cancancan 1.11.0 → 2.3.0

data/README.md

@@ -1,188 +0,0 @@
-# CanCanCan
-
-[![Gem Version](https://badge.fury.io/rb/cancancan.svg)](http://badge.fury.io/rb/cancancan)
-[![Travis badge](https://travis-ci.org/CanCanCommunity/cancancan.png?branch=master)](https://travis-ci.org/CanCanCommunity/cancancan)
-[![Code Climate Badge](https://codeclimate.com/github/CanCanCommunity/cancancan.png)](https://codeclimate.com/github/CanCanCommunity/cancancan)
-[![Inch CI](http://inch-ci.org/github/CanCanCommunity/cancancan.png)](http://inch-ci.org/github/CanCanCommunity/cancancan)
-
-[Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | [RDocs](http://rdoc.info/projects/CanCanCommunity/cancancan) | [Screencast](http://railscasts.com/episodes/192-authorization-with-cancan)
-
-CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the `Ability` class) and not duplicated across controllers, views, and database queries.
-
-## Mission
-
-This repo is a continuation of the dead [CanCan](https://github.com/ryanb/cancan) project. Our mission is to keep CanCan alive and moving forward, with maintenance fixes and new features. Pull Requests are welcome!
-
-I am currently focusing on the 1.x branch for the immediate future, making sure it is up to date as well as ensuring compatibility with Rails 4+. I will take a look into the 2.x branch and try to see what improvements, reorganizations and redesigns Ryan was attempting and go forward from there.
-
-Any help is greatly appreciated, feel free to submit pull-requests or open issues.
-
-
-## Installation
-
-In **Rails 3 and 4**, add this to your Gemfile and run the `bundle install` command.
-
-    gem 'cancancan', '~> 1.10'
-
-## Getting Started
-
-CanCanCan expects a `current_user` method to exist in the controller. First, set up some authentication (such as [Authlogic](https://github.com/binarylogic/authlogic) or [Devise](https://github.com/plataformatec/devise)). See [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/changing-defaults) if you need different behavior.
-
-
-### 1. Define Abilities
-
-User permissions are defined in an `Ability` class. CanCan 1.5 includes a Rails 3 and 4 generator for creating this class.
-
-    rails g cancan:ability
-
-In Rails 2.3, just add a new class in `app/models/ability.rb` with the following contents:
-
-```ruby
-class Ability
-  include CanCan::Ability
-
-  def initialize(user)
-  end
-end
-```
-
-See [Defining Abilities](https://github.com/CanCanCommunity/cancancan/wiki/defining-abilities) for details.
-
-
-### 2. Check Abilities & Authorization
-
-The current user's permissions can then be checked using the `can?` and `cannot?` methods in the view and controller.
-
-```erb
-<% if can? :update, @article %>
-  <%= link_to "Edit", edit_article_path(@article) %>
-<% end %>
-```
-
-See [Checking Abilities](https://github.com/CanCanCommunity/cancancan/wiki/checking-abilities) for more information
-
-The `authorize!` method in the controller will raise an exception if the user is not able to perform the given action.
-
-```ruby
-def show
-  @article = Article.find(params[:id])
-  authorize! :read, @article
-end
-```
-
-Setting this for every action can be tedious, therefore the `load_and_authorize_resource` method is provided to automatically authorize all actions in a RESTful style resource controller. It will use a before filter to load the resource into an instance variable and authorize it for every action.
-
-```ruby
-class ArticlesController < ApplicationController
-  load_and_authorize_resource
-
-  def show
-    # @article is already loaded and authorized
-  end
-end
-```
-
-See [Authorizing Controller Actions](https://github.com/CanCanCommunity/cancancan/wiki/authorizing-controller-actions) for more information.
-
-
-#### Strong Parameters
-
-When using `strong_parameters` or Rails 4+, you have to sanitize inputs before saving the record, in actions such as `:create` and `:update`.
-
-By default, CanCan will try to sanitize the input on `:create` and `:update` routes by seeing if your controller will respond to the following methods (in order):
-
-1. `create_params` or `update_params` (depending on the action you are performing)
-2. `<model_name>_params` such as `article_params` (this is the default convention in rails for naming your param method)
-3. `resource_params` (a generically named method you could specify in each controller)
-
-Additionally, `load_and_authorize_resource` can now take a `param_method` option to specify a custom method in the controller to run to sanitize input.
-
-You can associate the `param_method` option with a symbol corresponding to the name of a method that will get called:
-
-```ruby
-class ArticlesController < ApplicationController
-  load_and_authorize_resource param_method: :my_sanitizer
-
-  def create
-    if @article.save
-      # hurray
-    else
-      render :new
-    end
-  end
-
-  private
-
-  def my_sanitizer
-    params.require(:article).permit(:name)
-  end
-end
-```
-
-You can also use a string that will be evaluated in the context of the controller using `instance_eval` and needs to contain valid Ruby code. This does come in handy when using a PermittedParams class as suggested in Railscast 371:
-
-    load_and_authorize_resource param_method: 'permitted_params.article'
-
-Finally, it's possible to associate `param_method` with a Proc object which will be called with the controller as the only argument:
-
-    load_and_authorize_resource param_method: Proc.new { |c| c.params.require(:article).permit(:name) }
-
-See [Strong Parameters](https://github.com/CanCanCommunity/cancancan/wiki/Strong-Parameters) for more information.
-
-### 3. Handle Unauthorized Access
-
-If the user authorization fails, a `CanCan::AccessDenied` exception will be raised. You can catch this and modify its behavior in the `ApplicationController`.
-
-```ruby
-class ApplicationController < ActionController::Base
-  rescue_from CanCan::AccessDenied do |exception|
-    redirect_to root_url, :alert => exception.message
-  end
-end
-```
-
-See [Exception Handling](https://github.com/CanCanCommunity/cancancan/wiki/exception-handling) for more information.
-
-
-### 4. Lock It Down
-
-If you want to ensure authorization happens on every action in your application, add `check_authorization` to your `ApplicationController`.
-
-```ruby
-class ApplicationController < ActionController::Base
-  check_authorization
-end
-```
-
-This will raise an exception if authorization is not performed in an action. If you want to skip this, add `skip_authorization_check` to a controller subclass. See [Ensure Authorization](https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization) for more information.
-
-
-## Wiki Docs
-
-* [Upgrading to 1.6](https://github.com/CanCanCommunity/cancancan/wiki/Upgrading-to-1.6)
-* [Defining Abilities](https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities)
-* [Checking Abilities](https://github.com/CanCanCommunity/cancancan/wiki/Checking-Abilities)
-* [Authorizing Controller Actions](https://github.com/CanCanCommunity/cancancan/wiki/Authorizing-Controller-Actions)
-* [Exception Handling](https://github.com/CanCanCommunity/cancancan/wiki/Exception-Handling)
-* [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/Changing-Defaults)
-* [See more](https://github.com/CanCanCommunity/cancancan/wiki)
-
-## Questions or Problems?
-
-If you have any issues with CanCan which you cannot find the solution to in the [documentation](https://github.com/CanCanCommunity/cancancan/wiki) or our mailing list: http://groups.google.com/group/cancancan, please add an [issue on GitHub](https://github.com/CanCanCommunity/cancancan/issues) or fork the project and send a pull request.
-
-
-## Development
-
-Cancancan uses [appraisals](https://github.com/thoughtbot/appraisal) to test the code base against multiple versions of Rails, as well as the different model adapters.
-
-When first developing, you may need to run `bundle install` and then `appraisal install`, to install the different sets.
-
-You can then run all appraisal files (like CI does), with `appraisal rake` or just run a specific set `appraisal activerecord_3.0 rake`.
-
-See the [CONTRIBUTING](https://github.com/CanCanCommunity/cancancan/blob/develop/CONTRIBUTING.md) and [spec/README](https://github.com/CanCanCommunity/cancancan/blob/master/spec/README.rdoc) for more information.
-
-
-## Special Thanks
-
-CanCan was inspired by [declarative_authorization](https://github.com/stffn/declarative_authorization/) and [aegis](https://github.com/makandra/aegis). Also many thanks to the [CanCan contributors](https://github.com/CanCanCommunity/cancancan/contributors). See the [CHANGELOG](https://github.com/CanCanCommunity/cancancan/blob/master/CHANGELOG.rdoc) for the full list.

data/Rakefile

@@ -1,9 +0,0 @@
-require "bundler/gem_tasks"
-require 'rspec/core/rake_task'
-
-desc "Run RSpec"
-RSpec::Core::RakeTask.new do |t|
-  t.verbose = false
-end
-
-task :default => :spec

data/gemfiles/activerecord_3.0.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 3.0.20", :require => "active_record"
-gem "activesupport", "~> 3.0.20", :require => "active_support/all"
-gem "meta_where"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_3.1.gemfile

@@ -1,20 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 3.1.0", :require => "active_record"
-
-platforms :ruby_18, :ruby_19 do
-  gem "i18n", "< 0.7"
-end
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_3.2.gemfile

@@ -1,20 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 3.2.0", :require => "active_record"
-
-platforms :ruby_18, :ruby_19 do
-  gem "i18n", "< 0.7"
-end
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_4.0.gemfile

@@ -1,17 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 4.0.5", :require => "active_record"
-gem "activesupport", "~> 4.0.5", :require => "active_support/all"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_4.1.gemfile

@@ -1,17 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 4.1.1", :require => "active_record"
-gem "activesupport", "~> 4.1.1", :require => "active_support/all"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_4.2.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 4.2.0", :require => "active_record"
-gem "activesupport", "~> 4.2.0", :require => "active_support/all"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-  gem "pg"
-end
-
-gemspec :path => "../"

data/gemfiles/datamapper_1.x.gemfile

@@ -1,14 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activesupport", "~> 3.0", :require => "active_support/all"
-gem "dm-core", "~> 1.0"
-gem "dm-sqlite-adapter", "~> 1.0"
-gem "dm-migrations", "~> 1.0"
-
-platforms :ruby_18, :ruby_19 do
-  gem "i18n", "< 0.7"
-end
-
-gemspec :path => "../"

data/gemfiles/mongoid_2.x.gemfile

@@ -1,20 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activesupport", "~> 3.0", :require => "active_support/all"
-gem "mongoid", "~> 2.0.0"
-
-platforms :ruby_18, :ruby_19 do
-  gem "i18n", "< 0.7"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "bson_ext", "~> 1.1"
-end
-
-platforms :jruby do
-  gem "mongo", "~> 1.9.2"
-end
-
-gemspec :path => "../"

data/gemfiles/sequel_3.x.gemfile

@@ -1,20 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "sequel", "~> 3.47.0"
-gem "activesupport", "~> 3.0", :require => "active_support/all"
-
-platforms :ruby_18, :ruby_19 do
-  gem "i18n", "< 0.7"
-end
-
-platforms :jruby do
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/lib/cancan/inherited_resource.rb

@@ -1,20 +0,0 @@
-module CanCan
-  # For use with Inherited Resources
-  class InheritedResource < ControllerResource # :nodoc:
-    def load_resource_instance
-      if parent?
-        @controller.send :association_chain
-        @controller.instance_variable_get("@#{instance_name}")
-      elsif new_actions.include? @params[:action].to_sym
-        resource = @controller.send :build_resource
-        assign_attributes(resource)
-      else
-        @controller.send :resource
-      end
-    end
-
-    def resource_base
-      @controller.send :end_of_association_chain
-    end
-  end
-end

data/lib/cancan/model_adapters/active_record_3_adapter.rb

@@ -1,47 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class ActiveRecord3Adapter < AbstractAdapter
-      include ActiveRecordAdapter
-      def self.for_class?(model_class)
-        model_class <= ActiveRecord::Base
-      end
-
-      def self.override_condition_matching?(subject, name, value)
-        name.kind_of?(MetaWhere::Column) if defined? MetaWhere
-      end
-
-      def self.matches_condition?(subject, name, value)
-        subject_value = subject.send(name.column)
-        if name.method.to_s.ends_with? "_any"
-          value.any? { |v| meta_where_match? subject_value, name.method.to_s.sub("_any", ""), v }
-        elsif name.method.to_s.ends_with? "_all"
-          value.all? { |v| meta_where_match? subject_value, name.method.to_s.sub("_all", ""), v }
-        else
-          meta_where_match? subject_value, name.method, value
-        end
-      end
-
-      def self.meta_where_match?(subject_value, method, value)
-        case method.to_sym
-        when :eq      then subject_value == value
-        when :not_eq  then subject_value != value
-        when :in      then value.include?(subject_value)
-        when :not_in  then !value.include?(subject_value)
-        when :lt      then subject_value < value
-        when :lteq    then subject_value <= value
-        when :gt      then subject_value > value
-        when :gteq    then subject_value >= value
-        when :matches then subject_value =~ Regexp.new("^" + Regexp.escape(value).gsub("%", ".*") + "$", true)
-        when :does_not_match then !meta_where_match?(subject_value, :matches, value)
-        else raise NotImplemented, "The #{method} MetaWhere condition is not supported."
-        end
-      end
-
-      private
-
-      def build_relation(*where_conditions)
-        @model_class.where(*where_conditions).includes(joins)
-      end
-    end
-  end
-end

data/lib/cancan/model_adapters/data_mapper_adapter.rb

@@ -1,34 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class DataMapperAdapter < AbstractAdapter
-      def self.for_class?(model_class)
-        model_class <= DataMapper::Resource
-      end
-
-      def self.find(model_class, id)
-        model_class.get(id)
-      end
-
-      def self.override_conditions_hash_matching?(subject, conditions)
-        conditions.any? { |k,v| !k.kind_of?(Symbol) }
-      end
-
-      def self.matches_conditions_hash?(subject, conditions)
-        collection = DataMapper::Collection.new(subject.query, [ subject ])
-        !!collection.first(conditions)
-      end
-
-      def database_records
-        scope = @model_class.all(:conditions => ["0 = 1"])
-        cans, cannots = @rules.partition { |r| r.base_behavior }
-        return scope if cans.empty?
-        # apply unions first, then differences. this mean cannot overrides can
-        cans.each    { |r| scope += @model_class.all(:conditions => r.conditions) }
-        cannots.each { |r| scope -= @model_class.all(:conditions => r.conditions) }
-        scope
-      end
-    end # class DataMapper
-  end # module ModelAdapters
-end # module CanCan
-
-DataMapper::Model.append_extensions(CanCan::ModelAdditions::ClassMethods)

data/lib/cancan/model_adapters/mongoid_adapter.rb

@@ -1,54 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class MongoidAdapter < AbstractAdapter
-      def self.for_class?(model_class)
-        model_class <= Mongoid::Document
-      end
-
-      def self.override_conditions_hash_matching?(subject, conditions)
-        conditions.any? do |k,v|
-          key_is_not_symbol = lambda { !k.kind_of?(Symbol) }
-          subject_value_is_array = lambda do
-            subject.respond_to?(k) && subject.send(k).is_a?(Array)
-          end
-
-          key_is_not_symbol.call || subject_value_is_array.call
-        end
-      end
-
-      def self.matches_conditions_hash?(subject, conditions)
-        # To avoid hitting the db, retrieve the raw Mongo selector from
-        # the Mongoid Criteria and use Mongoid::Matchers#matches?
-        subject.matches?( subject.class.where(conditions).selector )
-      end
-
-      def database_records
-        if @rules.size == 0
-          @model_class.where(:_id => {'$exists' => false, '$type' => 7}) # return no records in Mongoid
-        elsif @rules.size == 1 && @rules[0].conditions.is_a?(Mongoid::Criteria)
-          @rules[0].conditions
-        else
-          # we only need to process can rules if
-          # there are no rules with empty conditions
-          rules = @rules.reject { |rule| rule.conditions.empty? && rule.base_behavior }
-          process_can_rules = @rules.count == rules.count
-
-          rules.inject(@model_class.all) do |records, rule|
-            if process_can_rules && rule.base_behavior
-              records.or rule.conditions
-            elsif !rule.base_behavior
-              records.excludes rule.conditions
-            else
-              records
-            end
-          end
-        end
-      end
-    end
-  end
-end
-
-# simplest way to add `accessible_by` to all Mongoid Documents
-module Mongoid::Document::ClassMethods
-  include CanCan::ModelAdditions::ClassMethods
-end

data/lib/cancan/model_adapters/sequel_adapter.rb

@@ -1,87 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class SequelAdapter < AbstractAdapter
-      def self.for_class?(model_class)
-        model_class <= Sequel::Model
-      end
-
-      def self.find(model_class, id)
-        model_class[id]
-      end
-
-      def self.override_condition_matching?(subject, name, value)
-        value.kind_of?(Hash)
-      end
-
-      def self.matches_condition?(subject, name, value)
-        obj = subject.send(name)
-        if obj.nil?
-          false
-        else
-          value.each do |k, v|
-            if v.kind_of?(Hash)
-              return false unless self.matches_condition?(obj, k, v)
-            elsif obj.send(k) != v
-              return false
-            end
-          end
-        end
-      end
-
-      def database_records
-        if @rules.size == 0
-          @model_class.where('1=0')
-        else
-          # only need to process can rules if there are no can rule with empty conditions
-          rules = @rules.reject { |rule| rule.base_behavior && rule.conditions.empty? }
-          rules.reject! { |rule| rule.base_behavior } if rules.count < @rules.count
-
-          can_condition_added = false
-          rules.reverse.inject(@model_class.dataset) do |records, rule|
-            normalized_conditions = normalize_conditions(rule.conditions)
-            if rule.base_behavior
-              if can_condition_added
-                records.or normalized_conditions
-              else
-                can_condition_added = true
-                records.where normalized_conditions
-              end
-            else
-              records.exclude normalized_conditions
-            end
-          end
-        end
-      end
-
-      private
-
-      def normalize_conditions(conditions, model_class = @model_class)
-        return conditions unless conditions.kind_of? Hash
-        conditions.inject({}) do |result_hash, (name, value)|
-          if value.kind_of? Hash
-            value = value.dup
-            association_class = model_class.association_reflection(name).associated_class
-            nested = value.inject({}) do |nested, (k, v)|
-              if v.kind_of?(Hash)
-                value.delete(k)
-                nested_class = association_class.association_reflection(k).associated_class
-                nested[k] = nested_class.where(normalize_conditions(v, association_class))
-              else
-                nested[k] = v
-              end
-              nested
-            end
-            result_hash[name] = association_class.where(nested)
-          else
-            result_hash[name] = value
-          end
-          result_hash
-        end
-      end
-    end
-  end
-end
-
-Sequel::Model.class_eval do
-  include CanCan::ModelAdditions
-end

data/spec/README.rdoc

@@ -1,27 +0,0 @@
-= CanCan Specs
-
-== Running the specs
-
-To run the specs first run the +bundle+ command to install the necessary gems and the +rake+ command to run the specs.
-
-  bundle
-
-Then run the appraisal command to install all the necessary test sets:
-
-  appraisal install
-
-You can then run all test sets:
-
-  appraisal rake
-
-Or individual ones:
-
-  appraisal rails_3.0 rake
-
-A list of the tests is in the +Appraisal+ file.
-
-The specs support Ruby 1.8.7+
-
-== Model Adapters
-
-The model adapter ENV setting has been removed and replaced with the +Appraisal+ file.