cancancan 1.10.1 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +7 -0
- data/CHANGELOG.rdoc +3 -0
- data/README.md +6 -15
- data/cancancan.gemspec +1 -0
- data/lib/cancan/controller_resource.rb +17 -14
- data/lib/cancan/version.rb +1 -1
- data/spec/cancan/controller_resource_spec.rb +10 -26
- data/spec/spec_helper.rb +1 -0
- metadata +17 -30
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 31c960036e585081371697da5c478888f7f5f03d
|
|
4
|
+
data.tar.gz: c0ecbe3789eae4ec649037153b750749bc5c6279
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3bf8dcc830c31f9b2b0658dd25f3995358d7ef2150a054a85646b766eb1e202c1c949a75ef618bdb0f772a8b5d9a10a3b35c9c392865092e1761f2a1693237cd
|
|
7
|
+
data.tar.gz: 7eebcdd0f7a211f958279848dde7a076f2a9c048f110096ecf939bd85731750dda57a5e6b50589fbe1c3708b107117f047049bdce651756955a23fad9a247c58
|
data/.travis.yml
CHANGED
|
@@ -4,6 +4,7 @@ rvm:
|
|
|
4
4
|
- 1.9.3
|
|
5
5
|
- 2.0.0
|
|
6
6
|
- 2.1.0
|
|
7
|
+
- 2.2.0
|
|
7
8
|
- ree
|
|
8
9
|
- jruby
|
|
9
10
|
- rbx
|
|
@@ -37,6 +38,12 @@ matrix:
|
|
|
37
38
|
gemfile: gemfiles/activerecord_4.1.gemfile
|
|
38
39
|
- rvm: 1.9.2
|
|
39
40
|
gemfile: gemfiles/activerecord_4.2.gemfile
|
|
41
|
+
- rvm: 2.2.0
|
|
42
|
+
gemfile: gemfiles/activerecord_3.0.gemfile
|
|
43
|
+
- rvm: 2.2.0
|
|
44
|
+
gemfile: gemfiles/activerecord_3.1.gemfile
|
|
45
|
+
- rvm: 2.2.0
|
|
46
|
+
gemfile: gemfiles/activerecord_3.2.gemfile
|
|
40
47
|
- rvm: ree
|
|
41
48
|
gemfile: gemfiles/activerecord_4.0.gemfile
|
|
42
49
|
- rvm: ree
|
data/CHANGELOG.rdoc
CHANGED
data/README.md
CHANGED
|
@@ -5,11 +5,10 @@
|
|
|
5
5
|
[](https://codeclimate.com/github/CanCanCommunity/cancancan)
|
|
6
6
|
[](http://inch-ci.org/github/CanCanCommunity/cancancan)
|
|
7
7
|
|
|
8
|
-
[Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | [RDocs](http://rdoc.info/projects/CanCanCommunity/
|
|
8
|
+
[Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | [RDocs](http://rdoc.info/projects/CanCanCommunity/cancancan) | [Screencast](http://railscasts.com/episodes/192-authorization-with-cancan)
|
|
9
9
|
|
|
10
10
|
CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the `Ability` class) and not duplicated across controllers, views, and database queries.
|
|
11
11
|
|
|
12
|
-
|
|
13
12
|
## Mission
|
|
14
13
|
|
|
15
14
|
This repo is a continuation of the dead [CanCan](https://github.com/ryanb/cancan) project. Our mission is to keep CanCan alive and moving forward, with maintenance fixes and new features. Pull Requests are welcome!
|
|
@@ -25,14 +24,6 @@ In **Rails 3 and 4**, add this to your Gemfile and run the `bundle install` comm
|
|
|
25
24
|
|
|
26
25
|
gem 'cancancan', '~> 1.10'
|
|
27
26
|
|
|
28
|
-
In **Rails 2**, add this to your environment.rb file.
|
|
29
|
-
|
|
30
|
-
config.gem "cancancan"
|
|
31
|
-
|
|
32
|
-
Alternatively, you can install it as a plugin.
|
|
33
|
-
|
|
34
|
-
rails plugin install git://github.com/CanCanCommunity/cancancan.git
|
|
35
|
-
|
|
36
27
|
## Getting Started
|
|
37
28
|
|
|
38
29
|
CanCanCan expects a `current_user` method to exist in the controller. First, set up some authentication (such as [Authlogic](https://github.com/binarylogic/authlogic) or [Devise](https://github.com/plataformatec/devise)). See [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/changing-defaults) if you need different behavior.
|
|
@@ -100,9 +91,9 @@ When using `strong_parameters` or Rails 4+, you have to sanitize inputs before s
|
|
|
100
91
|
|
|
101
92
|
By default, CanCan will try to sanitize the input on `:create` and `:update` routes by seeing if your controller will respond to the following methods (in order):
|
|
102
93
|
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
94
|
+
1. `create_params` or `update_params` (depending on the action you are performing)
|
|
95
|
+
2. `<model_name>_params` such as `article_params` (this is the default convention in rails for naming your param method)
|
|
96
|
+
3. `resource_params` (a generically named method you could specify in each controller)
|
|
106
97
|
|
|
107
98
|
Additionally, `load_and_authorize_resource` can now take a `param_method` option to specify a custom method in the controller to run to sanitize input.
|
|
108
99
|
|
|
@@ -163,7 +154,7 @@ class ApplicationController < ActionController::Base
|
|
|
163
154
|
end
|
|
164
155
|
```
|
|
165
156
|
|
|
166
|
-
This will raise an exception if authorization is not performed in an action. If you want to skip this add `skip_authorization_check` to a controller subclass. See [Ensure Authorization](https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization) for more information.
|
|
157
|
+
This will raise an exception if authorization is not performed in an action. If you want to skip this, add `skip_authorization_check` to a controller subclass. See [Ensure Authorization](https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization) for more information.
|
|
167
158
|
|
|
168
159
|
|
|
169
160
|
## Wiki Docs
|
|
@@ -183,7 +174,7 @@ If you have any issues with CanCan which you cannot find the solution to in the
|
|
|
183
174
|
|
|
184
175
|
## Development
|
|
185
176
|
|
|
186
|
-
Cancancan uses [appraisals](https://github.com/thoughtbot/appraisal) to test the code base against multiple versions of
|
|
177
|
+
Cancancan uses [appraisals](https://github.com/thoughtbot/appraisal) to test the code base against multiple versions of Rails, as well as the different model adapters.
|
|
187
178
|
|
|
188
179
|
When first developing, you may need to run `bundle install` and then `appraisal install`, to install the different sets.
|
|
189
180
|
|
data/cancancan.gemspec
CHANGED
|
@@ -26,6 +26,7 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
s.add_development_dependency 'rake', '~> 10.1.1'
|
|
27
27
|
s.add_development_dependency 'rspec', '~> 3.0.0'
|
|
28
28
|
s.add_development_dependency 'appraisal', '>= 1.0.0'
|
|
29
|
+
s.add_development_dependency 'pry', '~> 0.10.0'
|
|
29
30
|
|
|
30
31
|
s.rubyforge_project = s.name
|
|
31
32
|
end
|
|
@@ -46,17 +46,12 @@ module CanCan
|
|
|
46
46
|
@options.has_key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
def skip?(behavior)
|
|
50
|
-
options = @controller.class.cancan_skipper[behavior][@name]
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
elsif options[:except] && ![options[:except]].flatten.include?(@params[:action].to_sym)
|
|
56
|
-
true
|
|
57
|
-
elsif [options[:only]].flatten.include?(@params[:action].to_sym)
|
|
58
|
-
true
|
|
59
|
-
end
|
|
49
|
+
def skip?(behavior)
|
|
50
|
+
return false unless options = @controller.class.cancan_skipper[behavior][@name]
|
|
51
|
+
|
|
52
|
+
options == {} ||
|
|
53
|
+
options[:except] && !action_exists_in?(options[:except]) ||
|
|
54
|
+
action_exists_in?(options[:only])
|
|
60
55
|
end
|
|
61
56
|
|
|
62
57
|
protected
|
|
@@ -123,7 +118,11 @@ module CanCan
|
|
|
123
118
|
end
|
|
124
119
|
|
|
125
120
|
def authorization_action
|
|
126
|
-
parent? ?
|
|
121
|
+
parent? ? parent_authorization_action : @params[:action].to_sym
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def parent_authorization_action
|
|
125
|
+
@options[:parent_action] || :show
|
|
127
126
|
end
|
|
128
127
|
|
|
129
128
|
def id_param
|
|
@@ -259,7 +258,7 @@ module CanCan
|
|
|
259
258
|
end
|
|
260
259
|
|
|
261
260
|
def namespace
|
|
262
|
-
@params[:controller].split(
|
|
261
|
+
@params[:controller].split('/')[0..-2]
|
|
263
262
|
end
|
|
264
263
|
|
|
265
264
|
def namespaced_name
|
|
@@ -269,7 +268,7 @@ module CanCan
|
|
|
269
268
|
end
|
|
270
269
|
|
|
271
270
|
def name_from_controller
|
|
272
|
-
@params[:controller].
|
|
271
|
+
@params[:controller].split('/').last.singularize
|
|
273
272
|
end
|
|
274
273
|
|
|
275
274
|
def instance_name
|
|
@@ -290,6 +289,10 @@ module CanCan
|
|
|
290
289
|
|
|
291
290
|
private
|
|
292
291
|
|
|
292
|
+
def action_exists_in?(options)
|
|
293
|
+
Array(options).include?(@params[:action].to_sym)
|
|
294
|
+
end
|
|
295
|
+
|
|
293
296
|
def extract_key(value)
|
|
294
297
|
value.to_s.underscore.gsub('/', '_')
|
|
295
298
|
end
|
data/lib/cancan/version.rb
CHANGED
|
@@ -72,7 +72,7 @@ describe CanCan::ControllerResource do
|
|
|
72
72
|
class Model < ::Model; end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
params.merge!(:controller => "
|
|
75
|
+
params.merge!(:controller => "my_engine/models", :my_engine_model => {:name => "foobar"})
|
|
76
76
|
resource = CanCan::ControllerResource.new(controller)
|
|
77
77
|
resource.load_resource
|
|
78
78
|
expect(controller.instance_variable_get(:@model).name).to eq("foobar")
|
|
@@ -97,7 +97,7 @@ describe CanCan::ControllerResource do
|
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
it "builds a new resource for namespaced controller and namespaced model with hash if params[:id] is not specified" do
|
|
100
|
-
params.merge!(:controller => "
|
|
100
|
+
params.merge!(:controller => "admin/sub_models", 'sub_model' => {:name => "foobar"})
|
|
101
101
|
resource = CanCan::ControllerResource.new(controller, :class => Model)
|
|
102
102
|
resource.load_resource
|
|
103
103
|
expect(controller.instance_variable_get(:@sub_model).name).to eq("foobar")
|
|
@@ -231,6 +231,14 @@ describe CanCan::ControllerResource do
|
|
|
231
231
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
232
232
|
end
|
|
233
233
|
|
|
234
|
+
it "authorizes with :custom_action for parent collection action" do
|
|
235
|
+
controller.instance_variable_set(:@category, :some_category)
|
|
236
|
+
allow(controller).to receive(:authorize!).with(:custom_action, :some_category) { raise CanCan::AccessDenied }
|
|
237
|
+
|
|
238
|
+
resource = CanCan::ControllerResource.new(controller, :category, :parent => true, :parent_action => :custom_action )
|
|
239
|
+
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
240
|
+
end
|
|
241
|
+
|
|
234
242
|
it "has the specified nested resource_class when using / for namespace" do
|
|
235
243
|
module Admin
|
|
236
244
|
class Dashboard; end
|
|
@@ -307,30 +315,6 @@ describe CanCan::ControllerResource do
|
|
|
307
315
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
308
316
|
end
|
|
309
317
|
|
|
310
|
-
it "attempts to load a resource with the same namespace as the controller when using :: for namespace" do
|
|
311
|
-
module MyEngine
|
|
312
|
-
class Model < ::Model; end
|
|
313
|
-
end
|
|
314
|
-
|
|
315
|
-
model = MyEngine::Model.new
|
|
316
|
-
allow(MyEngine::Model).to receive(:find).with("123") { model }
|
|
317
|
-
|
|
318
|
-
params.merge!(:controller => "MyEngine::ModelsController")
|
|
319
|
-
resource = CanCan::ControllerResource.new(controller)
|
|
320
|
-
resource.load_resource
|
|
321
|
-
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
322
|
-
end
|
|
323
|
-
|
|
324
|
-
it "loads resource for namespaced controller when using '::' for namespace" do
|
|
325
|
-
model = Model.new
|
|
326
|
-
allow(Model).to receive(:find).with("123") { model }
|
|
327
|
-
|
|
328
|
-
params.merge!(:controller => "Admin::ModelsController")
|
|
329
|
-
resource = CanCan::ControllerResource.new(controller)
|
|
330
|
-
resource.load_resource
|
|
331
|
-
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
332
|
-
end
|
|
333
|
-
|
|
334
318
|
it "performs authorization using controller action and loaded model" do
|
|
335
319
|
controller.instance_variable_set(:@model, :some_model)
|
|
336
320
|
allow(controller).to receive(:authorize!).with(:show, :some_model) { raise CanCan::AccessDenied }
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cancancan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bryan Rite
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-06-16 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -67,6 +67,20 @@ dependencies:
|
|
|
67
67
|
- - ">="
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
69
|
version: 1.0.0
|
|
70
|
+
- !ruby/object:Gem::Dependency
|
|
71
|
+
name: pry
|
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
|
73
|
+
requirements:
|
|
74
|
+
- - "~>"
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: 0.10.0
|
|
77
|
+
type: :development
|
|
78
|
+
prerelease: false
|
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
80
|
+
requirements:
|
|
81
|
+
- - "~>"
|
|
82
|
+
- !ruby/object:Gem::Version
|
|
83
|
+
version: 0.10.0
|
|
70
84
|
description: Continuation of the simple authorization solution for Rails which is
|
|
71
85
|
decoupled from user roles. All permissions are stored in a single location.
|
|
72
86
|
email: bryan@bryanrite.com
|
|
@@ -155,36 +169,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
155
169
|
version: 1.3.4
|
|
156
170
|
requirements: []
|
|
157
171
|
rubyforge_project: cancancan
|
|
158
|
-
rubygems_version: 2.4.
|
|
172
|
+
rubygems_version: 2.4.5
|
|
159
173
|
signing_key:
|
|
160
174
|
specification_version: 4
|
|
161
175
|
summary: Simple authorization solution for Rails.
|
|
162
176
|
test_files:
|
|
163
177
|
- Appraisals
|
|
164
|
-
- gemfiles/activerecord_3.0.gemfile
|
|
165
|
-
- gemfiles/activerecord_3.1.gemfile
|
|
166
|
-
- gemfiles/activerecord_3.2.gemfile
|
|
167
|
-
- gemfiles/activerecord_4.0.gemfile
|
|
168
|
-
- gemfiles/activerecord_4.1.gemfile
|
|
169
|
-
- gemfiles/activerecord_4.2.gemfile
|
|
170
|
-
- gemfiles/datamapper_1.x.gemfile
|
|
171
|
-
- gemfiles/mongoid_2.x.gemfile
|
|
172
|
-
- gemfiles/sequel_3.x.gemfile
|
|
173
|
-
- spec/README.rdoc
|
|
174
|
-
- spec/cancan/ability_spec.rb
|
|
175
|
-
- spec/cancan/controller_additions_spec.rb
|
|
176
|
-
- spec/cancan/controller_resource_spec.rb
|
|
177
|
-
- spec/cancan/exceptions_spec.rb
|
|
178
|
-
- spec/cancan/inherited_resource_spec.rb
|
|
179
|
-
- spec/cancan/matchers_spec.rb
|
|
180
|
-
- spec/cancan/model_adapters/active_record_4_adapter_spec.rb
|
|
181
|
-
- spec/cancan/model_adapters/active_record_adapter_spec.rb
|
|
182
|
-
- spec/cancan/model_adapters/data_mapper_adapter_spec.rb
|
|
183
|
-
- spec/cancan/model_adapters/default_adapter_spec.rb
|
|
184
|
-
- spec/cancan/model_adapters/mongoid_adapter_spec.rb
|
|
185
|
-
- spec/cancan/model_adapters/sequel_adapter_spec.rb
|
|
186
|
-
- spec/cancan/rule_spec.rb
|
|
187
|
-
- spec/matchers.rb
|
|
188
|
-
- spec/spec.opts
|
|
189
|
-
- spec/spec_helper.rb
|
|
190
|
-
- spec/support/ability.rb
|