cancan 1.6.0 → 1.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +9 -0
- data/lib/cancan/controller_resource.rb +13 -9
- data/lib/cancan/inherited_resource.rb +1 -1
- data/lib/cancan/model_additions.rb +2 -2
- data/spec/cancan/controller_resource_spec.rb +6 -6
- data/spec/cancan/inherited_resource_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -0
- metadata +4 -4
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
1.6.1 (March 15, 2011)
|
2
|
+
|
3
|
+
* Use Item.new instead of build_item for singleton resource so it doesn't effect database - see issue #304
|
4
|
+
|
5
|
+
* Made accessible_by action default to :index and parent action default to :show instead of :read - see issue #302
|
6
|
+
|
7
|
+
* Reverted Inherited Resources "collection" override since it doesn't seem to be working - see issue #305
|
8
|
+
|
9
|
+
|
1
10
|
1.6.0 (March 11, 2011)
|
2
11
|
|
3
12
|
* Added MetaWhere support - see issue #194 and #261
|
@@ -82,10 +82,10 @@ module CanCan
|
|
82
82
|
end
|
83
83
|
|
84
84
|
def build_resource
|
85
|
-
|
86
|
-
resource
|
87
|
-
initial_attributes.each do |
|
88
|
-
resource.send("#{
|
85
|
+
resource = resource_base.new(@params[name] || {})
|
86
|
+
resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
|
87
|
+
initial_attributes.each do |attr_name, value|
|
88
|
+
resource.send("#{attr_name}=", value)
|
89
89
|
end
|
90
90
|
resource
|
91
91
|
end
|
@@ -97,15 +97,15 @@ module CanCan
|
|
97
97
|
end
|
98
98
|
|
99
99
|
def find_resource
|
100
|
-
if @options[:singleton] &&
|
101
|
-
|
100
|
+
if @options[:singleton] && parent_resource.respond_to?(name)
|
101
|
+
parent_resource.send(name)
|
102
102
|
else
|
103
103
|
@options[:find_by] ? resource_base.send("find_by_#{@options[:find_by]}!", id_param) : resource_base.find(id_param)
|
104
104
|
end
|
105
105
|
end
|
106
106
|
|
107
107
|
def authorization_action
|
108
|
-
parent? ? :
|
108
|
+
parent? ? :show : @params[:action].to_sym
|
109
109
|
end
|
110
110
|
|
111
111
|
def id_param
|
@@ -155,7 +155,7 @@ module CanCan
|
|
155
155
|
def resource_base
|
156
156
|
if @options[:through]
|
157
157
|
if parent_resource
|
158
|
-
@options[:singleton] ?
|
158
|
+
@options[:singleton] ? resource_class : parent_resource.send(@options[:through_association] || name.to_s.pluralize)
|
159
159
|
elsif @options[:shallow]
|
160
160
|
resource_class
|
161
161
|
else
|
@@ -166,9 +166,13 @@ module CanCan
|
|
166
166
|
end
|
167
167
|
end
|
168
168
|
|
169
|
+
def parent_name
|
170
|
+
@options[:through] && [@options[:through]].flatten.detect { |i| fetch_parent(i) }
|
171
|
+
end
|
172
|
+
|
169
173
|
# The object to load this resource through.
|
170
174
|
def parent_resource
|
171
|
-
|
175
|
+
parent_name && fetch_parent(parent_name)
|
172
176
|
end
|
173
177
|
|
174
178
|
def fetch_parent(name)
|
@@ -4,7 +4,7 @@ module CanCan
|
|
4
4
|
module ModelAdditions
|
5
5
|
module ClassMethods
|
6
6
|
# Returns a scope which fetches only the records that the passed ability
|
7
|
-
# can perform a given action on. The action defaults to :
|
7
|
+
# can perform a given action on. The action defaults to :index. This
|
8
8
|
# is usually called from a controller and passed the +current_ability+.
|
9
9
|
#
|
10
10
|
# @articles = Article.accessible_by(current_ability)
|
@@ -19,7 +19,7 @@ module CanCan
|
|
19
19
|
# @articles = Article.accessible_by(current_ability, :update)
|
20
20
|
#
|
21
21
|
# Here only the articles which the user can update are returned.
|
22
|
-
def accessible_by(ability, action = :
|
22
|
+
def accessible_by(ability, action = :index)
|
23
23
|
ability.model_adapter(self, action).database_records
|
24
24
|
end
|
25
25
|
end
|
@@ -104,7 +104,7 @@ describe CanCan::ControllerResource do
|
|
104
104
|
it "should authorize parent resource in collection action" do
|
105
105
|
@params[:action] = "index"
|
106
106
|
@controller.instance_variable_set(:@category, :some_category)
|
107
|
-
stub(@controller).authorize!(:
|
107
|
+
stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied }
|
108
108
|
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
|
109
109
|
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
110
110
|
end
|
@@ -268,14 +268,14 @@ describe CanCan::ControllerResource do
|
|
268
268
|
@controller.instance_variable_get(:@project).should == :some_project
|
269
269
|
end
|
270
270
|
|
271
|
-
it "should build record through has_one association with :singleton option" do
|
271
|
+
it "should not build record through has_one association with :singleton option because it can cause it to delete it in the database" do
|
272
272
|
@params.merge!(:action => "create", :project => {:name => "foobar"})
|
273
|
-
category =
|
273
|
+
category = Category.new
|
274
274
|
@controller.instance_variable_set(:@category, category)
|
275
|
-
stub(category).build_project { |attributes| Project.new(attributes) }
|
276
275
|
resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true)
|
277
276
|
resource.load_resource
|
278
277
|
@controller.instance_variable_get(:@project).name.should == "foobar"
|
278
|
+
@controller.instance_variable_get(:@project).category.should == category
|
279
279
|
end
|
280
280
|
|
281
281
|
it "should find record through has_one association with :singleton and :shallow options" do
|
@@ -293,10 +293,10 @@ describe CanCan::ControllerResource do
|
|
293
293
|
@controller.instance_variable_get(:@project).name.should == "foobar"
|
294
294
|
end
|
295
295
|
|
296
|
-
it "should only authorize :
|
296
|
+
it "should only authorize :show action on parent resource" do
|
297
297
|
project = Project.create!
|
298
298
|
@params.merge!(:action => "new", :project_id => project.id)
|
299
|
-
stub(@controller).authorize!(:
|
299
|
+
stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
|
300
300
|
resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
|
301
301
|
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
|
302
302
|
end
|
@@ -32,10 +32,10 @@ describe CanCan::InheritedResource do
|
|
32
32
|
@controller.instance_variable_get(:@project).should == :project_resource
|
33
33
|
end
|
34
34
|
|
35
|
-
it "index should load through @controller.
|
35
|
+
it "index should load through @controller.end_of_association_chain" do
|
36
36
|
@params[:action] = "index"
|
37
37
|
stub(Project).accessible_by(@ability, :index) { :projects }
|
38
|
-
stub(@controller).
|
38
|
+
stub(@controller).end_of_association_chain { Project }
|
39
39
|
CanCan::InheritedResource.new(@controller).load_resource
|
40
40
|
@controller.instance_variable_get(:@projects).should == :projects
|
41
41
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cancan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 13
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 6
|
9
|
-
-
|
10
|
-
version: 1.6.
|
9
|
+
- 1
|
10
|
+
version: 1.6.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Ryan Bates
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-03-
|
18
|
+
date: 2011-03-15 00:00:00 -07:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|