cancan 1.3.4 → 1.4.0.beta1

data/lib/cancan/exceptions.rb

@@ -5,6 +5,9 @@ module CanCan
   # Raised when removed code is called, an alternative solution is provided in message.
   class ImplementationRemoved < Error; end
 
+  # Raised when using check_authorization without calling authorized!
+  class AuthorizationNotPerformed < Error; end
+
   # This error is raised when a user isn't allowed to access a given controller action.
   # This usually happens within a call to ControllerAdditions#authorize! but can be
   # raised manually.
@@ -24,7 +27,8 @@ module CanCan
   #   exception.default_message = "Default error message"
   #   exception.message # => "Default error message"
   #
-  # See ControllerAdditions#authorized! for more information on rescuing from this exception.
+  # See ControllerAdditions#authorized! for more information on rescuing from this exception
+  # and customizing the message using I18n.
   class AccessDenied < Error
     attr_reader :action, :subject
     attr_writer :default_message

data/spec/cancan/ability_spec.rb

@@ -38,9 +38,8 @@ describe CanCan::Ability do
     @ability.can?(:read, 6).should be_false
   end
 
-  it "should pass class with object if :all objects are accepted" do
-    @ability.can :preview, :all do |object_class, object|
-      object_class.should == Fixnum
+  it "should not pass class with object if :all objects are accepted" do
+    @ability.can :preview, :all do |object|
       object.should == 123
       @block_called = true
     end
@@ -48,23 +47,21 @@ describe CanCan::Ability do
     @block_called.should be_true
   end
 
-  it "should pass class with no object if :all objects are accepted and class is passed directly" do
-    @ability.can :preview, :all do |object_class, object|
-      object_class.should == Hash
-      object.should be_nil
+  it "should not call block when only class is passed, only return true" do
+    @block_called = false
+    @ability.can :preview, :all do |object|
       @block_called = true
     end
-    @ability.can?(:preview, Hash)
-    @block_called.should be_true
+    @ability.can?(:preview, Hash).should be_true
+    @block_called.should be_false
   end
 
-  it "should pass action and object for global manage actions" do
-    @ability.can :manage, Array do |action, object|
-      action.should == :stuff
-      object.should == [1, 2]
+  it "should pass only object for global manage actions" do
+    @ability.can :manage, String do |object|
+      object.should == "foo"
       @block_called = true
     end
-    @ability.can?(:stuff, [1, 2]).should
+    @ability.can?(:stuff, "foo").should
     @block_called.should be_true
   end
 
@@ -82,10 +79,10 @@ describe CanCan::Ability do
     @ability.can?(:increment, 123).should be_true
   end
 
-  it "should return block result for action, object_class, and object for any action" do
-    @ability.can :manage, :all do |action, object_class, object|
+  it "should always call block with arguments when passing no arguments to can" do
+    @ability.can do |action, object_class, object|
       action.should == :foo
-      object_class.should == Fixnum
+      object_class.should == 123.class
       object.should == 123
       @block_called = true
     end
@@ -93,6 +90,17 @@ describe CanCan::Ability do
     @block_called.should be_true
   end
 
+  it "should pass nil to object when comparing class with can check" do
+    @ability.can do |action, object_class, object|
+      action.should == :foo
+      object_class.should == Hash
+      object.should be_nil
+      @block_called = true
+    end
+    @ability.can?(:foo, Hash)
+    @block_called.should be_true
+  end
+
   it "should automatically alias index and show into read calls" do
     @ability.can :read, :all
     @ability.can?(:index, 123).should be_true
@@ -122,9 +130,9 @@ describe CanCan::Ability do
   end
 
   it "should be able to specify multiple classes and match any" do
-    @ability.can :update, [String, Array]
+    @ability.can :update, [String, Range]
     @ability.can?(:update, "foo").should be_true
-    @ability.can?(:update, []).should be_true
+    @ability.can?(:update, 1..3).should be_true
     @ability.can?(:update, 123).should be_false
   end
 
@@ -149,18 +157,7 @@ describe CanCan::Ability do
     @ability.can?(:read, 123).should be_false
   end
 
-  it "should support block on 'cannot' method" do
-    @ability.can :read, :all
-    @ability.cannot :read, Integer do |int|
-      int > 5
-    end
-    @ability.can?(:read, "foo").should be_true
-    @ability.can?(:read, 3).should be_true
-    @ability.can?(:read, 123).should be_false
-  end
-
   it "should pass to previous can definition, if block returns false or nil" do
-    #same as previous
     @ability.can :read, :all
     @ability.cannot :read, Integer do |int|
       int > 10 ? nil : ( int > 5 )
@@ -169,7 +166,6 @@ describe CanCan::Ability do
     @ability.can?(:read, 3).should be_true
     @ability.can?(:read, 8).should be_false
     @ability.can?(:read, 123).should be_true
-
   end
 
   it "should always return `false` for single cannot definition" do
@@ -214,49 +210,122 @@ describe CanCan::Ability do
   end
 
   it "should use conditions as third parameter and determine abilities from it" do
-    @ability.can :read, Array, :first => 1, :last => 3
-    @ability.can?(:read, [1, 2, 3]).should be_true
-    @ability.can?(:read, [1, 2, 3, 4]).should be_false
-    @ability.can?(:read, Array).should be_true
+    @ability.can :read, Range, :begin => 1, :end => 3
+    @ability.can?(:read, 1..3).should be_true
+    @ability.can?(:read, 1..4).should be_false
+    @ability.can?(:read, Range).should be_true
   end
 
   it "should allow an array of options in conditions hash" do
-    @ability.can :read, Array, :first => [1, 3, 5]
-    @ability.can?(:read, [1, 2, 3]).should be_true
-    @ability.can?(:read, [2, 3]).should be_false
-    @ability.can?(:read, [3, 4]).should be_true
+    @ability.can :read, Range, :begin => [1, 3, 5]
+    @ability.can?(:read, 1..3).should be_true
+    @ability.can?(:read, 2..4).should be_false
+    @ability.can?(:read, 3..5).should be_true
   end
 
   it "should allow a range of options in conditions hash" do
-    @ability.can :read, Array, :first => 1..3
-    @ability.can?(:read, [1, 2, 3]).should be_true
-    @ability.can?(:read, [3, 4]).should be_true
-    @ability.can?(:read, [4, 5]).should be_false
+    @ability.can :read, Range, :begin => 1..3
+    @ability.can?(:read, 1..10).should be_true
+    @ability.can?(:read, 3..30).should be_true
+    @ability.can?(:read, 4..40).should be_false
   end
 
   it "should allow nested hashes in conditions hash" do
-    @ability.can :read, Array, :first => { :length => 5 }
-    @ability.can?(:read, ["foo", "bar"]).should be_false
-    @ability.can?(:read, ["test1", "foo"]).should be_true
+    @ability.can :read, Range, :begin => { :to_i => 5 }
+    @ability.can?(:read, 5..7).should be_true
+    @ability.can?(:read, 6..8).should be_false
   end
 
-  it "should allow nested hash of arrays and match any element" do
-    @ability.can :read, Array, :first => { :to_i => 3 }
-    @ability.can?(:read, [[1, 2, 3]]).should be_true
-    @ability.can?(:read, [[4, 5, 6]]).should be_false
+  it "should match any element passed in to nesting if it's an array (for has_many associations)" do
+    @ability.can :read, Range, :to_a => { :to_i => 3 }
+    @ability.can?(:read, 1..5).should be_true
+    @ability.can?(:read, 4..6).should be_false
   end
 
   it "should not stop at cannot definition when comparing class" do
-    @ability.can :read, Array
-    @ability.cannot :read, Array, :first => 1
-    @ability.can?(:read, [2, 3, 5]).should be_true
-    @ability.can?(:read, [1, 3, 5]).should be_false
-    @ability.can?(:read, Array).should be_true
+    @ability.can :read, Range
+    @ability.cannot :read, Range, :begin => 1
+    @ability.can?(:read, 2..5).should be_true
+    @ability.can?(:read, 1..5).should be_false
+    @ability.can?(:read, Range).should be_true
+  end
+
+  it "passing a hash of subjects should check permissions through association" do
+    @ability.can :read, Range, :string => {:length => 3}
+    @ability.can?(:read, "foo" => Range).should be_true
+    @ability.can?(:read, "foobar" => Range).should be_false
+    @ability.can?(:read, 123 => Range).should be_true
+  end
+
+  it "should have initial attributes based on hash conditions of 'new' action" do
+    @ability.can :manage, Range, :foo => "foo", :hash => {:skip => "hashes"}
+    @ability.can :create, Range, :bar => 123, :array => %w[skip arrays]
+    @ability.can :new, Range, :baz => "baz", :range => 1..3
+    @ability.cannot :new, Range, :ignore => "me"
+    @ability.attributes_for(:new, Range).should == {:foo => "foo", :bar => 123, :baz => "baz"}
+  end
+
+  it "should raise access denied exception if ability us unauthorized to perform a certain action" do
+    begin
+      @ability.authorize! :read, :foo, 1, 2, 3, :message => "Access denied!"
+    rescue CanCan::AccessDenied => e
+      e.message.should == "Access denied!"
+      e.action.should == :read
+      e.subject.should == :foo
+    else
+      fail "Expected CanCan::AccessDenied exception to be raised"
+    end
+  end
+
+  it "should not raise access denied exception if ability is authorized to perform an action" do
+    @ability.can :read, :foo
+    lambda { @ability.authorize!(:read, :foo) }.should_not raise_error
   end
 
-  it "should has eated cheezburger" do
-    lambda {
-      @ability.can? :has, :cheezburger
-    }.should raise_error(CanCan::Error, "Nom nom nom. I eated it.")
+  it "should raise access denied exception with default message if not specified" do
+    begin
+      @ability.authorize! :read, :foo
+    rescue CanCan::AccessDenied => e
+      e.default_message = "Access denied!"
+      e.message.should == "Access denied!"
+    else
+      fail "Expected CanCan::AccessDenied exception to be raised"
+    end
+  end
+
+  describe "unauthorized message" do
+    after(:each) do
+      I18n.backend = nil
+    end
+
+    it "should use action/subject in i18n" do
+      I18n.backend.store_translations :en, :unauthorized => {:update => {:array => "foo"}}
+      @ability.unauthorized_message(:update, Array).should == "foo"
+      @ability.unauthorized_message(:update, [1, 2, 3]).should == "foo"
+      @ability.unauthorized_message(:update, :missing).should be_nil
+    end
+
+    it "should use symbol as subject directly" do
+      I18n.backend.store_translations :en, :unauthorized => {:has => {:cheezburger => "Nom nom nom. I eated it."}}
+      @ability.unauthorized_message(:has, :cheezburger).should == "Nom nom nom. I eated it."
+    end
+
+    it "should fall back to 'manage' and 'all'" do
+      I18n.backend.store_translations :en, :unauthorized => {
+        :manage => {:all => "manage all", :array => "manage array"},
+        :update => {:all => "update all", :array => "update array"}
+      }
+      @ability.unauthorized_message(:update, Array).should == "update array"
+      @ability.unauthorized_message(:update, Hash).should == "update all"
+      @ability.unauthorized_message(:foo, Array).should == "manage array"
+      @ability.unauthorized_message(:foo, Hash).should == "manage all"
+    end
+
+    it "should follow aliased actions" do
+      I18n.backend.store_translations :en, :unauthorized => {:modify => {:array => "modify array"}}
+      @ability.alias_action :update, :to => :modify
+      @ability.unauthorized_message(:update, Array).should == "modify array"
+      @ability.unauthorized_message(:edit, Array).should == "modify array"
+    end
   end
 end

data/spec/cancan/active_record_additions_spec.rb

@@ -2,7 +2,7 @@ require "spec_helper"
 
 describe CanCan::ActiveRecordAdditions do
   before(:each) do
-    @model_class = Class.new(Person)
+    @model_class = Class.new(Project)
     stub(@model_class).scoped { :scoped_stub }
     @model_class.send(:include, CanCan::ActiveRecordAdditions)
     @ability = Object.new

data/spec/cancan/can_definition_spec.rb

@@ -1,5 +1,6 @@
 require "spec_helper"
 
+# Most of CanDefinition functionality is tested in Ability specs
 describe CanCan::CanDefinition do
   before(:each) do
     @conditions = {}

data/spec/cancan/controller_additions_spec.rb

@@ -14,32 +14,10 @@ describe CanCan::ControllerAdditions do
     lambda { @controller.unauthorized! }.should raise_error(CanCan::ImplementationRemoved)
   end
 
-  it "should raise access denied exception if ability us unauthorized to perform a certain action" do
-    begin
-      @controller.authorize! :read, :foo, 1, 2, 3, :message => "Access denied!"
-    rescue CanCan::AccessDenied => e
-      e.message.should == "Access denied!"
-      e.action.should == :read
-      e.subject.should == :foo
-    else
-      fail "Expected CanCan::AccessDenied exception to be raised"
-    end
-  end
-
-  it "should not raise access denied exception if ability is authorized to perform an action" do
-    @controller.current_ability.can :read, :foo
-    lambda { @controller.authorize!(:read, :foo) }.should_not raise_error
-  end
-
-  it "should raise access denied exception with default message if not specified" do
-    begin
-      @controller.authorize! :read, :foo
-    rescue CanCan::AccessDenied => e
-      e.default_message = "Access denied!"
-      e.message.should == "Access denied!"
-    else
-      fail "Expected CanCan::AccessDenied exception to be raised"
-    end
+  it "authorize! should assign @_authorized instance variable and pass args to current ability" do
+    mock(@controller.current_ability).authorize!(:foo, :bar)
+    @controller.authorize!(:foo, :bar)
+    @controller.instance_variable_get(:@_authorized).should be_true
   end
 
   it "should have a current_ability method which generates an ability for the current user" do
@@ -75,4 +53,25 @@ describe CanCan::ControllerAdditions do
     mock(@controller_class).before_filter(:only => [:show, :index]) { |options, block| block.call(@controller) }
     @controller_class.load_resource :foo => :bar, :only => [:show, :index]
   end
+
+  it "skip_authorization should set up a before filter which sets @_authorized to true" do
+    mock(@controller_class).before_filter(:filter_options) { |options, block| block.call(@controller) }
+    @controller_class.skip_authorization(:filter_options)
+    @controller.instance_variable_get(:@_authorized).should be_true
+  end
+
+  it "check_authorization should trigger AuthorizationNotPerformed in after filter" do
+    mock(@controller_class).after_filter(:some_options) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:some_options)
+    }.should raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
+  it "check_authorization should not raise error when @_authorized is set" do
+    @controller.instance_variable_set(:@_authorized, true)
+    mock(@controller_class).after_filter(:some_options) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:some_options)
+    }.should_not raise_error(CanCan::AuthorizationNotPerformed)
+  end
 end

data/spec/cancan/controller_resource_spec.rb

@@ -2,77 +2,85 @@ require "spec_helper"
 
 describe CanCan::ControllerResource do
   before(:each) do
-    @params = HashWithIndifferentAccess.new(:controller => "abilities")
+    @params = HashWithIndifferentAccess.new(:controller => "projects")
     @controller = Object.new # simple stub for now
     stub(@controller).params { @params }
+    stub(@controller).current_ability.stub!.attributes_for { {} }
   end
 
   it "should load the resource into an instance variable if params[:id] is specified" do
     @params.merge!(:action => "show", :id => 123)
-    stub(Ability).find(123) { :some_resource }
+    stub(Project).find(123) { :some_project }
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should not load resource into an instance variable if already set" do
     @params.merge!(:action => "show", :id => 123)
-    @controller.instance_variable_set(:@ability, :some_ability)
+    @controller.instance_variable_set(:@project, :some_project)
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_ability
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should properly load resource for namespaced controller" do
-    @params.merge!(:controller => "admin/abilities", :action => "show", :id => 123)
-    stub(Ability).find(123) { :some_resource }
+    @params.merge!(:controller => "admin/projects", :action => "show", :id => 123)
+    stub(Project).find(123) { :some_project }
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should properly load resource for namespaced controller when using '::' for namespace" do
-    @params.merge!(:controller => "Admin::AbilitiesController", :action => "show", :id => 123)
-    stub(Ability).find(123) { :some_resource }
+    @params.merge!(:controller => "Admin::ProjectsController", :action => "show", :id => 123)
+    stub(Project).find(123) { :some_project }
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should build a new resource with hash if params[:id] is not specified" do
-    @params.merge!(:action => "create", :ability => {:foo => "bar"})
-    stub(Ability).new("foo" => "bar") { :some_resource }
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).name.should == "foobar"
   end
 
-  it "should build a new resource with no arguments if attribute hash isn't specified" do
-    @params[:action] = "new"
-    mock(Ability).new { :some_resource }
+  it "should build a new resource with attributes from current ability" do
+    @params.merge!(:action => "new")
+    stub(@controller).current_ability.stub!.attributes_for(:new, Project) { {:name => "from conditions"} }
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).name.should == "from conditions"
+  end
+
+  it "should override initial attributes with params" do
+    @params.merge!(:action => "new", :project => {:name => "from params"})
+    stub(@controller).current_ability.stub!.attributes_for(:new, Project) { {:name => "foobar"} }
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "from params"
   end
 
   it "should not build a resource when on index action" do
     @params[:action] = "index"
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should be_nil
+    @controller.instance_variable_get(:@project).should be_nil
   end
 
   it "should perform authorization using controller action and loaded model" do
     @params[:action] = "show"
-    @controller.instance_variable_set(:@ability, :some_resource)
-    stub(@controller).authorize!(:show, :some_resource) { raise CanCan::AccessDenied }
+    @controller.instance_variable_set(:@project, :some_project)
+    stub(@controller).authorize!(:show, :some_project) { raise CanCan::AccessDenied }
     resource = CanCan::ControllerResource.new(@controller)
     lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
   end
 
   it "should perform authorization using controller action and non loaded model" do
     @params[:action] = "show"
-    stub(@controller).authorize!(:show, Ability) { raise CanCan::AccessDenied }
+    stub(@controller).authorize!(:show, Project) { raise CanCan::AccessDenied }
     resource = CanCan::ControllerResource.new(@controller)
     lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
   end
@@ -89,146 +97,147 @@ describe CanCan::ControllerResource do
     @params[:action] = "sort"
     resource = CanCan::ControllerResource.new(@controller, :collection => [:sort, :list])
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should be_nil
+    @controller.instance_variable_get(:@project).should be_nil
   end
 
   it "should build a resource when on custom new action even when params[:id] exists" do
     @params.merge!(:action => "build", :id => 123)
-    stub(Ability).new { :some_resource }
+    stub(Project).new { :some_project }
     resource = CanCan::ControllerResource.new(@controller, :new => :build)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should not try to load resource for other action if params[:id] is undefined" do
     @params[:action] = "list"
     resource = CanCan::ControllerResource.new(@controller)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should be_nil
+    @controller.instance_variable_get(:@project).should be_nil
   end
 
   it "should be a parent resource when name is provided which doesn't match controller" do
-    resource = CanCan::ControllerResource.new(@controller, :person)
+    resource = CanCan::ControllerResource.new(@controller, :category)
     resource.should be_parent
   end
 
   it "should not be a parent resource when name is provided which matches controller" do
-    resource = CanCan::ControllerResource.new(@controller, :ability)
+    resource = CanCan::ControllerResource.new(@controller, :project)
     resource.should_not be_parent
   end
 
   it "should be parent if specified in options" do
-    resource = CanCan::ControllerResource.new(@controller, :ability, {:parent => true})
+    resource = CanCan::ControllerResource.new(@controller, :project, {:parent => true})
     resource.should be_parent
   end
 
   it "should not be parent if specified in options" do
-    resource = CanCan::ControllerResource.new(@controller, :person, {:parent => false})
+    resource = CanCan::ControllerResource.new(@controller, :category, {:parent => false})
     resource.should_not be_parent
   end
 
-  it "should load parent resource through proper id parameter when supplying a resource with a different name" do
-    @params.merge!(:action => "index", :person_id => 123)
-    stub(Person).find(123) { :some_person }
-    resource = CanCan::ControllerResource.new(@controller, :person)
-    resource.load_resource
-    @controller.instance_variable_get(:@person).should == :some_person
-  end
-
-  it "should load parent resource for collection action" do
-    @params.merge!(:action => "index", :person_id => 456)
-    stub(Person).find(456) { :some_person }
-    resource = CanCan::ControllerResource.new(@controller, :person)
+  it "should load parent resource through proper id parameter" do
+    @params.merge!(:action => "index", :project_id => 123)
+    stub(Project).find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
     resource.load_resource
-    @controller.instance_variable_get(:@person).should == :some_person
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should load resource through the association of another parent resource" do
     @params.merge!(:action => "show", :id => 123)
-    person = Object.new
-    @controller.instance_variable_set(:@person, person)
-    stub(person).abilities.stub!.find(123) { :some_ability }
-    resource = CanCan::ControllerResource.new(@controller, :through => :person)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).projects.stub!.find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_ability
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should not load through parent resource if instance isn't loaded" do
     @params.merge!(:action => "show", :id => 123)
-    stub(Ability).find(123) { :some_ability }
-    resource = CanCan::ControllerResource.new(@controller, :through => :person)
+    stub(Project).find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_ability
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should authorize nested resource through parent association on index action" do
+    @params.merge!(:action => "index")
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(@controller).authorize!(:index, category => Project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
   end
 
   it "should load through first matching if multiple are given" do
     @params.merge!(:action => "show", :id => 123)
-    person = Object.new
-    @controller.instance_variable_set(:@person, person)
-    stub(person).abilities.stub!.find(123) { :some_ability }
-    resource = CanCan::ControllerResource.new(@controller, :through => [:thing, :person])
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).projects.stub!.find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => [:category, :user])
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_ability
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should find record through has_one association with :singleton option" do
     @params.merge!(:action => "show")
-    person = Object.new
-    @controller.instance_variable_set(:@person, person)
-    stub(person).ability { :some_ability }
-    resource = CanCan::ControllerResource.new(@controller, :through => :person, :singleton => true)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).project { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_ability
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should build record through has_one association with :singleton option" do
-    @params.merge!(:action => "create", :ability => :ability_attributes)
-    person = Object.new
-    @controller.instance_variable_set(:@person, person)
-    stub(person).build_ability(:ability_attributes) { :new_ability }
-    resource = CanCan::ControllerResource.new(@controller, :through => :person, :singleton => true)
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).build_project { Project.new }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :new_ability
+    @controller.instance_variable_get(:@project).name.should == "foobar"
   end
 
   it "should only authorize :read action on parent resource" do
-    @params.merge!(:action => "new", :person_id => 123)
-    stub(Person).find(123) { :some_person }
-    stub(@controller).authorize!(:read, :some_person) { raise CanCan::AccessDenied }
-    resource = CanCan::ControllerResource.new(@controller, :person)
+    @params.merge!(:action => "new", :project_id => 123)
+    stub(Project).find(123) { :some_project }
+    stub(@controller).authorize!(:read, :some_project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
     lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
   end
 
   it "should load the model using a custom class" do
     @params.merge!(:action => "show", :id => 123)
-    stub(Person).find(123) { :some_resource }
-    resource = CanCan::ControllerResource.new(@controller, :class => Person)
+    stub(Project).find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :class => Project)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should authorize based on resource name if class is false" do
     @params.merge!(:action => "show", :id => 123)
-    stub(@controller).authorize!(:show, :ability) { raise CanCan::AccessDenied }
+    stub(@controller).authorize!(:show, :project) { raise CanCan::AccessDenied }
     resource = CanCan::ControllerResource.new(@controller, :class => false)
     lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
   end
 
   it "should load and authorize using custom instance name" do
     @params.merge!(:action => "show", :id => 123)
-    stub(Ability).find(123) { :some_ability }
-    stub(@controller).authorize!(:show, :some_ability) { raise CanCan::AccessDenied }
-    resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_ability)
+    stub(Project).find(123) { :some_project }
+    stub(@controller).authorize!(:show, :some_project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_project)
     lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
-    @controller.instance_variable_get(:@custom_ability).should == :some_ability
+    @controller.instance_variable_get(:@custom_project).should == :some_project
   end
 
   it "should load resource using custom find_by attribute" do
     @params.merge!(:action => "show", :id => 123)
-    stub(Ability).find_by_name!(123) { :some_resource }
+    stub(Project).find_by_name!(123) { :some_project }
     resource = CanCan::ControllerResource.new(@controller, :find_by => :name)
     resource.load_resource
-    @controller.instance_variable_get(:@ability).should == :some_resource
+    @controller.instance_variable_get(:@project).should == :some_project
   end
 
   it "should raise ImplementationRemoved when adding :name option" do
@@ -239,13 +248,13 @@ describe CanCan::ControllerResource do
 
   it "should raise ImplementationRemoved exception when specifying :resource option since it is no longer used" do
     lambda {
-      CanCan::ControllerResource.new(@controller, :resource => Person)
+      CanCan::ControllerResource.new(@controller, :resource => Project)
     }.should raise_error(CanCan::ImplementationRemoved)
   end
 
   it "should raise ImplementationRemoved exception when passing :nested option" do
     lambda {
-      CanCan::ControllerResource.new(@controller, :nested => :person)
+      CanCan::ControllerResource.new(@controller, :nested => :project)
     }.should raise_error(CanCan::ImplementationRemoved)
   end
 end