+    @ability.can :read, Object, :foo => [1, 2, 5].to_set
+    @ability.can?(:read, object_with_foo_2).should be_true
+    @ability.can?(:read, object_with_foo_3).should be_false
+  end
+
   it "should not match subjects return nil for methods that must match nested a nested conditions hash" do
     mock(object_with_foo = Object.new).foo { :bar }
     @ability.can :read, Array, :first => { :foo => :bar }
@@ -297,7 +305,15 @@ describe CanCan::Ability do
     @ability.can?(:read, "foobar" => Range).should be_false
     @ability.can?(:read, 123 => Range).should be_true
   end
-  
+
+  it "passing a hash of subjects with multiple definitions should check permissions correctly" do
+    @ability.can :read, Range, :string => {:length => 4}
+    @ability.can [:create, :read], Range, :string => {:upcase => 'FOO'}
+    @ability.can?(:read, "foo" => Range).should be_true
+    @ability.can?(:read, "foobar" => Range).should be_false
+    @ability.can?(:read, 1234 => Range).should be_true
+  end
+
   it "should allow to check ability on Hash-like object" do
     class Container < Hash; end
     @ability.can :read, Container
@@ -416,4 +432,17 @@ describe CanCan::Ability do
       @ability.unauthorized_message(:edit, 1..3).should == "edit range"
     end
   end
+
+  describe "#merge" do
+    it "should add the rules from the given ability" do
+      @ability.can :use, :tools
+      another_ability = Object.new
+      another_ability.extend(CanCan::Ability)
+      another_ability.can :use, :search
+
+      @ability.merge(another_ability)
+      @ability.can?(:use, :search).should be_true
+      @ability.send(:rules).size.should == 2
+    end
+  end
 end

spec/cancan/controller_additions_spec.rb

@@ -49,14 +49,14 @@ describe CanCan::ControllerAdditions do
 
   it "authorize_resource should setup a before filter which passes call to ControllerResource" do
     stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.authorize_resource
-    mock(@controller_class).before_filter(:except => :show) { |options, block| block.call(@controller) }
-    @controller_class.authorize_resource :foo => :bar, :except => :show
+    mock(@controller_class).before_filter(:except => :show, :if => true) { |options, block| block.call(@controller) }
+    @controller_class.authorize_resource :foo => :bar, :except => :show, :if => true
   end
 
   it "load_resource should setup a before filter which passes call to ControllerResource" do
     stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.load_resource
-    mock(@controller_class).before_filter(:only => [:show, :index]) { |options, block| block.call(@controller) }
-    @controller_class.load_resource :foo => :bar, :only => [:show, :index]
+    mock(@controller_class).before_filter(:only => [:show, :index], :unless => false) { |options, block| block.call(@controller) }
+    @controller_class.load_resource :foo => :bar, :only => [:show, :index], :unless => false
   end
 
   it "skip_authorization_check should set up a before filter which sets @_authorized to true" do

spec/cancan/controller_resource_spec.rb

@@ -47,6 +47,18 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_get(:@project).should == project
   end
 
+  # Rails includes namespace in params, see issue #349
+  it "should create through the namespaced params" do
+    module MyEngine
+      class Project < ::Project; end
+    end
+
+    @params.merge!(:controller => "MyEngine::ProjectsController", :action => "create", :my_engine_project => {:name => "foobar"})
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
   it "should properly load resource for namespaced controller when using '::' for namespace" do
     project = Project.create!
     @params.merge!(:controller => "Admin::ProjectsController", :action => "show", :id => project.id)
@@ -62,6 +74,14 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_get(:@project).name.should == "foobar"
   end
 
+  it "should build a new resource for namespaced model with hash if params[:id] is not specified" do
+    project = Sub::Project.create!
+    @params.merge!(:action => "create", 'sub_project' => {:name => "foobar"})
+    resource = CanCan::ControllerResource.new(@controller, :class => ::Sub::Project)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
   it "should build a new resource with attributes from current ability" do
     @params.merge!(:action => "new")
     @ability.can(:create, Project, :name => "from conditions")
@@ -195,6 +215,14 @@ describe CanCan::ControllerResource do
     resource.should_not be_parent
   end
 
+  it "should have the specified resource_class if 'name' is passed to load_resource" do
+    class Section
+    end
+
+    resource = CanCan::ControllerResource.new(@controller, :section)
+    resource.send(:resource_class).should == Section
+  end
+
   it "should load parent resource through proper id parameter" do
     project = Project.create!
     @params.merge!(:controller => "categories", :action => "index", :project_id => project.id)
@@ -324,6 +352,14 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_get(:@project).should == project
   end
 
+  it "should load the model using a custom namespaced class" do
+    project = Sub::Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :class => ::Sub::Project)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
   it "should authorize based on resource name if class is false" do
     @params.merge!(:action => "show", :id => 123)
     stub(@controller).authorize!(:show, :project) { raise CanCan::AccessDenied }
@@ -339,7 +375,7 @@ describe CanCan::ControllerResource do
     lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
     @controller.instance_variable_get(:@custom_project).should == project
   end
-  
+
   it "should load resource using custom ID param" do
     project = Project.create!
     @params.merge!(:action => "show", :the_project => project.id)
@@ -347,7 +383,7 @@ describe CanCan::ControllerResource do
     resource.load_resource
     @controller.instance_variable_get(:@project).should == project
   end
-  
+
   it "should load resource using custom find_by attribute" do
     project = Project.create!(:name => "foo")
     @params.merge!(:action => "show", :id => "foo")

spec/cancan/exceptions_spec.rb

@@ -32,23 +32,23 @@ describe CanCan::AccessDenied do
       @exception.message.should == "Access denied!"
     end
   end
-  
+
   describe "i18n in the default message" do
     after(:each) do
       I18n.backend = nil
     end
-    
+
     it "uses i18n for the default message" do
       I18n.backend.store_translations :en, :unauthorized => {:default => "This is a different message"}
       @exception = CanCan::AccessDenied.new
       @exception.message.should == "This is a different message"
     end
-    
+
     it "defaults to a nice message" do
       @exception = CanCan::AccessDenied.new
       @exception.message.should == "You are not authorized to access this page."
     end
-    
+
     it "does not use translation if a message is given" do
       @exception = CanCan::AccessDenied.new("Hey! You're not welcome here")
       @exception.message.should == "Hey! You're not welcome here"

spec/cancan/inherited_resource_spec.rb

@@ -39,4 +39,22 @@ describe CanCan::InheritedResource do
     CanCan::InheritedResource.new(@controller).load_resource
     @controller.instance_variable_get(:@projects).should == :projects
   end
+
+  it "should build a new resource with attributes from current ability" do
+    @params[:action] = "new"
+    @ability.can(:create, Project, :name => "from conditions")
+    stub(@controller).build_resource { Struct.new(:name).new }
+    resource = CanCan::InheritedResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "from conditions"
+  end
+
+  it "should override initial attributes with params" do
+    @params.merge!(:action => "new", :project => {:name => "from params"})
+    @ability.can(:create, Project, :name => "from conditions")
+    stub(@controller).build_resource { Struct.new(:name).new }
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "from params"
+  end
 end

spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -133,7 +133,7 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
       article1 = Article.create!(:secret => true, :category => category1)
       article2 = Article.create!(:secret => true, :category => category2)
       category1.articles.accessible_by(@ability).should == [article1]
-    end    
+    end
 
     it "should raise an exception when trying to merge scope with other conditions" do
       @ability.can :read, Article, :published => true
@@ -236,6 +236,16 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
       @ability.should_not be_able_to(:read, article2)
     end
 
+    it "should merge MetaWhere and non-MetaWhere conditions" do
+      @ability.can :read, Article, :priority.lt => 2
+      @ability.can :read, Article, :priority => 1
+      article1 = Article.create!(:priority => 1)
+      article2 = Article.create!(:priority => 3)
+      Article.accessible_by(@ability).should == [article1]
+      @ability.should be_able_to(:read, article1)
+      @ability.should_not be_able_to(:read, article2)
+    end
+
     it "should match any MetaWhere condition" do
       adapter = CanCan::ModelAdapters::ActiveRecordAdapter
       article1 = Article.new(:priority => 1, :name => "Hello World")

spec/cancan/model_adapters/mongoid_adapter_spec.rb

@@ -73,6 +73,17 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
         MongoidProject.accessible_by(@ability, :read).entries.should == [sir]
       end
 
+      it "should return the correct records when a mix of can and cannot rules in defined ability" do
+        @ability.can :manage, MongoidProject, :title => 'Sir'
+        @ability.cannot :destroy, MongoidProject
+
+        sir   = MongoidProject.create(:title => 'Sir')
+        lord  = MongoidProject.create(:title => 'Lord')
+        dude  = MongoidProject.create(:title => 'Dude')
+
+        MongoidProject.accessible_by(@ability, :destroy).entries.should == [sir]
+      end
+
       it "should be able to mix empty conditions and hashes" do
         @ability.can :read, MongoidProject
         @ability.can :read, MongoidProject, :title => 'Sir'
@@ -185,7 +196,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
         @ability.can :read, MongoidProject, :foo => {:bar => 1}
         MongoidProject.accessible_by(@ability, :read).entries.first.should == obj
       end
-      
+
       it "should exclude from the result if set to cannot" do
         obj = MongoidProject.create(:bar => 1)
         obj2 = MongoidProject.create(:bar => 2)
@@ -202,7 +213,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
         @ability.can :read, MongoidProject, :bar => 2
         MongoidProject.accessible_by(@ability, :read).entries.should =~ [obj, obj2]
       end
-      
+
       it "should not allow to fetch records when ability with just block present" do
         @ability.can :read, MongoidProject do
           false

spec/cancan/rule_spec.rb

@@ -1,4 +1,5 @@
 require "spec_helper"
+require "ostruct" # for OpenStruct below
 
 # Most of Rule functionality is tested in Ability specs
 describe CanCan::Rule do
@@ -36,4 +37,11 @@ describe CanCan::Rule do
     rule = CanCan::Rule.new(true, :read, Integer, nil, nil)
     rule.associations_hash.should == {}
   end
+
+  it "should not be mergeable if conditions are not simple hashes" do
+    meta_where = OpenStruct.new(:name => 'metawhere', :column => 'test')
+    @conditions[meta_where] = :bar
+
+    @rule.should be_unmergeable
+  end
 end

spec/spec_helper.rb

@@ -17,7 +17,7 @@ RSpec.configure do |config|
     Project.delete_all
     Category.delete_all
   end
-  config.extend WithModel
+  config.extend WithModel if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
 end
 
 class Ability
@@ -31,6 +31,21 @@ class Category < SuperModel::Base
   has_many :projects
 end
 
+module Sub
+  class Project < SuperModel::Base
+    belongs_to :category
+    attr_accessor :category # why doesn't SuperModel do this automatically?
+
+    def self.respond_to?(method, include_private = false)
+      if method.to_s == "find_by_name!" # hack to simulate ActiveRecord
+        true
+      else
+        super
+      end
+    end
+  end
+end
+
 class Project < SuperModel::Base
   belongs_to :category
   attr_accessor :category # why doesn't SuperModel do this automatically?