cancancan 1.10.0 → 3.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2e578e1005885c6f192bb9796d1beaa98878b01e
-  data.tar.gz: 8f4f962696dedc14dd038489dc46054c523c55a2
+SHA256:
+  metadata.gz: bebbba60e68460ec234fc11e8d3cf0414e578a56c0347862c673396eb917dff9
+  data.tar.gz: bb07244a17dcf45d1852cf6677864084c2f0db5630ea9b72bdcc0c6055b5c4b6
 SHA512:
-  metadata.gz: 5737784c038345e4ff19c5dc519c828cb36268f77bafef9fa9d40ba3ae396fe030b2c3fc60f3e755903c9d398a59b450690cc0564b22aef1a1f46826c753aa35
-  data.tar.gz: b4faa7beedaba71e8303aafb358a4ecd02b8d4be7abb2730c2f7b8bc9e13c46650acfa77e0ab4ecd81da381e166ddd9ab9fb098c79e7a9d3fa95dbaf5e24c0e4
+  metadata.gz: be9f2b03ae43651ea70a451b97a44fd6ec6e0a09ca444ddf625b91ae3815a245e0669bb80b4d3b0687ca327bc0c4fe81028f7736cb6493ef636b43a4140f4f49
+  data.tar.gz: db75441929e737d12699f57324d031e894b5d2cdbe1555451857977c42b0ef28148cc63bb718981c32ac08bafd2873623d2151ba8e98c442f217b3f4affecda9

data/cancancan.gemspec

@@ -1,31 +1,29 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'cancan/version'
 
 Gem::Specification.new do |s|
-  s.name        = "cancancan"
+  s.name        = 'cancancan'
   s.version     = CanCan::VERSION
-  s.authors     = ["Bryan Rite", "Ryan Bates"]
-  s.email       = "bryan@bryanrite.com"
-  s.homepage    = "https://github.com/CanCanCommunity/cancancan"
-  s.summary     = "Simple authorization solution for Rails."
-  s.description = "Continuation of the simple authorization solution for Rails which is decoupled from user roles. All permissions are stored in a single location."
+  s.authors     = ['Alessandro Rodi (Renuo AG)', 'Bryan Rite', 'Ryan Bates', 'Richard Wilson']
+  s.email       = 'alessandro.rodi@renuo.ch'
+  s.homepage    = 'https://github.com/CanCanCommunity/cancancan'
+  s.metadata = { 'funding_uri' => 'https://github.com/sponsors/coorasse' }
+  s.summary     = 'Simple authorization solution for Rails.'
+  s.description = 'Simple authorization solution for Rails. All permissions are stored in a single location.'
   s.platform    = Gem::Platform::RUBY
-  s.license     = "MIT"
-
-  s.files       = `git ls-files`.split($/)
-  s.test_files  = `git ls-files -- Appraisals {spec,features,gemfiles}/*`.split($/)
-  s.executables = `git ls-files -- bin/*`.split($/).map{ |f| File.basename(f) }
-  s.require_paths = ["lib"]
+  s.license     = 'MIT'
 
-  s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
-  s.required_rubygems_version = ">= 1.3.4"
+  s.files       = `git ls-files lib init.rb cancancan.gemspec`.split($INPUT_RECORD_SEPARATOR)
+  s.require_paths = ['lib']
 
-  s.add_development_dependency 'bundler', '~> 1.3'
-  s.add_development_dependency 'rake', '~> 10.1.1'
-  s.add_development_dependency 'rspec', '~> 3.0.0'
-  s.add_development_dependency 'appraisal', '>= 1.0.0'
+  s.required_ruby_version = '>= 2.2.0'
 
-  s.rubyforge_project = s.name
+  s.add_development_dependency 'appraisal', '~> 2.0', '>= 2.0.0'
+  s.add_development_dependency 'bundler', '~> 2.0'
+  s.add_development_dependency 'rake', '~> 10.1', '>= 10.1.1'
+  s.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
+  s.add_development_dependency 'rubocop', '~> 1.31.1'
 end

data/init.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'cancan'

data/lib/cancan/ability/actions.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+module CanCan
+  module Ability
+    module Actions
+      # Alias one or more actions into another one.
+      #
+      #   alias_action :update, :destroy, :to => :modify
+      #   can :modify, Comment
+      #
+      # Then :modify permission will apply to both :update and :destroy requests.
+      #
+      #   can? :update, Comment # => true
+      #   can? :destroy, Comment # => true
+      #
+      # This only works in one direction. Passing the aliased action into the "can?" call
+      # will not work because aliases are meant to generate more generic actions.
+      #
+      #   alias_action :update, :destroy, :to => :modify
+      #   can :update, Comment
+      #   can? :modify, Comment # => false
+      #
+      # Unless that exact alias is used.
+      #
+      #   can :modify, Comment
+      #   can? :modify, Comment # => true
+      #
+      # The following aliases are added by default for conveniently mapping common controller actions.
+      #
+      #   alias_action :index, :show, :to => :read
+      #   alias_action :new, :to => :create
+      #   alias_action :edit, :to => :update
+      #
+      # This way one can use params[:action] in the controller to determine the permission.
+      def alias_action(*args)
+        target = args.pop[:to]
+        validate_target(target)
+        aliased_actions[target] ||= []
+        aliased_actions[target] += args
+      end
+
+      # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
+      def aliased_actions
+        @aliased_actions ||= default_alias_actions
+      end
+
+      # Removes previously aliased actions including the defaults.
+      def clear_aliased_actions
+        @aliased_actions = {}
+      end
+
+      private
+
+      def default_alias_actions
+        {
+          read: %i[index show],
+          create: [:new],
+          update: [:edit]
+        }
+      end
+
+      # Given an action, it will try to find all of the actions which are aliased to it.
+      # This does the opposite kind of lookup as expand_actions.
+      def aliases_for_action(action)
+        results = [action]
+        aliased_actions.each do |aliased_action, actions|
+          results += aliases_for_action(aliased_action) if actions.include? action
+        end
+        results
+      end
+
+      def expanded_actions
+        @expanded_actions ||= {}
+      end
+
+      # Accepts an array of actions and returns an array of actions which match.
+      # This should be called before "matches?" and other checking methods since they
+      # rely on the actions to be expanded.
+      def expand_actions(actions)
+        expanded_actions[actions] ||= begin
+          expanded = []
+          actions.each do |action|
+            expanded << action
+            if (aliases = aliased_actions[action])
+              expanded += expand_actions(aliases)
+            end
+          end
+          expanded
+        end
+      end
+    end
+  end
+end

data/lib/cancan/ability/rules.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module CanCan
+  module Ability
+    module Rules
+      protected
+
+      # Must be protected as an ability can merge with other abilities.
+      # This means that an ability must expose their rules with another ability.
+      def rules
+        @rules ||= []
+      end
+
+      private
+
+      def add_rule(rule)
+        rules << rule
+        add_rule_to_index(rule, rules.size - 1)
+      end
+
+      def add_rule_to_index(rule, position)
+        @rules_index ||= {}
+
+        subjects = rule.subjects.compact
+        subjects << :all if subjects.empty?
+
+        subjects.each do |subject|
+          @rules_index[subject] ||= []
+          @rules_index[subject] << position
+        end
+      end
+
+      # Returns an array of Rule instances which match the action and subject
+      # This does not take into consideration any hash conditions or block statements
+      def relevant_rules(action, subject)
+        return [] unless @rules
+
+        relevant = possible_relevant_rules(subject).select do |rule|
+          rule.expanded_actions = expand_actions(rule.actions)
+          rule.relevant? action, subject
+        end
+        relevant.reverse!.uniq!
+        optimize_order! relevant
+        relevant
+      end
+
+      def possible_relevant_rules(subject)
+        if subject.is_a?(Hash)
+          rules
+        else
+          positions = @rules_index.values_at(subject, *alternative_subjects(subject))
+          positions.compact!
+          positions.flatten!
+          positions.sort!
+          positions.map { |i| @rules[i] }
+        end
+      end
+
+      def relevant_rules_for_match(action, subject)
+        relevant_rules(action, subject).each do |rule|
+          next unless rule.only_raw_sql?
+
+          raise Error,
+                "The can? and cannot? call cannot be used with a raw sql 'can' definition. " \
+                "The checking code cannot be determined for #{action.inspect} #{subject.inspect}"
+        end
+      end
+
+      def relevant_rules_for_query(action, subject)
+        rules = relevant_rules(action, subject).reject do |rule|
+          # reject 'cannot' rules with attributes when doing queries
+          rule.base_behavior == false && rule.attributes.present?
+        end
+        if rules.any?(&:only_block?)
+          raise Error, "The accessible_by call cannot be used with a block 'can' definition." \
+            "The SQL cannot be determined for #{action.inspect} #{subject.inspect}"
+        end
+        rules
+      end
+
+      # Optimizes the order of the rules, so that rules with the :all subject are evaluated first.
+      def optimize_order!(rules)
+        first_can_in_group = -1
+        rules.each_with_index do |rule, i|
+          (first_can_in_group = -1) && next unless rule.base_behavior
+          (first_can_in_group = i) && next if first_can_in_group == -1
+          next unless rule.subjects == [:all]
+
+          rules[i] = rules[first_can_in_group]
+          rules[first_can_in_group] = rule
+          first_can_in_group += 1
+        end
+      end
+    end
+  end
+end

data/lib/cancan/ability/strong_parameter_support.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module CanCan
+  module Ability
+    module StrongParameterSupport
+      # Returns an array of attributes suitable for use with strong parameters
+      #
+      # Note: reversing the relevant rules is important. Normal order means that 'cannot'
+      # rules will come before 'can' rules. However, you can't remove attributes before
+      # they are added. The 'reverse' is so that attributes will be added before the
+      # 'cannot' rules remove them.
+      def permitted_attributes(action, subject)
+        relevant_rules(action, subject)
+          .reverse
+          .select { |rule| rule.matches_conditions? action, subject }
+          .each_with_object(Set.new) do |rule, set|
+          attributes = get_attributes(rule, subject)
+          # add attributes for 'can', remove them for 'cannot'
+          rule.base_behavior ? set.merge(attributes) : set.subtract(attributes)
+        end.to_a
+      end
+
+      private
+
+      def subject_class?(subject)
+        klass = (subject.is_a?(Hash) ? subject.values.first : subject).class
+        [Class, Module].include? klass
+      end
+
+      def get_attributes(rule, subject)
+        klass = subject_class?(subject) ? subject : subject.class
+        # empty attributes is an 'all'
+        if rule.attributes.empty? && klass < ActiveRecord::Base
+          klass.column_names.map(&:to_sym) - Array(klass.primary_key)
+        else
+          rule.attributes
+        end
+      end
+    end
+  end
+end

data/lib/cancan/ability.rb

@@ -1,5 +1,11 @@
-module CanCan
+# frozen_string_literal: true
+
+require_relative 'ability/rules.rb'
+require_relative 'ability/actions.rb'
+require_relative 'unauthorized_message_resolver.rb'
+require_relative 'ability/strong_parameter_support'
 
+module CanCan
   # This module is designed to be included into an Ability class. This will
   # provide the "can" methods for defining and checking abilities.
   #
@@ -16,6 +22,11 @@ module CanCan
   #   end
   #
   module Ability
+    include CanCan::Ability::Rules
+    include CanCan::Ability::Actions
+    include CanCan::UnauthorizedMessageResolver
+    include StrongParameterSupport
+
     # Check if the user has permission to perform a given action on an object.
     #
     #   can? :destroy, @project
@@ -60,17 +71,15 @@ module CanCan
     #   end
     #
     # Also see the RSpec Matchers to aid in testing.
-    def can?(action, subject, *extra_args)
-      subject = extract_subjects(subject)
-
-      match = subject.map do |subject|
-        relevant_rules_for_match(action, subject).detect do |rule|
-          rule.matches_conditions?(action, subject, extra_args)
+    def can?(action, subject, attribute = nil, *extra_args)
+      match = extract_subjects(subject).lazy.map do |a_subject|
+        relevant_rules_for_match(action, a_subject).detect do |rule|
+          rule.matches_conditions?(action, a_subject, attribute, *extra_args) && rule.matches_attributes?(attribute)
         end
-      end.compact.first
-
+      end.reject(&:nil?).first
       match ? match.base_behavior : false
     end
+
     # Convenience method which works the same as "can?" but returns the opposite value.
     #
     #   cannot? :destroy, @project
@@ -119,7 +128,7 @@ module CanCan
     #   can :read, :stats
     #   can? :read, :stats # => true
     #
-    # IMPORTANT: Neither a hash of conditions or a block will be used when checking permission on a class.
+    # IMPORTANT: Neither a hash of conditions nor a block will be used when checking permission on a class.
     #
     #   can :update, Project, :priority => 3
     #   can? :update, Project # => true
@@ -132,8 +141,8 @@ module CanCan
     #     # check the database and return true/false
     #   end
     #
-    def can(action = nil, subject = nil, conditions = nil, &block)
-      rules << Rule.new(true, action, subject, conditions, block)
+    def can(action = nil, subject = nil, *attributes_and_conditions, &block)
+      add_rule(Rule.new(true, action, subject, *attributes_and_conditions, &block))
     end
 
     # Defines an ability which cannot be done. Accepts the same arguments as "can".
@@ -148,59 +157,14 @@ module CanCan
     #     product.invisible?
     #   end
     #
-    def cannot(action = nil, subject = nil, conditions = nil, &block)
-      rules << Rule.new(false, action, subject, conditions, block)
-    end
-
-    # Alias one or more actions into another one.
-    #
-    #   alias_action :update, :destroy, :to => :modify
-    #   can :modify, Comment
-    #
-    # Then :modify permission will apply to both :update and :destroy requests.
-    #
-    #   can? :update, Comment # => true
-    #   can? :destroy, Comment # => true
-    #
-    # This only works in one direction. Passing the aliased action into the "can?" call
-    # will not work because aliases are meant to generate more generic actions.
-    #
-    #   alias_action :update, :destroy, :to => :modify
-    #   can :update, Comment
-    #   can? :modify, Comment # => false
-    #
-    # Unless that exact alias is used.
-    #
-    #   can :modify, Comment
-    #   can? :modify, Comment # => true
-    #
-    # The following aliases are added by default for conveniently mapping common controller actions.
-    #
-    #   alias_action :index, :show, :to => :read
-    #   alias_action :new, :to => :create
-    #   alias_action :edit, :to => :update
-    #
-    # This way one can use params[:action] in the controller to determine the permission.
-    def alias_action(*args)
-      target = args.pop[:to]
-      validate_target(target)
-      aliased_actions[target] ||= []
-      aliased_actions[target] += args
+    def cannot(action = nil, subject = nil, *attributes_and_conditions, &block)
+      add_rule(Rule.new(false, action, subject, *attributes_and_conditions, &block))
     end
 
     # User shouldn't specify targets with names of real actions or it will cause Seg fault
     def validate_target(target)
-      raise Error, "You can't specify target (#{target}) as alias because it is real action name" if aliased_actions.values.flatten.include? target
-    end
-
-    # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
-    def aliased_actions
-      @aliased_actions ||= default_alias_actions
-    end
-
-    # Removes previously aliased actions including the defaults.
-    def clear_aliased_actions
-      @aliased_actions = {}
+      error_message = "You can't specify target (#{target}) as alias because it is real action name"
+      raise Error, error_message if aliased_actions.values.flatten.include? target
     end
 
     def model_adapter(model_class, action)
@@ -210,25 +174,14 @@ module CanCan
 
     # See ControllerAdditions#authorize! for documentation.
     def authorize!(action, subject, *args)
-      message = nil
-      if args.last.kind_of?(Hash) && args.last.has_key?(:message)
-        message = args.pop[:message]
-      end
+      message = args.last.is_a?(Hash) && args.last.key?(:message) ? args.pop[:message] : nil
       if cannot?(action, subject, *args)
         message ||= unauthorized_message(action, subject)
-        raise AccessDenied.new(message, action, subject)
+        raise AccessDenied.new(message, action, subject, args)
       end
       subject
     end
 
-    def unauthorized_message(action, subject)
-      keys = unauthorized_message_keys(action, subject)
-      variables = {:action => action.to_s}
-      variables[:subject] = (subject.class == Class ? subject : subject.class).to_s.underscore.humanize.downcase
-      message = I18n.translate(nil, variables.merge(:scope => :unauthorized, :default => keys + [""]))
-      message.blank? ? nil : message
-    end
-
     def attributes_for(action, subject)
       attributes = {}
       relevant_rules(action, subject).map do |rule|
@@ -245,100 +198,115 @@ module CanCan
       relevant_rules(action, subject).any?(&:only_raw_sql?)
     end
 
+    # Copies all rules and aliased actions of the given +CanCan::Ability+ and adds them to +self+.
+    #   class ReadAbility
+    #     include CanCan::Ability
+    #
+    #     def initialize
+    #       can :read, User
+    #       alias_action :show, :index, to: :see
+    #     end
+    #   end
+    #
+    #   class WritingAbility
+    #     include CanCan::Ability
+    #
+    #     def initialize
+    #       can :edit, User
+    #       alias_action :create, :update, to: :modify
+    #     end
+    #   end
+    #
+    #   read_ability = ReadAbility.new
+    #   read_ability.can? :edit, User.new #=> false
+    #   read_ability.merge(WritingAbility.new)
+    #   read_ability.can? :edit, User.new #=> true
+    #   read_ability.aliased_actions #=> [:see => [:show, :index], :modify => [:create, :update]]
+    #
+    # If there are collisions when merging the +aliased_actions+, the actions on +self+ will be
+    # overwritten.
+    #
+    # class ReadAbility
+    #   include CanCan::Ability
+    #
+    #   def initialize
+    #     alias_action :show, :index, to: :see
+    #   end
+    # end
+    #
+    # class ShowAbility
+    #   include CanCan::Ability
+    #
+    #   def initialize
+    #     alias_action :show, to: :see
+    #   end
+    # end
+    #
+    # read_ability = ReadAbility.new
+    # read_ability.merge(ShowAbility)
+    # read_ability.aliased_actions #=> [:see => [:show]]
     def merge(ability)
-      ability.send(:rules).each do |rule|
-        rules << rule.dup
+      ability.rules.each do |rule|
+        add_rule(rule.dup)
       end
+      @aliased_actions = aliased_actions.merge(ability.aliased_actions)
       self
     end
 
-    private
-
-    def unauthorized_message_keys(action, subject)
-      subject = (subject.class == Class ? subject : subject.class).name.underscore unless subject.kind_of? Symbol
-      [subject, :all].map do |try_subject|
-        [aliases_for_action(action), :manage].flatten.map do |try_action|
-          :"#{try_action}.#{try_subject}"
-        end
-      end.flatten
+    # Return a hash of permissions for the user in the format of:
+    #   {
+    #     can: can_hash,
+    #     cannot: cannot_hash
+    #   }
+    #
+    # Where can_hash and cannot_hash are formatted thusly:
+    #   {
+    #     action: { subject: [attributes] }
+    #   }
+    def permissions
+      permissions_list = {
+        can: Hash.new { |actions, k1| actions[k1] = Hash.new { |subjects, k2| subjects[k2] = [] } },
+        cannot: Hash.new { |actions, k1| actions[k1] = Hash.new { |subjects, k2| subjects[k2] = [] } }
+      }
+      rules.each { |rule| extract_rule_in_permissions(permissions_list, rule) }
+      permissions_list
     end
 
-    # Accepts an array of actions and returns an array of actions which match.
-    # This should be called before "matches?" and other checking methods since they
-    # rely on the actions to be expanded.
-    def expand_actions(actions)
-      expanded_actions[actions] ||= begin
-        expanded = []
-        actions.each do |action|
-          expanded << action
-          if aliases = aliased_actions[action]
-            expanded += expand_actions(aliases)
-          end
+    def extract_rule_in_permissions(permissions_list, rule)
+      expand_actions(rule.actions).each do |action|
+        container = rule.base_behavior ? :can : :cannot
+        rule.subjects.each do |subject|
+          permissions_list[container][action][subject.to_s] += rule.attributes
         end
-        expanded
       end
     end
 
-    def expanded_actions
-      @expanded_actions ||= {}
+    private
+
+    def unauthorized_message_keys(action, subject)
+      subject = (subject.class == Class ? subject : subject.class).name.underscore unless subject.is_a? Symbol
+      aliases = aliases_for_action(action)
+      [subject, :all].product([*aliases, :manage]).map do |try_subject, try_action|
+        :"#{try_action}.#{try_subject}"
+      end
     end
 
     # It translates to an array the subject or the hash with multiple subjects given to can?.
     def extract_subjects(subject)
-      subject = if subject.kind_of?(Hash) && subject.key?(:any)
+      if subject.is_a?(Hash) && subject.key?(:any)
         subject[:any]
       else
         [subject]
       end
     end
 
-    # Given an action, it will try to find all of the actions which are aliased to it.
-    # This does the opposite kind of lookup as expand_actions.
-    def aliases_for_action(action)
-      results = [action]
-      aliased_actions.each do |aliased_action, actions|
-        results += aliases_for_action(aliased_action) if actions.include? action
-      end
-      results
-    end
-
-    def rules
-      @rules ||= []
-    end
-
-    # Returns an array of Rule instances which match the action and subject
-    # This does not take into consideration any hash conditions or block statements
-    def relevant_rules(action, subject)
-      relevant = rules.select do |rule|
-        rule.expanded_actions = expand_actions(rule.actions)
-        rule.relevant? action, subject
-      end
-      relevant.reverse!
-      relevant
-    end
-
-    def relevant_rules_for_match(action, subject)
-      relevant_rules(action, subject).each do |rule|
-        if rule.only_raw_sql?
-          raise Error, "The can? and cannot? call cannot be used with a raw sql 'can' definition. The checking code cannot be determined for #{action.inspect} #{subject.inspect}"
-        end
-      end
-    end
-
-    def relevant_rules_for_query(action, subject)
-      relevant_rules(action, subject).each do |rule|
-        if rule.only_block?
-          raise Error, "The accessible_by call cannot be used with a block 'can' definition. The SQL cannot be determined for #{action.inspect} #{subject.inspect}"
-        end
+    def alternative_subjects(subject)
+      subject = subject.class unless subject.is_a?(Module)
+      if subject.respond_to?(:subclasses) && defined?(ActiveRecord::Base) && subject < ActiveRecord::Base
+        [:all, *(subject.ancestors + subject.subclasses), subject.class.to_s]
+      else
+        [:all, *subject.ancestors, subject.class.to_s]
       end
     end
-
-    def default_alias_actions
-      {
-        :read => [:index, :show],
-        :create => [:new],
-        :update => [:edit],
-      }
-    end
   end
 end

data/lib/cancan/class_matcher.rb

@@ -0,0 +1,30 @@
+require_relative 'sti_detector'
+
+# This class is responsible for matching classes and their subclasses as well as
+# upmatching classes to their ancestors.
+# This is used to generate sti connections
+class SubjectClassMatcher
+  def self.matches_subject_class?(subjects, subject)
+    subjects.any? do |sub|
+      has_subclasses = subject.respond_to?(:subclasses)
+      matching_class_check(subject, sub, has_subclasses)
+    end
+  end
+
+  def self.matching_class_check(subject, sub, has_subclasses)
+    matches = matches_class_or_is_related(subject, sub)
+    if has_subclasses
+      return matches unless StiDetector.sti_class?(sub)
+
+      matches || subject.subclasses.include?(sub)
+    else
+      matches
+    end
+  end
+
+  def self.matches_class_or_is_related(subject, sub)
+    sub.is_a?(Module) && (subject.is_a?(sub) ||
+        subject.class.to_s == sub.to_s ||
+        (subject.is_a?(Module) && subject.ancestors.include?(sub)))
+  end
+end