cancan 1.6.8 → 1.6.9

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,3 +1,14 @@
1
+ 1.6.9 (February 4, 2013)
2
+
3
+ * fix inserting AND (NULL) to end of SQL queries (thanks jonsgreen) - issue #687
4
+
5
+ * fix merge_joins for nested association hashes (thanks DavidMikeSimon) - issues #655, #560
6
+
7
+ * raise error on recursive alias_action (thanks fl00r) - issue #660
8
+
9
+ * fix namespace controllers not loading params (thanks andhapp) - issues #670, #664
10
+
11
+
1
12
  1.6.8 (June 25, 2012)
2
13
 
3
14
  * improved support for namespaced controllers and models
@@ -0,0 +1,11 @@
1
+ ### Please read before contributing
2
+
3
+ 1) If you have any questions about CanCan, search the [Wiki](https://github.com/ryanb/cancan/wiki) or use [Stack Overflow](http://stackoverflow.com/questions/tagged/cancan). Do not post questions here.
4
+
5
+ 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [ryan@railscasts.com](mailto:ryan@railscasts.com) instead.
6
+
7
+ 3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. In case it was not, create your report including Rails and CanCan versions. If you are getting exceptions, please include the full backtrace.
8
+
9
+ That's it! The more information you give, the more easy it becomes for us to track it down and fix it. Ideal scenario would be adding the issue to CanCan test suite or to a sample application.
10
+
11
+ Thanks!
@@ -1,4 +1,4 @@
1
- = CanCan {<img src="https://secure.travis-ci.org/ryanb/cancan.png" />}[http://travis-ci.org/ryanb/cancan]
1
+ = CanCan {<img src="https://fury-badge.herokuapp.com/rb/cancan.png" alt="Gem Version" />}[http://badge.fury.io/rb/cancan] {<img src="https://secure.travis-ci.org/ryanb/cancan.png?branch=master" />}[http://travis-ci.org/ryanb/cancan] {<img src="https://codeclimate.com/badge.png" />}[https://codeclimate.com/github/ryanb/cancan]
2
2
 
3
3
  Wiki[https://github.com/ryanb/cancan/wiki] | RDocs[http://rdoc.info/projects/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan]
4
4
 
@@ -172,10 +172,16 @@ module CanCan
172
172
  # This way one can use params[:action] in the controller to determine the permission.
173
173
  def alias_action(*args)
174
174
  target = args.pop[:to]
175
+ validate_target(target)
175
176
  aliased_actions[target] ||= []
176
177
  aliased_actions[target] += args
177
178
  end
178
179
 
180
+ # User shouldn't specify targets with names of real actions or it will cause Seg fault
181
+ def validate_target(target)
182
+ raise Error, "You can't specify target (#{target}) as alias because it is real action name" if aliased_actions.values.flatten.include? target
183
+ end
184
+
179
185
  # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
180
186
  def aliased_actions
181
187
  @aliased_actions ||= default_alias_actions
@@ -213,10 +213,15 @@ module CanCan
213
213
 
214
214
  def resource_params
215
215
  if @options[:class]
216
- @params[@options[:class].to_s.underscore.gsub('/', '_')]
217
- else
218
- @params[namespaced_name.to_s.underscore.gsub("/", "_")]
216
+ params_key = extract_key(@options[:class])
217
+ return @params[params_key] if @params[params_key]
219
218
  end
219
+
220
+ resource_params_by_namespaced_name
221
+ end
222
+
223
+ def resource_params_by_namespaced_name
224
+ @params[extract_key(namespaced_name)]
220
225
  end
221
226
 
222
227
  def namespace
@@ -244,5 +249,11 @@ module CanCan
244
249
  def new_actions
245
250
  [:new, :create] + [@options[:new]].flatten
246
251
  end
252
+
253
+ private
254
+
255
+ def extract_key(value)
256
+ value.to_s.underscore.gsub('/', '_')
257
+ end
247
258
  end
248
259
  end
@@ -145,8 +145,8 @@ module CanCan
145
145
  # Takes two hashes and does a deep merge.
146
146
  def merge_joins(base, add)
147
147
  add.each do |name, nested|
148
- if base[name].is_a?(Hash) && !nested.empty?
149
- merge_joins(base[name], nested)
148
+ if base[name].is_a?(Hash)
149
+ merge_joins(base[name], nested) unless nested.empty?
150
150
  else
151
151
  base[name] = nested
152
152
  end
@@ -55,7 +55,8 @@ module CanCan
55
55
  end
56
56
 
57
57
  def unmergeable?
58
- @conditions.respond_to?(:keys) && (! @conditions.keys.first.kind_of? Symbol)
58
+ @conditions.respond_to?(:keys) && @conditions.present? &&
59
+ (!@conditions.keys.first.kind_of? Symbol)
59
60
  end
60
61
 
61
62
  def associations_hash(conditions = @conditions)
@@ -11,18 +11,22 @@ class Ability
11
11
  # can :read, :all
12
12
  # end
13
13
  #
14
- # The first argument to `can` is the action you are giving the user permission to do.
15
- # If you pass :manage it will apply to every action. Other common actions here are
16
- # :read, :create, :update and :destroy.
14
+ # The first argument to `can` is the action you are giving the user
15
+ # permission to do.
16
+ # If you pass :manage it will apply to every action. Other common actions
17
+ # here are :read, :create, :update and :destroy.
17
18
  #
18
- # The second argument is the resource the user can perform the action on. If you pass
19
- # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
19
+ # The second argument is the resource the user can perform the action on.
20
+ # If you pass :all it will apply to every resource. Otherwise pass a Ruby
21
+ # class of the resource.
20
22
  #
21
- # The third argument is an optional hash of conditions to further filter the objects.
23
+ # The third argument is an optional hash of conditions to further filter the
24
+ # objects.
22
25
  # For example, here the user can only update published articles.
23
26
  #
24
27
  # can :update, Article, :published => true
25
28
  #
26
- # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
29
+ # See the wiki for details:
30
+ # https://github.com/ryanb/cancan/wiki/Defining-Abilities
27
31
  end
28
32
  end
@@ -87,6 +87,10 @@ describe CanCan::Ability do
87
87
  @ability.can?(:increment, 123).should be_true
88
88
  end
89
89
 
90
+ it "should raise an Error if alias target is an exist action" do
91
+ lambda{ @ability.alias_action :show, :to => :show }.should raise_error(CanCan::Error, "You can't specify target (show) as alias because it is real action name")
92
+ end
93
+
90
94
  it "should always call block with arguments when passing no arguments to can" do
91
95
  @ability.can do |action, object_class, object|
92
96
  action.should == :foo
@@ -75,13 +75,19 @@ describe CanCan::ControllerResource do
75
75
  end
76
76
 
77
77
  it "should build a new resource for namespaced model with hash if params[:id] is not specified" do
78
- project = Sub::Project.create!
79
78
  @params.merge!(:action => "create", 'sub_project' => {:name => "foobar"})
80
79
  resource = CanCan::ControllerResource.new(@controller, :class => ::Sub::Project)
81
80
  resource.load_resource
82
81
  @controller.instance_variable_get(:@project).name.should == "foobar"
83
82
  end
84
83
 
84
+ it "should build a new resource for namespaced controller and namespaced model with hash if params[:id] is not specified" do
85
+ @params.merge!(:controller => "Admin::SubProjectsController", :action => "create", 'sub_project' => {:name => "foobar"})
86
+ resource = CanCan::ControllerResource.new(@controller, :class => Project)
87
+ resource.load_resource
88
+ @controller.instance_variable_get(:@sub_project).name.should == "foobar"
89
+ end
90
+
85
91
  it "should build a new resource with attributes from current ability" do
86
92
  @params.merge!(:action => "new")
87
93
  @ability.can(:create, Project, :name => "from conditions")
@@ -20,10 +20,12 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
20
20
  t.boolean "secret"
21
21
  t.integer "priority"
22
22
  t.integer "category_id"
23
+ t.integer "user_id"
23
24
  end
24
25
  model do
25
26
  belongs_to :category
26
27
  has_many :comments
28
+ belongs_to :user
27
29
  end
28
30
  end
29
31
 
@@ -37,6 +39,15 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
37
39
  end
38
40
  end
39
41
 
42
+ with_model :user do
43
+ table do |t|
44
+
45
+ end
46
+ model do
47
+ has_many :articles
48
+ end
49
+ end
50
+
40
51
  before(:each) do
41
52
  Article.delete_all
42
53
  Comment.delete_all
@@ -227,6 +238,21 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
227
238
  @ability.model_adapter(Article, :read).joins.should == [:project]
228
239
  end
229
240
 
241
+ it "should merge nested and non-nested joins" do
242
+ @ability.can :read, Article, :project => { :blocked => false }
243
+ @ability.can :read, Article, :project => { :comments => { :spam => true } }
244
+ @ability.model_adapter(Article, :read).joins.should == [{:project=>[:comments]}]
245
+ end
246
+
247
+ it "should merge :all conditions with other conditions" do
248
+ user = User.create!
249
+ article = Article.create!(:user => user)
250
+ ability = Ability.new(user)
251
+ ability.can :manage, :all
252
+ ability.can :manage, Article, :user_id => user.id
253
+ Article.accessible_by(ability).should == [article]
254
+ end
255
+
230
256
  it "should restrict articles given a MetaWhere condition" do
231
257
  @ability.can :read, Article, :priority.lt => 2
232
258
  article1 = Article.create!(:priority => 1)
@@ -44,4 +44,9 @@ describe CanCan::Rule do
44
44
 
45
45
  @rule.should be_unmergeable
46
46
  end
47
+
48
+ it "should be mergeable if conditions is an empty hash" do
49
+ @conditions = {}
50
+ @rule.should_not be_unmergeable
51
+ end
47
52
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cancan
3
3
  version: !ruby/object:Gem::Version
4
- hash: 31
4
+ hash: 29
5
5
  prerelease:
6
6
  segments:
7
7
  - 1
8
8
  - 6
9
- - 8
10
- version: 1.6.8
9
+ - 9
10
+ version: 1.6.9
11
11
  platform: ruby
12
12
  authors:
13
13
  - Ryan Bates
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-06-25 00:00:00 -07:00
18
+ date: 2013-02-04 00:00:00 -08:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -124,6 +124,7 @@ files:
124
124
  - spec/spec.opts
125
125
  - spec/spec_helper.rb
126
126
  - CHANGELOG.rdoc
127
+ - CONTRIBUTING.md
127
128
  - Gemfile
128
129
  - LICENSE
129
130
  - Rakefile