cancan 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +9 -0
- data/README.rdoc +3 -3
- data/Rakefile +2 -0
- data/lib/cancan/ability.rb +10 -3
- data/lib/cancan/controller_additions.rb +8 -10
- data/spec/cancan/ability_spec.rb +15 -6
- data/spec/cancan/controller_additions_spec.rb +8 -2
- metadata +2 -2
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
1.0.2 (Dec 30, 2009)
|
|
2
|
+
|
|
3
|
+
* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
|
|
4
|
+
|
|
5
|
+
* Append aliased actions (don't overwrite them) - see issue #20
|
|
6
|
+
|
|
7
|
+
* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
|
|
8
|
+
|
|
9
|
+
|
|
1
10
|
1.0.1 (Dec 14, 2009)
|
|
2
11
|
|
|
3
12
|
* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
|
data/README.rdoc
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
= CanCan
|
|
2
2
|
|
|
3
|
+
RDocs[http://rdoc.info/projects/ryanb/cancan] | Wiki[http://wiki.github.com/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan] | Metrics[http://getcaliper.com/caliper/project?repo=git%3A%2F%2Fgithub.com%2Fryanb%2Fcancan.git] | Tests[http://runcoderun.com/ryanb/cancan]
|
|
4
|
+
|
|
3
5
|
This is a simple authorization solution for Ruby on Rails to restrict what a given user is allowed to access in the application. This is completely decoupled from any role based implementation allowing you to define user roles the way you want. All permissions are stored in a single location for convenience.
|
|
4
6
|
|
|
5
7
|
This assumes you already have authentication (such as Authlogic[http://github.com/binarylogic/authlogic]) which provides a current_user model.
|
|
6
8
|
|
|
7
|
-
See the RDocs[http://rdoc.info/projects/ryanb/cancan] and Wiki[http://wiki.github.com/ryanb/cancan] for additional documentation.
|
|
8
|
-
|
|
9
9
|
== Installation
|
|
10
10
|
|
|
11
11
|
You can set it up as a gem in your environment.rb file.
|
|
@@ -66,7 +66,7 @@ If the user authorization fails, a CanCan::AccessDenied exception will be raised
|
|
|
66
66
|
|
|
67
67
|
class ApplicationController < ActionController::Base
|
|
68
68
|
rescue_from CanCan::AccessDenied do |exception|
|
|
69
|
-
flash[:error] =
|
|
69
|
+
flash[:error] = exception.message
|
|
70
70
|
redirect_to root_url
|
|
71
71
|
end
|
|
72
72
|
end
|
data/Rakefile
CHANGED
data/lib/cancan/ability.rb
CHANGED
|
@@ -156,15 +156,22 @@ module CanCan
|
|
|
156
156
|
# This way one can use params[:action] in the controller to determine the permission.
|
|
157
157
|
def alias_action(*args)
|
|
158
158
|
target = args.pop[:to]
|
|
159
|
-
aliased_actions[target]
|
|
159
|
+
aliased_actions[target] ||= []
|
|
160
|
+
aliased_actions[target] += args
|
|
160
161
|
end
|
|
161
162
|
|
|
162
|
-
|
|
163
|
-
|
|
163
|
+
# Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
|
|
164
164
|
def aliased_actions
|
|
165
165
|
@aliased_actions ||= default_alias_actions
|
|
166
166
|
end
|
|
167
167
|
|
|
168
|
+
# Removes previously aliased actions including the defaults.
|
|
169
|
+
def clear_aliased_actions
|
|
170
|
+
@aliased_actions = {}
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
private
|
|
174
|
+
|
|
168
175
|
def default_alias_actions
|
|
169
176
|
{
|
|
170
177
|
:read => [:index, :show],
|
|
@@ -123,24 +123,22 @@ module CanCan
|
|
|
123
123
|
# unauthorized! if cannot? :read, @article
|
|
124
124
|
# end
|
|
125
125
|
#
|
|
126
|
-
#
|
|
127
|
-
# the
|
|
126
|
+
# The unauthorized! method accepts an optional argument which sets the
|
|
127
|
+
# message of the exception.
|
|
128
|
+
#
|
|
129
|
+
# You can rescue from the exception in the controller to define the behavior.
|
|
128
130
|
#
|
|
129
131
|
# class ApplicationController < ActionController::Base
|
|
130
|
-
# rescue_from CanCan::AccessDenied
|
|
131
|
-
#
|
|
132
|
-
# protected
|
|
133
|
-
#
|
|
134
|
-
# def access_denied
|
|
135
|
-
# flash[:error] = "Sorry, you are not allowed to access that page."
|
|
132
|
+
# rescue_from CanCan::AccessDenied do |exception|
|
|
133
|
+
# flash[:error] = exception.message
|
|
136
134
|
# redirect_to root_url
|
|
137
135
|
# end
|
|
138
136
|
# end
|
|
139
137
|
#
|
|
140
138
|
# See the load_and_authorize_resource method to automatically add
|
|
141
139
|
# the "unauthorized!" behavior to a RESTful controller's actions.
|
|
142
|
-
def unauthorized!
|
|
143
|
-
raise AccessDenied,
|
|
140
|
+
def unauthorized!(message = "You are not authorized to access this page.")
|
|
141
|
+
raise AccessDenied, message
|
|
144
142
|
end
|
|
145
143
|
|
|
146
144
|
# Creates and returns the current user's ability. You generally do not invoke
|
data/spec/cancan/ability_spec.rb
CHANGED
|
@@ -2,9 +2,8 @@ require File.dirname(__FILE__) + '/../spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe CanCan::Ability do
|
|
4
4
|
before(:each) do
|
|
5
|
-
@
|
|
6
|
-
@
|
|
7
|
-
@ability = @ability_class.new
|
|
5
|
+
@ability = Object.new
|
|
6
|
+
@ability.extend(CanCan::Ability)
|
|
8
7
|
end
|
|
9
8
|
|
|
10
9
|
it "should be able to :read anything" do
|
|
@@ -50,9 +49,7 @@ describe CanCan::Ability do
|
|
|
50
49
|
|
|
51
50
|
it "should alias update or destroy actions to modify action" do
|
|
52
51
|
@ability.alias_action :update, :destroy, :to => :modify
|
|
53
|
-
@ability.can
|
|
54
|
-
:modify_called
|
|
55
|
-
end
|
|
52
|
+
@ability.can(:modify, :all) { :modify_called }
|
|
56
53
|
@ability.can?(:update, 123).should == :modify_called
|
|
57
54
|
@ability.can?(:destroy, 123).should == :modify_called
|
|
58
55
|
end
|
|
@@ -123,4 +120,16 @@ describe CanCan::Ability do
|
|
|
123
120
|
@ability.can?(:read, 3).should be_true
|
|
124
121
|
@ability.can?(:read, 123).should be_false
|
|
125
122
|
end
|
|
123
|
+
|
|
124
|
+
it "should append aliased actions" do
|
|
125
|
+
@ability.alias_action :update, :to => :modify
|
|
126
|
+
@ability.alias_action :destroy, :to => :modify
|
|
127
|
+
@ability.aliased_actions[:modify].should == [:update, :destroy]
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
it "should clear aliased actions" do
|
|
131
|
+
@ability.alias_action :update, :to => :modify
|
|
132
|
+
@ability.clear_aliased_actions
|
|
133
|
+
@ability.aliased_actions[:modify].should be_nil
|
|
134
|
+
end
|
|
126
135
|
end
|
|
@@ -9,10 +9,16 @@ describe CanCan::ControllerAdditions do
|
|
|
9
9
|
@controller_class.send(:include, CanCan::ControllerAdditions)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
it "should
|
|
12
|
+
it "should raise access denied with default message when calling unauthorized!" do
|
|
13
13
|
lambda {
|
|
14
14
|
@controller.unauthorized!
|
|
15
|
-
}.should raise_error(CanCan::AccessDenied)
|
|
15
|
+
}.should raise_error(CanCan::AccessDenied, "You are not authorized to access this page.")
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
it "should raise access denied with custom message when calling unauthorized!" do
|
|
19
|
+
lambda {
|
|
20
|
+
@controller.unauthorized! "Access denied!"
|
|
21
|
+
}.should raise_error(CanCan::AccessDenied, "Access denied!")
|
|
16
22
|
end
|
|
17
23
|
|
|
18
24
|
it "should have a current_ability method which generates an ability for the current user" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cancan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Bates
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-12-
|
|
12
|
+
date: 2009-12-30 00:00:00 -08:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|