cancan 1.6.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.rdoc +9 -0
- data/lib/cancan/controller_resource.rb +13 -9
- data/lib/cancan/inherited_resource.rb +1 -1
- data/lib/cancan/model_additions.rb +2 -2
- data/spec/cancan/controller_resource_spec.rb +6 -6
- data/spec/cancan/inherited_resource_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -0
- metadata +4 -4
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
1.6.1 (March 15, 2011)
|
|
2
|
+
|
|
3
|
+
* Use Item.new instead of build_item for singleton resource so it doesn't effect database - see issue #304
|
|
4
|
+
|
|
5
|
+
* Made accessible_by action default to :index and parent action default to :show instead of :read - see issue #302
|
|
6
|
+
|
|
7
|
+
* Reverted Inherited Resources "collection" override since it doesn't seem to be working - see issue #305
|
|
8
|
+
|
|
9
|
+
|
|
1
10
|
1.6.0 (March 11, 2011)
|
|
2
11
|
|
|
3
12
|
* Added MetaWhere support - see issue #194 and #261
|
|
@@ -82,10 +82,10 @@ module CanCan
|
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
def build_resource
|
|
85
|
-
|
|
86
|
-
resource
|
|
87
|
-
initial_attributes.each do |
|
|
88
|
-
resource.send("#{
|
|
85
|
+
resource = resource_base.new(@params[name] || {})
|
|
86
|
+
resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
|
|
87
|
+
initial_attributes.each do |attr_name, value|
|
|
88
|
+
resource.send("#{attr_name}=", value)
|
|
89
89
|
end
|
|
90
90
|
resource
|
|
91
91
|
end
|
|
@@ -97,15 +97,15 @@ module CanCan
|
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
def find_resource
|
|
100
|
-
if @options[:singleton] &&
|
|
101
|
-
|
|
100
|
+
if @options[:singleton] && parent_resource.respond_to?(name)
|
|
101
|
+
parent_resource.send(name)
|
|
102
102
|
else
|
|
103
103
|
@options[:find_by] ? resource_base.send("find_by_#{@options[:find_by]}!", id_param) : resource_base.find(id_param)
|
|
104
104
|
end
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
def authorization_action
|
|
108
|
-
parent? ? :
|
|
108
|
+
parent? ? :show : @params[:action].to_sym
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
def id_param
|
|
@@ -155,7 +155,7 @@ module CanCan
|
|
|
155
155
|
def resource_base
|
|
156
156
|
if @options[:through]
|
|
157
157
|
if parent_resource
|
|
158
|
-
@options[:singleton] ?
|
|
158
|
+
@options[:singleton] ? resource_class : parent_resource.send(@options[:through_association] || name.to_s.pluralize)
|
|
159
159
|
elsif @options[:shallow]
|
|
160
160
|
resource_class
|
|
161
161
|
else
|
|
@@ -166,9 +166,13 @@ module CanCan
|
|
|
166
166
|
end
|
|
167
167
|
end
|
|
168
168
|
|
|
169
|
+
def parent_name
|
|
170
|
+
@options[:through] && [@options[:through]].flatten.detect { |i| fetch_parent(i) }
|
|
171
|
+
end
|
|
172
|
+
|
|
169
173
|
# The object to load this resource through.
|
|
170
174
|
def parent_resource
|
|
171
|
-
|
|
175
|
+
parent_name && fetch_parent(parent_name)
|
|
172
176
|
end
|
|
173
177
|
|
|
174
178
|
def fetch_parent(name)
|
|
@@ -4,7 +4,7 @@ module CanCan
|
|
|
4
4
|
module ModelAdditions
|
|
5
5
|
module ClassMethods
|
|
6
6
|
# Returns a scope which fetches only the records that the passed ability
|
|
7
|
-
# can perform a given action on. The action defaults to :
|
|
7
|
+
# can perform a given action on. The action defaults to :index. This
|
|
8
8
|
# is usually called from a controller and passed the +current_ability+.
|
|
9
9
|
#
|
|
10
10
|
# @articles = Article.accessible_by(current_ability)
|
|
@@ -19,7 +19,7 @@ module CanCan
|
|
|
19
19
|
# @articles = Article.accessible_by(current_ability, :update)
|
|
20
20
|
#
|
|
21
21
|
# Here only the articles which the user can update are returned.
|
|
22
|
-
def accessible_by(ability, action = :
|
|
22
|
+
def accessible_by(ability, action = :index)
|
|
23
23
|
ability.model_adapter(self, action).database_records
|
|
24
24
|
end
|
|
25
25
|
end
|
|
@@ -104,7 +104,7 @@ describe CanCan::ControllerResource do
|
|
|
104
104
|
it "should authorize parent resource in collection action" do
|
|
105
105
|
@params[:action] = "index"
|
|
106
106
|
@controller.instance_variable_set(:@category, :some_category)
|
|
107
|
-
stub(@controller).authorize!(:
|
|
107
|
+
stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied }
|
|
108
108
|
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
|
|
109
109
|
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
|
110
110
|
end
|
|
@@ -268,14 +268,14 @@ describe CanCan::ControllerResource do
|
|
|
268
268
|
@controller.instance_variable_get(:@project).should == :some_project
|
|
269
269
|
end
|
|
270
270
|
|
|
271
|
-
it "should build record through has_one association with :singleton option" do
|
|
271
|
+
it "should not build record through has_one association with :singleton option because it can cause it to delete it in the database" do
|
|
272
272
|
@params.merge!(:action => "create", :project => {:name => "foobar"})
|
|
273
|
-
category =
|
|
273
|
+
category = Category.new
|
|
274
274
|
@controller.instance_variable_set(:@category, category)
|
|
275
|
-
stub(category).build_project { |attributes| Project.new(attributes) }
|
|
276
275
|
resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true)
|
|
277
276
|
resource.load_resource
|
|
278
277
|
@controller.instance_variable_get(:@project).name.should == "foobar"
|
|
278
|
+
@controller.instance_variable_get(:@project).category.should == category
|
|
279
279
|
end
|
|
280
280
|
|
|
281
281
|
it "should find record through has_one association with :singleton and :shallow options" do
|
|
@@ -293,10 +293,10 @@ describe CanCan::ControllerResource do
|
|
|
293
293
|
@controller.instance_variable_get(:@project).name.should == "foobar"
|
|
294
294
|
end
|
|
295
295
|
|
|
296
|
-
it "should only authorize :
|
|
296
|
+
it "should only authorize :show action on parent resource" do
|
|
297
297
|
project = Project.create!
|
|
298
298
|
@params.merge!(:action => "new", :project_id => project.id)
|
|
299
|
-
stub(@controller).authorize!(:
|
|
299
|
+
stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
|
|
300
300
|
resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
|
|
301
301
|
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
|
|
302
302
|
end
|
|
@@ -32,10 +32,10 @@ describe CanCan::InheritedResource do
|
|
|
32
32
|
@controller.instance_variable_get(:@project).should == :project_resource
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
it "index should load through @controller.
|
|
35
|
+
it "index should load through @controller.end_of_association_chain" do
|
|
36
36
|
@params[:action] = "index"
|
|
37
37
|
stub(Project).accessible_by(@ability, :index) { :projects }
|
|
38
|
-
stub(@controller).
|
|
38
|
+
stub(@controller).end_of_association_chain { Project }
|
|
39
39
|
CanCan::InheritedResource.new(@controller).load_resource
|
|
40
40
|
@controller.instance_variable_get(:@projects).should == :projects
|
|
41
41
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cancan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 13
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
8
|
- 6
|
|
9
|
-
-
|
|
10
|
-
version: 1.6.
|
|
9
|
+
- 1
|
|
10
|
+
version: 1.6.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Ryan Bates
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-03-
|
|
18
|
+
date: 2011-03-15 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|