cancan 1.2.0 → 1.3.2

data/lib/cancan/controller_resource.rb

@@ -1,54 +1,129 @@
 module CanCan
-  # Used internally to load and authorize a given controller resource.
-  # This manages finding or building an instance of the resource. If a
-  # parent is given it will go through the association.
+  # Handle the load and authorization controller logic so we don't clutter up all controllers with non-interface methods.
+  # This class is used internally, so you do not need to call methods directly on it.
   class ControllerResource # :nodoc:
-    def initialize(controller, name, parent = nil, options = {})
-      raise ImplementationRemoved, "The :class option has been renamed to :resource for specifying the class in CanCan." if options.has_key? :class
+    def self.add_before_filter(controller_class, method, *args)
+      options = args.extract_options!
+      resource_name = args.first
+      controller_class.before_filter(options.slice(:only, :except)) do |controller|
+        ControllerResource.new(controller, resource_name, options.except(:only, :except)).send(method)
+      end
+    end
+
+    def initialize(controller, *args)
       @controller = controller
-      @name = name
-      @parent = parent
-      @options = options
-    end
-    
-    # Returns the class used for this resource. This can be overriden by the :resource option.
-    # Sometimes one will use a symbol as the resource if a class does not exist for it. In that
-    # case "find" and "build" should not be called on it.
-    def model_class
-      resource_class = @options[:resource]
-      if resource_class.nil?
-        @name.to_s.camelize.constantize
-      elsif resource_class.kind_of? String
-        resource_class.constantize
+      @params = controller.params
+      @options = args.extract_options!
+      @name = args.first
+      raise CanCan::ImplementationRemoved, "The :nested option is no longer supported, instead use :through with separate load/authorize call." if @options[:nested]
+      raise CanCan::ImplementationRemoved, "The :name option is no longer supported, instead pass the name as the first argument." if @options[:name]
+      raise CanCan::ImplementationRemoved, "The :resource option has been renamed back to :class, use false if no class." if @options[:resource]
+    end
+
+    def load_and_authorize_resource
+      load_resource
+      authorize_resource
+    end
+
+    def load_resource
+      if !resource_instance && (parent? || member_action?)
+        @controller.instance_variable_set("@#{instance_name}", load_resource_instance)
+      end
+    end
+
+    def authorize_resource
+      @controller.authorize!(authorization_action, resource_instance || resource_class)
+    end
+
+    def parent?
+      @options.has_key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym
+    end
+
+    private
+
+    def load_resource_instance
+      if !parent? && new_actions.include?(@params[:action].to_sym)
+        build_resource
+      elsif id_param || @options[:singleton]
+        find_resource
+      end
+    end
+
+    def build_resource
+      method_name = @options[:singleton] ? "build_#{name}" : "new"
+      resource_base.send(*[method_name, @params[name]].compact)
+    end
+
+    def find_resource
+      if @options[:singleton]
+        resource_base.send(name)
       else
-        resource_class # could be a symbol
+        @options[:find_by] ? resource_base.send("find_by_#{@options[:find_by]}!", id_param) : resource_base.find(id_param)
       end
     end
-    
-    def find(id)
-      self.model_instance ||= base.find(id)
+
+    def authorization_action
+      parent? ? :read : @params[:action].to_sym
     end
-    
-    # Build a new instance of this resource. If it is a class we just call "new" otherwise
-    # it's an associaiton and "build" is used.
-    def build(attributes)
-      self.model_instance ||= (base.kind_of?(Class) ? base.new(attributes) : base.build(attributes))
+
+    def id_param
+      @params[parent? ? :"#{name}_id" : :id]
     end
-    
-    def model_instance
-      @controller.instance_variable_get("@#{@name}")
+
+    def member_action?
+      !collection_actions.include? @params[:action].to_sym
     end
-    
-    def model_instance=(instance)
-      @controller.instance_variable_set("@#{@name}", instance)
+
+    # Returns the class used for this resource. This can be overriden by the :class option.
+    # If +false+ is passed in it will use the resource name as a symbol in which case it should
+    # only be used for authorization, not loading since there's no class to load through.
+    def resource_class
+      case @options[:class]
+      when false  then name.to_sym
+      when nil    then name.to_s.camelize.constantize
+      when String then @options[:class].constantize
+      else @options[:class]
+      end
     end
-    
-    private
-    
+
+    def resource_instance
+      @controller.instance_variable_get("@#{instance_name}")
+    end
+
     # The object that methods (such as "find", "new" or "build") are called on.
-    # If there is a parent it will be the association, otherwise it will be the model's class.
-    def base
-      @parent ? @parent.model_instance.send(@name.to_s.pluralize) : model_class
+    # If the :through option is passed it will go through an association on that instance.
+    # If the :singleton option is passed it won't use the association because it needs to be handled later.
+    def resource_base
+      if through_resource
+        @options[:singleton] ? through_resource : through_resource.send(name.to_s.pluralize)
+      else
+        resource_class
+      end
+    end
+
+    # The object to load this resource through.
+    def through_resource
+      @options[:through] && [@options[:through]].flatten.map { |i| @controller.instance_variable_get("@#{i}") }.compact.first
+    end
+
+    def name
+      @name || name_from_controller
+    end
+
+    def name_from_controller
+      @params[:controller].sub("Controller", "").underscore.split('/').last.singularize
+    end
+
+    def instance_name
+      @options[:instance_name] || name
+    end
+
+    def collection_actions
+      [:index] + [@options[:collection]].flatten
+    end
+
+    def new_actions
+      [:new, :create] + [@options[:new]].flatten
     end
   end
 end

data/lib/cancan/query.rb

@@ -0,0 +1,97 @@
+module CanCan
+
+  # Generates the sql conditions and association joins for use in ActiveRecord queries.
+  # Normally you will not use this class directly, but instead through ActiveRecordAdditions#accessible_by.
+  class Query
+    def initialize(sanitizer, can_definitions)
+      @sanitizer = sanitizer
+      @can_definitions = can_definitions
+    end
+
+    # Returns conditions intended to be used inside a database query. Normally you will not call this
+    # method directly, but instead go through ActiveRecordAdditions#accessible_by.
+    #
+    # If there is only one "can" definition, a hash of conditions will be returned matching the one defined.
+    #
+    #   can :manage, User, :id => 1
+    #   query(:manage, User).conditions # => { :id => 1 }
+    #
+    # If there are multiple "can" definitions, a SQL string will be returned to handle complex cases.
+    #
+    #   can :manage, User, :id => 1
+    #   can :manage, User, :manager_id => 1
+    #   cannot :manage, User, :self_managed => true
+    #   query(:manage, User).conditions # => "not (self_managed = 't') AND ((manager_id = 1) OR (id = 1))"
+    #
+    def conditions
+      if @can_definitions.size == 1 && @can_definitions.first.base_behavior
+        # Return the conditions directly if there's just one definition
+        @can_definitions.first.tableized_conditions
+      else
+        @can_definitions.reverse.inject(false_sql) do |sql, can_definition|
+          merge_conditions(sql, can_definition.tableized_conditions, can_definition.base_behavior)
+        end
+      end
+    end
+
+    # Returns the associations used in conditions for the :joins option of a search.
+    # See ActiveRecordAdditions#accessible_by for use in Active Record.
+    def joins
+      joins_hash = {}
+      @can_definitions.each do |can_definition|
+        merge_joins(joins_hash, can_definition.associations_hash)
+      end
+      clean_joins(joins_hash) unless joins_hash.empty?
+    end
+
+    private
+
+    def merge_conditions(sql, conditions_hash, behavior)
+      if conditions_hash.blank?
+        behavior ? true_sql : false_sql
+      else
+        conditions = sanitize_sql(conditions_hash)
+        case sql
+        when true_sql
+          behavior ? true_sql : "not (#{conditions})"
+        when false_sql
+          behavior ? conditions : false_sql
+        else
+          behavior ? "(#{conditions}) OR (#{sql})" : "not (#{conditions}) AND (#{sql})"
+        end
+      end
+    end
+
+    def false_sql
+      sanitize_sql(['?=?', true, false])
+    end
+
+    def true_sql
+      sanitize_sql(['?=?', true, true])
+    end
+
+    def sanitize_sql(conditions)
+      @sanitizer.send(:sanitize_sql, conditions)
+    end
+
+    # Takes two hashes and does a deep merge.
+    def merge_joins(base, add)
+      add.each do |name, nested|
+        if base[name].is_a?(Hash) && !nested.empty?
+          merge_joins(base[name], nested)
+        else
+          base[name] = nested
+        end
+      end
+    end
+
+    # Removes empty hashes and moves everything into arrays.
+    def clean_joins(joins_hash)
+      joins = []
+      joins_hash.each do |name, nested|
+        joins << (nested.empty? ? name : {name => clean_joins(nested)})
+      end
+      joins
+    end
+  end
+end

data/spec/cancan/ability_spec.rb

@@ -16,50 +16,81 @@ describe CanCan::Ability do
     @ability.can?(:foodfight, String).should be_false
   end
 
-  it "should return what block returns on a can call" do
+  it "should pass true to `can?` when non false/nil is returned in block" do
     @ability.can :read, :all
     @ability.can :read, Symbol do |sym|
-      sym
+      "foo" # TODO test that sym is nil when no instance is passed
     end
-    @ability.can?(:read, Symbol).should be_nil
-    @ability.can?(:read, :some_symbol).should == :some_symbol
+    @ability.can?(:read, :some_symbol).should == true
+  end
+
+  it "should pass to previous can definition, if block returns false or nil" do
+    @ability.can :read, Symbol
+    @ability.can :read, Integer do |i|
+      i < 5
+    end
+    @ability.can :read, Integer do |i|
+      i > 10
+    end
+    @ability.can?(:read, Symbol).should be_true
+    @ability.can?(:read, 11).should be_true
+    @ability.can?(:read, 1).should be_true
+    @ability.can?(:read, 6).should be_false
   end
 
   it "should pass class with object if :all objects are accepted" do
     @ability.can :preview, :all do |object_class, object|
-      [object_class, object]
+      object_class.should == Fixnum
+      object.should == 123
+      @block_called = true
     end
-    @ability.can?(:preview, 123).should == [Fixnum, 123]
+    @ability.can?(:preview, 123)
+    @block_called.should be_true
   end
 
   it "should pass class with no object if :all objects are accepted and class is passed directly" do
     @ability.can :preview, :all do |object_class, object|
-      [object_class, object]
+      object_class.should == Hash
+      object.should be_nil
+      @block_called = true
     end
-    @ability.can?(:preview, Hash).should == [Hash, nil]
+    @ability.can?(:preview, Hash)
+    @block_called.should be_true
   end
 
   it "should pass action and object for global manage actions" do
     @ability.can :manage, Array do |action, object|
-      [action, object]
+      action.should == :stuff
+      object.should == [1, 2]
+      @block_called = true
     end
-    @ability.can?(:stuff, [1, 2]).should == [:stuff, [1, 2]]
-    @ability.can?(:stuff, Array).should == [:stuff, nil]
+    @ability.can?(:stuff, [1, 2]).should
+    @block_called.should be_true
   end
 
   it "should alias update or destroy actions to modify action" do
     @ability.alias_action :update, :destroy, :to => :modify
-    @ability.can(:modify, :all) { :modify_called }
-    @ability.can?(:update, 123).should == :modify_called
-    @ability.can?(:destroy, 123).should == :modify_called
+    @ability.can :modify, :all
+    @ability.can?(:update, 123).should be_true
+    @ability.can?(:destroy, 123).should be_true
+  end
+
+  it "should allow deeply nested aliased actions" do
+    @ability.alias_action :increment, :to => :sort
+    @ability.alias_action :sort, :to => :modify
+    @ability.can :modify, :all
+    @ability.can?(:increment, 123).should be_true
   end
 
   it "should return block result for action, object_class, and object for any action" do
     @ability.can :manage, :all do |action, object_class, object|
-      [action, object_class, object]
+      action.should == :foo
+      object_class.should == Fixnum
+      object.should == 123
+      @block_called = true
     end
-    @ability.can?(:foo, 123).should == [:foo, Fixnum, 123]
-    @ability.can?(:bar, Fixnum).should == [:bar, Fixnum, nil]
+    @ability.can?(:foo, 123)
+    @block_called.should be_true
   end
 
   it "should automatically alias index and show into read calls" do
@@ -69,10 +100,10 @@ describe CanCan::Ability do
   end
 
   it "should automatically alias new and edit into create and update respectively" do
-    @ability.can(:create, :all) { :create_called }
-    @ability.can(:update, :all) { :update_called }
-    @ability.can?(:new, 123).should == :create_called
-    @ability.can?(:edit, 123).should == :update_called
+    @ability.can :create, :all
+    @ability.can :update, :all
+    @ability.can?(:new, 123).should be_true
+    @ability.can?(:edit, 123).should be_true
   end
 
   it "should not respond to prepare (now using initialize)" do
@@ -104,6 +135,13 @@ describe CanCan::Ability do
     @ability.can?(:read, :nonstats).should be_false
   end
 
+  it "should check ancestors of class" do
+    @ability.can :read, Numeric
+    @ability.can?(:read, Integer).should be_true
+    @ability.can?(:read, 1.23).should be_true
+    @ability.can?(:read, "foo").should be_false
+  end
+
   it "should support 'cannot' method to define what user cannot do" do
     @ability.can :read, :all
     @ability.cannot :read, Integer
@@ -121,6 +159,40 @@ describe CanCan::Ability do
     @ability.can?(:read, 123).should be_false
   end
 
+  it "should pass to previous can definition, if block returns false or nil" do
+    #same as previous
+    @ability.can :read, :all
+    @ability.cannot :read, Integer do |int|
+      int > 10 ? nil : ( int > 5 )
+    end
+    @ability.can?(:read, "foo").should be_true
+    @ability.can?(:read, 3).should be_true
+    @ability.can?(:read, 8).should be_false
+    @ability.can?(:read, 123).should be_true
+
+  end
+
+  it "should always return `false` for single cannot definition" do
+    @ability.cannot :read, Integer do |int|
+      int > 10 ? nil : ( int > 5 )
+    end
+    @ability.can?(:read, "foo").should be_false
+    @ability.can?(:read, 3).should be_false
+    @ability.can?(:read, 8).should be_false
+    @ability.can?(:read, 123).should be_false
+  end
+
+  it "should pass to previous cannot definition, if block returns false or nil" do
+    @ability.cannot :read, :all
+    @ability.can :read, Integer do |int|
+      int > 10 ? nil : ( int > 5 )
+    end
+    @ability.can?(:read, "foo").should be_false
+    @ability.can?(:read, 3).should be_false
+    @ability.can?(:read, 10).should be_true
+    @ability.can?(:read, 123).should be_false
+  end
+
   it "should append aliased actions" do
     @ability.alias_action :update, :to => :modify
     @ability.alias_action :destroy, :to => :modify
@@ -174,30 +246,9 @@ describe CanCan::Ability do
     @ability.can?(:read, [[4, 5, 6]]).should be_false
   end
 
-  it "should return conditions for a given ability" do
-    @ability.can :read, Array, :first => 1, :last => 3
-    @ability.conditions(:show, Array).should == {:first => 1, :last => 3}
-  end
-
-  it "should raise an exception when a block is used on condition" do
-    @ability.can :read, Array do |a|
-      true
-    end
-    lambda { @ability.conditions(:show, Array) }.should raise_error(CanCan::Error, "Cannot determine ability conditions from block for :show Array")
-  end
-
-  it "should return an empty hash for conditions when there are no conditions" do
-    @ability.can :read, Array
-    @ability.conditions(:show, Array).should == {}
-  end
-
-  it "should return false when performed on an action which isn't defined" do
-    @ability.conditions(:foo, Array).should == false
-  end
-
   it "should has eated cheezburger" do
     lambda {
       @ability.can? :has, :cheezburger
-    }.should raise_exception(CanCan::Error, "Nom nom nom. I eated it.")
+    }.should raise_error(CanCan::Error, "Nom nom nom. I eated it.")
   end
 end