cancancan 1.13.1 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +5 -5
  2. data/cancancan.gemspec +18 -18
  3. data/init.rb +2 -0
  4. data/lib/cancan.rb +9 -11
  5. data/lib/cancan/ability.rb +93 -194
  6. data/lib/cancan/ability/actions.rb +93 -0
  7. data/lib/cancan/ability/rules.rb +93 -0
  8. data/lib/cancan/ability/strong_parameter_support.rb +41 -0
  9. data/lib/cancan/conditions_matcher.rb +106 -0
  10. data/lib/cancan/controller_additions.rb +38 -41
  11. data/lib/cancan/controller_resource.rb +52 -211
  12. data/lib/cancan/controller_resource_builder.rb +26 -0
  13. data/lib/cancan/controller_resource_finder.rb +42 -0
  14. data/lib/cancan/controller_resource_loader.rb +120 -0
  15. data/lib/cancan/controller_resource_name_finder.rb +23 -0
  16. data/lib/cancan/controller_resource_sanitizer.rb +32 -0
  17. data/lib/cancan/exceptions.rb +17 -5
  18. data/lib/cancan/matchers.rb +12 -3
  19. data/lib/cancan/model_adapters/abstract_adapter.rb +10 -8
  20. data/lib/cancan/model_adapters/active_record_4_adapter.rb +39 -13
  21. data/lib/cancan/model_adapters/active_record_5_adapter.rb +68 -0
  22. data/lib/cancan/model_adapters/active_record_adapter.rb +77 -82
  23. data/lib/cancan/model_adapters/conditions_extractor.rb +75 -0
  24. data/lib/cancan/model_adapters/conditions_normalizer.rb +49 -0
  25. data/lib/cancan/model_adapters/default_adapter.rb +2 -0
  26. data/lib/cancan/model_additions.rb +2 -1
  27. data/lib/cancan/parameter_validators.rb +9 -0
  28. data/lib/cancan/relevant.rb +29 -0
  29. data/lib/cancan/rule.rb +76 -105
  30. data/lib/cancan/rules_compressor.rb +23 -0
  31. data/lib/cancan/unauthorized_message_resolver.rb +24 -0
  32. data/lib/cancan/version.rb +3 -1
  33. data/lib/cancancan.rb +2 -0
  34. data/lib/generators/cancan/ability/ability_generator.rb +4 -2
  35. data/lib/generators/cancan/ability/templates/ability.rb +2 -0
  36. metadata +66 -56
  37. data/.gitignore +0 -15
  38. data/.rspec +0 -1
  39. data/.travis.yml +0 -28
  40. data/Appraisals +0 -81
  41. data/CHANGELOG.rdoc +0 -518
  42. data/CONTRIBUTING.md +0 -23
  43. data/Gemfile +0 -3
  44. data/LICENSE +0 -22
  45. data/README.md +0 -214
  46. data/Rakefile +0 -9
  47. data/gemfiles/activerecord_3.2.gemfile +0 -16
  48. data/gemfiles/activerecord_4.0.gemfile +0 -17
  49. data/gemfiles/activerecord_4.1.gemfile +0 -17
  50. data/gemfiles/activerecord_4.2.gemfile +0 -18
  51. data/gemfiles/mongoid_2.x.gemfile +0 -16
  52. data/gemfiles/sequel_3.x.gemfile +0 -16
  53. data/lib/cancan/inherited_resource.rb +0 -20
  54. data/lib/cancan/model_adapters/active_record_3_adapter.rb +0 -16
  55. data/lib/cancan/model_adapters/mongoid_adapter.rb +0 -54
  56. data/lib/cancan/model_adapters/sequel_adapter.rb +0 -87
  57. data/spec/README.rdoc +0 -27
  58. data/spec/cancan/ability_spec.rb +0 -521
  59. data/spec/cancan/controller_additions_spec.rb +0 -141
  60. data/spec/cancan/controller_resource_spec.rb +0 -632
  61. data/spec/cancan/exceptions_spec.rb +0 -58
  62. data/spec/cancan/inherited_resource_spec.rb +0 -71
  63. data/spec/cancan/matchers_spec.rb +0 -29
  64. data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb +0 -85
  65. data/spec/cancan/model_adapters/active_record_adapter_spec.rb +0 -384
  66. data/spec/cancan/model_adapters/default_adapter_spec.rb +0 -7
  67. data/spec/cancan/model_adapters/mongoid_adapter_spec.rb +0 -227
  68. data/spec/cancan/model_adapters/sequel_adapter_spec.rb +0 -132
  69. data/spec/cancan/rule_spec.rb +0 -52
  70. data/spec/matchers.rb +0 -13
  71. data/spec/spec.opts +0 -2
  72. data/spec/spec_helper.rb +0 -27
  73. data/spec/support/ability.rb +0 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 59a95c6a9629c67f5004699cdbb205108d814ad5
4
- data.tar.gz: 4f9cd96fcf1d2a3519b07605619240403b6b33eb
2
+ SHA256:
3
+ metadata.gz: 81afd3cec5dc78c4e4d9d14719482ae589ed43bf336cc1b4f9e5681dea56b99d
4
+ data.tar.gz: fd23ce69481f9daf4b227b61e4e7e236abcd40d7b5f0dd01f70ca20a3706fae3
5
5
  SHA512:
6
- metadata.gz: da1ce9db915cc5305d31d88c0c8f437088ceeab1f2b744a3a258923d59b6da743dd86a643a39c4602afe313c13cb39f1361d220144086a05913c41f5398428ed
7
- data.tar.gz: 09c524f8d9928aa7029a9814fae9d45dcd8bf27ecf52f756cbafd02a716bc599f0ab12b4a3fdb37a71aa7ab5893b734b313989f1450a5d3792b77c9abdf7890a
6
+ metadata.gz: 04ee2bfead0ce01e0bdc64e69fae219c221495c30950542323fc5e3d91e250e9a679863546c09db9f3a71a647cb414510bcbb92db41309d9b0b2d04f7d2a1b0e
7
+ data.tar.gz: 79b4b11ef02ca50417c4e441dd8586569ed86caa4d3216fc54e1713bd09071e544b529db0babd429dd14b0efc90f59f2dfbd8a8d101a9e4d4332908f0487115b
@@ -1,28 +1,28 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
3
4
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
5
  require 'cancan/version'
5
6
 
6
7
  Gem::Specification.new do |s|
7
- s.name = "cancancan"
8
+ s.name = 'cancancan'
8
9
  s.version = CanCan::VERSION
9
- s.authors = ["Bryan Rite", "Ryan Bates", "Richard Wilson"]
10
- s.email = "r.crawfordwilson@gmail.com"
11
- s.homepage = "https://github.com/CanCanCommunity/cancancan"
12
- s.summary = "Simple authorization solution for Rails."
13
- s.description = "Continuation of the simple authorization solution for Rails which is decoupled from user roles. All permissions are stored in a single location."
10
+ s.authors = ['Alessandro Rodi (Renuo AG)', 'Bryan Rite', 'Ryan Bates', 'Richard Wilson']
11
+ s.email = 'alessandro.rodi@renuo.ch'
12
+ s.homepage = 'https://github.com/CanCanCommunity/cancancan'
13
+ s.summary = 'Simple authorization solution for Rails.'
14
+ s.description = 'Simple authorization solution for Rails. All permissions are stored in a single location.'
14
15
  s.platform = Gem::Platform::RUBY
15
- s.license = "MIT"
16
+ s.license = 'MIT'
16
17
 
17
- s.files = `git ls-files`.split($/)
18
- s.test_files = `git ls-files -- Appraisals {spec,features,gemfiles}/*`.split($/)
19
- s.executables = `git ls-files -- bin/*`.split($/).map{ |f| File.basename(f) }
20
- s.require_paths = ["lib"]
18
+ s.files = `git ls-files lib init.rb cancancan.gemspec`.split($INPUT_RECORD_SEPARATOR)
19
+ s.require_paths = ['lib']
21
20
 
22
- s.required_ruby_version = ">= 2.0.0"
21
+ s.required_ruby_version = '>= 2.2.0'
23
22
 
24
- s.add_development_dependency 'bundler', '~> 1.3'
25
- s.add_development_dependency 'rake', '~> 10.1.1'
26
- s.add_development_dependency 'rspec', '~> 3.2.0'
27
- s.add_development_dependency 'appraisal', '>= 2.0.0'
23
+ s.add_development_dependency 'appraisal', '~> 2.0', '>= 2.0.0'
24
+ s.add_development_dependency 'bundler', '~> 2.0'
25
+ s.add_development_dependency 'rake', '~> 10.1', '>= 10.1.1'
26
+ s.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
27
+ s.add_development_dependency 'rubocop', '~> 0.63.1'
28
28
  end
data/init.rb CHANGED
@@ -1 +1,3 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'cancan'
@@ -1,24 +1,22 @@
1
- require "cancan/version"
1
+ # frozen_string_literal: true
2
+
3
+ require 'cancan/version'
4
+ require 'cancan/parameter_validators'
2
5
  require 'cancan/ability'
3
6
  require 'cancan/rule'
4
7
  require 'cancan/controller_resource'
5
8
  require 'cancan/controller_additions'
6
9
  require 'cancan/model_additions'
7
10
  require 'cancan/exceptions'
8
- require 'cancan/inherited_resource'
9
11
 
10
12
  require 'cancan/model_adapters/abstract_adapter'
11
13
  require 'cancan/model_adapters/default_adapter'
14
+ require 'cancan/rules_compressor'
12
15
 
13
16
  if defined? ActiveRecord
17
+ require 'cancan/model_adapters/conditions_extractor'
18
+ require 'cancan/model_adapters/conditions_normalizer'
14
19
  require 'cancan/model_adapters/active_record_adapter'
15
- if ActiveRecord.respond_to?(:version) &&
16
- ActiveRecord.version >= Gem::Version.new("4")
17
- require 'cancan/model_adapters/active_record_4_adapter'
18
- else
19
- require 'cancan/model_adapters/active_record_3_adapter'
20
- end
20
+ require 'cancan/model_adapters/active_record_4_adapter'
21
+ require 'cancan/model_adapters/active_record_5_adapter'
21
22
  end
22
-
23
- require 'cancan/model_adapters/mongoid_adapter' if defined?(Mongoid) && defined?(Mongoid::Document)
24
- require 'cancan/model_adapters/sequel_adapter' if defined? Sequel
@@ -1,5 +1,11 @@
1
- module CanCan
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'ability/rules.rb'
4
+ require_relative 'ability/actions.rb'
5
+ require_relative 'unauthorized_message_resolver.rb'
6
+ require_relative 'ability/strong_parameter_support'
2
7
 
8
+ module CanCan
3
9
  # This module is designed to be included into an Ability class. This will
4
10
  # provide the "can" methods for defining and checking abilities.
5
11
  #
@@ -16,6 +22,11 @@ module CanCan
16
22
  # end
17
23
  #
18
24
  module Ability
25
+ include CanCan::Ability::Rules
26
+ include CanCan::Ability::Actions
27
+ include CanCan::UnauthorizedMessageResolver
28
+ include StrongParameterSupport
29
+
19
30
  # Check if the user has permission to perform a given action on an object.
20
31
  #
21
32
  # can? :destroy, @project
@@ -60,17 +71,15 @@ module CanCan
60
71
  # end
61
72
  #
62
73
  # Also see the RSpec Matchers to aid in testing.
63
- def can?(action, subject, *extra_args)
64
- subject = extract_subjects(subject)
65
-
66
- match = subject.map do |subject|
67
- relevant_rules_for_match(action, subject).detect do |rule|
68
- rule.matches_conditions?(action, subject, extra_args)
74
+ def can?(action, subject, attribute = nil, *extra_args)
75
+ match = extract_subjects(subject).lazy.map do |a_subject|
76
+ relevant_rules_for_match(action, a_subject).detect do |rule|
77
+ rule.matches_conditions?(action, a_subject, attribute, *extra_args) && rule.matches_attributes?(attribute)
69
78
  end
70
- end.compact.first
71
-
79
+ end.reject(&:nil?).first
72
80
  match ? match.base_behavior : false
73
81
  end
82
+
74
83
  # Convenience method which works the same as "can?" but returns the opposite value.
75
84
  #
76
85
  # cannot? :destroy, @project
@@ -132,8 +141,8 @@ module CanCan
132
141
  # # check the database and return true/false
133
142
  # end
134
143
  #
135
- def can(action = nil, subject = nil, conditions = nil, &block)
136
- add_rule(Rule.new(true, action, subject, conditions, block))
144
+ def can(action = nil, subject = nil, *attributes_and_conditions, &block)
145
+ add_rule(Rule.new(true, action, subject, *attributes_and_conditions, &block))
137
146
  end
138
147
 
139
148
  # Defines an ability which cannot be done. Accepts the same arguments as "can".
@@ -148,59 +157,14 @@ module CanCan
148
157
  # product.invisible?
149
158
  # end
150
159
  #
151
- def cannot(action = nil, subject = nil, conditions = nil, &block)
152
- add_rule(Rule.new(false, action, subject, conditions, block))
153
- end
154
-
155
- # Alias one or more actions into another one.
156
- #
157
- # alias_action :update, :destroy, :to => :modify
158
- # can :modify, Comment
159
- #
160
- # Then :modify permission will apply to both :update and :destroy requests.
161
- #
162
- # can? :update, Comment # => true
163
- # can? :destroy, Comment # => true
164
- #
165
- # This only works in one direction. Passing the aliased action into the "can?" call
166
- # will not work because aliases are meant to generate more generic actions.
167
- #
168
- # alias_action :update, :destroy, :to => :modify
169
- # can :update, Comment
170
- # can? :modify, Comment # => false
171
- #
172
- # Unless that exact alias is used.
173
- #
174
- # can :modify, Comment
175
- # can? :modify, Comment # => true
176
- #
177
- # The following aliases are added by default for conveniently mapping common controller actions.
178
- #
179
- # alias_action :index, :show, :to => :read
180
- # alias_action :new, :to => :create
181
- # alias_action :edit, :to => :update
182
- #
183
- # This way one can use params[:action] in the controller to determine the permission.
184
- def alias_action(*args)
185
- target = args.pop[:to]
186
- validate_target(target)
187
- aliased_actions[target] ||= []
188
- aliased_actions[target] += args
160
+ def cannot(action = nil, subject = nil, *attributes_and_conditions, &block)
161
+ add_rule(Rule.new(false, action, subject, *attributes_and_conditions, &block))
189
162
  end
190
163
 
191
164
  # User shouldn't specify targets with names of real actions or it will cause Seg fault
192
165
  def validate_target(target)
193
- raise Error, "You can't specify target (#{target}) as alias because it is real action name" if aliased_actions.values.flatten.include? target
194
- end
195
-
196
- # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
197
- def aliased_actions
198
- @aliased_actions ||= default_alias_actions
199
- end
200
-
201
- # Removes previously aliased actions including the defaults.
202
- def clear_aliased_actions
203
- @aliased_actions = {}
166
+ error_message = "You can't specify target (#{target}) as alias because it is real action name"
167
+ raise Error, error_message if aliased_actions.values.flatten.include? target
204
168
  end
205
169
 
206
170
  def model_adapter(model_class, action)
@@ -210,25 +174,14 @@ module CanCan
210
174
 
211
175
  # See ControllerAdditions#authorize! for documentation.
212
176
  def authorize!(action, subject, *args)
213
- message = nil
214
- if args.last.kind_of?(Hash) && args.last.has_key?(:message)
215
- message = args.pop[:message]
216
- end
177
+ message = args.last.is_a?(Hash) && args.last.key?(:message) ? args.pop[:message] : nil
217
178
  if cannot?(action, subject, *args)
218
179
  message ||= unauthorized_message(action, subject)
219
- raise AccessDenied.new(message, action, subject)
180
+ raise AccessDenied.new(message, action, subject, args)
220
181
  end
221
182
  subject
222
183
  end
223
184
 
224
- def unauthorized_message(action, subject)
225
- keys = unauthorized_message_keys(action, subject)
226
- variables = {:action => action.to_s}
227
- variables[:subject] = (subject.class == Class ? subject : subject.class).to_s.underscore.humanize.downcase
228
- message = I18n.translate(nil, variables.merge(:scope => :unauthorized, :default => keys + [""]))
229
- message.blank? ? nil : message
230
- end
231
-
232
185
  def attributes_for(action, subject)
233
186
  attributes = {}
234
187
  relevant_rules(action, subject).map do |rule|
@@ -245,10 +198,58 @@ module CanCan
245
198
  relevant_rules(action, subject).any?(&:only_raw_sql?)
246
199
  end
247
200
 
201
+ # Copies all rules and aliased actions of the given +CanCan::Ability+ and adds them to +self+.
202
+ # class ReadAbility
203
+ # include CanCan::Ability
204
+ #
205
+ # def initialize
206
+ # can :read, User
207
+ # alias_action :show, :index, to: :see
208
+ # end
209
+ # end
210
+ #
211
+ # class WritingAbility
212
+ # include CanCan::Ability
213
+ #
214
+ # def initialize
215
+ # can :edit, User
216
+ # alias_action :create, :update, to: :modify
217
+ # end
218
+ # end
219
+ #
220
+ # read_ability = ReadAbility.new
221
+ # read_ability.can? :edit, User.new #=> false
222
+ # read_ability.merge(WritingAbility.new)
223
+ # read_ability.can? :edit, User.new #=> true
224
+ # read_ability.aliased_actions #=> [:see => [:show, :index], :modify => [:create, :update]]
225
+ #
226
+ # If there are collisions when merging the +aliased_actions+, the actions on +self+ will be
227
+ # overwritten.
228
+ #
229
+ # class ReadAbility
230
+ # include CanCan::Ability
231
+ #
232
+ # def initialize
233
+ # alias_action :show, :index, to: :see
234
+ # end
235
+ # end
236
+ #
237
+ # class ShowAbility
238
+ # include CanCan::Ability
239
+ #
240
+ # def initialize
241
+ # alias_action :show, to: :see
242
+ # end
243
+ # end
244
+ #
245
+ # read_ability = ReadAbility.new
246
+ # read_ability.merge(ShowAbility)
247
+ # read_ability.aliased_actions #=> [:see => [:show]]
248
248
  def merge(ability)
249
249
  ability.rules.each do |rule|
250
250
  add_rule(rule.dup)
251
251
  end
252
+ @aliased_actions = aliased_actions.merge(ability.aliased_actions)
252
253
  self
253
254
  end
254
255
 
@@ -260,150 +261,48 @@ module CanCan
260
261
  #
261
262
  # Where can_hash and cannot_hash are formatted thusly:
262
263
  # {
263
- # action: array_of_objects
264
+ # action: { subject: [attributes] }
264
265
  # }
265
266
  def permissions
266
- permissions_list = {:can => {}, :cannot => {}}
267
-
268
- rules.each do |rule|
269
- subjects = rule.subjects
270
- expand_actions(rule.actions).each do |action|
271
- if(rule.base_behavior)
272
- permissions_list[:can][action] ||= []
273
- permissions_list[:can][action] += subjects.map(&:to_s)
274
- else
275
- permissions_list[:cannot][action] ||= []
276
- permissions_list[:cannot][action] += subjects.map(&:to_s)
277
- end
278
- end
279
- end
280
-
267
+ permissions_list = {
268
+ can: Hash.new { |actions, k1| actions[k1] = Hash.new { |subjects, k2| subjects[k2] = [] } },
269
+ cannot: Hash.new { |actions, k1| actions[k1] = Hash.new { |subjects, k2| subjects[k2] = [] } }
270
+ }
271
+ rules.each { |rule| extract_rule_in_permissions(permissions_list, rule) }
281
272
  permissions_list
282
273
  end
283
274
 
284
- protected
285
-
286
- # Must be protected as an ability can merge with other abilities.
287
- # This means that an ability must expose their rules with another ability.
288
- def rules
289
- @rules ||= []
275
+ def extract_rule_in_permissions(permissions_list, rule)
276
+ expand_actions(rule.actions).each do |action|
277
+ container = rule.base_behavior ? :can : :cannot
278
+ rule.subjects.each do |subject|
279
+ permissions_list[container][action][subject.to_s] += rule.attributes
280
+ end
281
+ end
290
282
  end
291
283
 
292
284
  private
293
285
 
294
286
  def unauthorized_message_keys(action, subject)
295
- subject = (subject.class == Class ? subject : subject.class).name.underscore unless subject.kind_of? Symbol
296
- [subject, :all].map do |try_subject|
297
- [aliases_for_action(action), :manage].flatten.map do |try_action|
298
- :"#{try_action}.#{try_subject}"
299
- end
300
- end.flatten
301
- end
302
-
303
- # Accepts an array of actions and returns an array of actions which match.
304
- # This should be called before "matches?" and other checking methods since they
305
- # rely on the actions to be expanded.
306
- def expand_actions(actions)
307
- expanded_actions[actions] ||= begin
308
- expanded = []
309
- actions.each do |action|
310
- expanded << action
311
- if aliases = aliased_actions[action]
312
- expanded += expand_actions(aliases)
313
- end
314
- end
315
- expanded
287
+ subject = (subject.class == Class ? subject : subject.class).name.underscore unless subject.is_a? Symbol
288
+ aliases = aliases_for_action(action)
289
+ [subject, :all].product([*aliases, :manage]).map do |try_subject, try_action|
290
+ :"#{try_action}.#{try_subject}"
316
291
  end
317
292
  end
318
293
 
319
- def expanded_actions
320
- @expanded_actions ||= {}
321
- end
322
-
323
294
  # It translates to an array the subject or the hash with multiple subjects given to can?.
324
295
  def extract_subjects(subject)
325
- subject = if subject.kind_of?(Hash) && subject.key?(:any)
296
+ if subject.is_a?(Hash) && subject.key?(:any)
326
297
  subject[:any]
327
298
  else
328
299
  [subject]
329
300
  end
330
301
  end
331
302
 
332
- # Given an action, it will try to find all of the actions which are aliased to it.
333
- # This does the opposite kind of lookup as expand_actions.
334
- def aliases_for_action(action)
335
- results = [action]
336
- aliased_actions.each do |aliased_action, actions|
337
- results += aliases_for_action(aliased_action) if actions.include? action
338
- end
339
- results
340
- end
341
-
342
- def add_rule(rule)
343
- rules << rule
344
- add_rule_to_index(rule, rules.size - 1)
345
- end
346
-
347
- def add_rule_to_index(rule, position)
348
- @rules_index ||= Hash.new { |h, k| h[k] = [] }
349
-
350
- subjects = rule.subjects.compact
351
- subjects << :all if subjects.empty?
352
-
353
- subjects.each do |subject|
354
- @rules_index[subject] << position
355
- end
356
- end
357
-
358
303
  def alternative_subjects(subject)
359
304
  subject = subject.class unless subject.is_a?(Module)
360
- [:all, *subject.ancestors, subject.class.to_s]
361
- end
362
-
363
- # Returns an array of Rule instances which match the action and subject
364
- # This does not take into consideration any hash conditions or block statements
365
- def relevant_rules(action, subject)
366
- return [] unless @rules
367
- relevant = possible_relevant_rules(subject).select do |rule|
368
- rule.expanded_actions = expand_actions(rule.actions)
369
- rule.relevant? action, subject
370
- end
371
- relevant.reverse!.uniq!
372
- relevant
373
- end
374
-
375
- def possible_relevant_rules(subject)
376
- if subject.is_a?(Hash)
377
- rules
378
- else
379
- positions = @rules_index.values_at(subject, *alternative_subjects(subject))
380
- positions.flatten!.sort!
381
- positions.map { |i| @rules[i] }
382
- end
383
- end
384
-
385
- def relevant_rules_for_match(action, subject)
386
- relevant_rules(action, subject).each do |rule|
387
- if rule.only_raw_sql?
388
- raise Error, "The can? and cannot? call cannot be used with a raw sql 'can' definition. The checking code cannot be determined for #{action.inspect} #{subject.inspect}"
389
- end
390
- end
391
- end
392
-
393
- def relevant_rules_for_query(action, subject)
394
- relevant_rules(action, subject).each do |rule|
395
- if rule.only_block?
396
- raise Error, "The accessible_by call cannot be used with a block 'can' definition. The SQL cannot be determined for #{action.inspect} #{subject.inspect}"
397
- end
398
- end
399
- end
400
-
401
- def default_alias_actions
402
- {
403
- :read => [:index, :show],
404
- :create => [:new],
405
- :update => [:edit],
406
- }
305
+ [:all, *subject.ancestors, subject.class.to_s]
407
306
  end
408
307
  end
409
308
  end