RubyGems - cancancan - Versions diffs - 1.13.1 → 3.1.0 - Mend

cancancan 1.13.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

checksums.yaml +5 -5
data/cancancan.gemspec +18 -18
data/init.rb +2 -0
data/lib/cancan.rb +9 -11
data/lib/cancan/ability.rb +93 -194
data/lib/cancan/ability/actions.rb +93 -0
data/lib/cancan/ability/rules.rb +93 -0
data/lib/cancan/ability/strong_parameter_support.rb +41 -0
data/lib/cancan/conditions_matcher.rb +106 -0
data/lib/cancan/controller_additions.rb +38 -41
data/lib/cancan/controller_resource.rb +52 -211
data/lib/cancan/controller_resource_builder.rb +26 -0
data/lib/cancan/controller_resource_finder.rb +42 -0
data/lib/cancan/controller_resource_loader.rb +120 -0
data/lib/cancan/controller_resource_name_finder.rb +23 -0
data/lib/cancan/controller_resource_sanitizer.rb +32 -0
data/lib/cancan/exceptions.rb +17 -5
data/lib/cancan/matchers.rb +12 -3
data/lib/cancan/model_adapters/abstract_adapter.rb +10 -8
data/lib/cancan/model_adapters/active_record_4_adapter.rb +39 -13
data/lib/cancan/model_adapters/active_record_5_adapter.rb +68 -0
data/lib/cancan/model_adapters/active_record_adapter.rb +77 -82
data/lib/cancan/model_adapters/conditions_extractor.rb +75 -0
data/lib/cancan/model_adapters/conditions_normalizer.rb +49 -0
data/lib/cancan/model_adapters/default_adapter.rb +2 -0
data/lib/cancan/model_additions.rb +2 -1
data/lib/cancan/parameter_validators.rb +9 -0
data/lib/cancan/relevant.rb +29 -0
data/lib/cancan/rule.rb +76 -105
data/lib/cancan/rules_compressor.rb +23 -0
data/lib/cancan/unauthorized_message_resolver.rb +24 -0
data/lib/cancan/version.rb +3 -1
data/lib/cancancan.rb +2 -0
data/lib/generators/cancan/ability/ability_generator.rb +4 -2
data/lib/generators/cancan/ability/templates/ability.rb +2 -0
metadata +66 -56
data/.gitignore +0 -15
data/.rspec +0 -1
data/.travis.yml +0 -28
data/Appraisals +0 -81
data/CHANGELOG.rdoc +0 -518
data/CONTRIBUTING.md +0 -23
data/Gemfile +0 -3
data/LICENSE +0 -22
data/README.md +0 -214
data/Rakefile +0 -9
data/gemfiles/activerecord_3.2.gemfile +0 -16
data/gemfiles/activerecord_4.0.gemfile +0 -17
data/gemfiles/activerecord_4.1.gemfile +0 -17
data/gemfiles/activerecord_4.2.gemfile +0 -18
data/gemfiles/mongoid_2.x.gemfile +0 -16
data/gemfiles/sequel_3.x.gemfile +0 -16
data/lib/cancan/inherited_resource.rb +0 -20
data/lib/cancan/model_adapters/active_record_3_adapter.rb +0 -16
data/lib/cancan/model_adapters/mongoid_adapter.rb +0 -54
data/lib/cancan/model_adapters/sequel_adapter.rb +0 -87
data/spec/README.rdoc +0 -27
data/spec/cancan/ability_spec.rb +0 -521
data/spec/cancan/controller_additions_spec.rb +0 -141
data/spec/cancan/controller_resource_spec.rb +0 -632
data/spec/cancan/exceptions_spec.rb +0 -58
data/spec/cancan/inherited_resource_spec.rb +0 -71
data/spec/cancan/matchers_spec.rb +0 -29
data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb +0 -85
data/spec/cancan/model_adapters/active_record_adapter_spec.rb +0 -384
data/spec/cancan/model_adapters/default_adapter_spec.rb +0 -7
data/spec/cancan/model_adapters/mongoid_adapter_spec.rb +0 -227
data/spec/cancan/model_adapters/sequel_adapter_spec.rb +0 -132
data/spec/cancan/rule_spec.rb +0 -52
data/spec/matchers.rb +0 -13
data/spec/spec.opts +0 -2
data/spec/spec_helper.rb +0 -27
data/spec/support/ability.rb +0 -7

data/spec/cancan/controller_additions_spec.rb DELETED

@@ -1,141 +0,0 @@
-require "spec_helper"
-describe CanCan::ControllerAdditions do
-  before(:each) do
-    @controller_class = Class.new
-    @controller = @controller_class.new
-    allow(@controller).to receive(:params) { {} }
-    allow(@controller).to receive(:current_user) { :current_user }
-    expect(@controller_class).to receive(:helper_method).with(:can?, :cannot?, :current_ability)
-    @controller_class.send(:include, CanCan::ControllerAdditions)
-  end
-  it "raises ImplementationRemoved when attempting to call 'unauthorized!' on a controller" do
-    expect { @controller.unauthorized! }.to raise_error(CanCan::ImplementationRemoved)
-  end
-  it "authorize! assigns @_authorized instance variable and pass args to current ability" do
-    allow(@controller.current_ability).to receive(:authorize!).with(:foo, :bar)
-    @controller.authorize!(:foo, :bar)
-    expect(@controller.instance_variable_get(:@_authorized)).to be(true)
-  end
-  it "has a current_ability method which generates an ability for the current user" do
-    expect(@controller.current_ability).to be_kind_of(Ability)
-  end
-  it "provides a can? and cannot? methods which go through the current ability" do
-    expect(@controller.current_ability).to be_kind_of(Ability)
-    expect(@controller.can?(:foo, :bar)).to be(false)
-    expect(@controller.cannot?(:foo, :bar)).to be(true)
-  end
-  it "load_and_authorize_resource setups a before filter which passes call to ControllerResource" do
-    expect(cancan_resource_class = double).to receive(:load_and_authorize_resource)
-    allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, :foo => :bar) {cancan_resource_class }
-    expect(@controller_class).to receive(:before_filter).with({}) { |options, &block| block.call(@controller) }
-    @controller_class.load_and_authorize_resource :foo => :bar
-  end
-  it "load_and_authorize_resource properly passes first argument as the resource name" do
-    expect(cancan_resource_class = double).to receive(:load_and_authorize_resource)
-    allow(CanCan::ControllerResource).to receive(:new).with(@controller, :project, :foo => :bar) {cancan_resource_class}
-    expect(@controller_class).to receive(:before_filter).with({}) { |options, &block| block.call(@controller) }
-    @controller_class.load_and_authorize_resource :project, :foo => :bar
-  end
-  it "load_and_authorize_resource with :prepend prepends the before filter" do
-    expect(@controller_class).to receive(:prepend_before_filter).with({})
-    @controller_class.load_and_authorize_resource :foo => :bar, :prepend => true
-  end
-  it "authorize_resource setups a before filter which passes call to ControllerResource" do
-    expect(cancan_resource_class = double).to receive(:authorize_resource)
-    allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, :foo => :bar) {cancan_resource_class}
-    expect(@controller_class).to receive(:before_filter).with(:except => :show, :if => true) { |options, &block| block.call(@controller) }
-    @controller_class.authorize_resource :foo => :bar, :except => :show, :if => true
-  end
-  it "load_resource setups a before filter which passes call to ControllerResource" do
-    expect(cancan_resource_class = double).to receive(:load_resource)
-    allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, :foo => :bar) {cancan_resource_class}
-    expect(@controller_class).to receive(:before_filter).with(:only => [:show, :index], :unless => false) { |options, &block| block.call(@controller) }
-    @controller_class.load_resource :foo => :bar, :only => [:show, :index], :unless => false
-  end
-  it "skip_authorization_check setups a before filter which sets @_authorized to true" do
-    expect(@controller_class).to receive(:before_filter).with(:filter_options) { |options, &block| block.call(@controller) }
-    @controller_class.skip_authorization_check(:filter_options)
-    expect(@controller.instance_variable_get(:@_authorized)).to be(true)
-  end
-  it "check_authorization triggers AuthorizationNotPerformed in after filter" do
-    expect(@controller_class).to receive(:after_filter).with(:only => [:test]) { |options, &block| block.call(@controller) }
-    expect {
-      @controller_class.check_authorization(:only => [:test])
-    }.to raise_error(CanCan::AuthorizationNotPerformed)
-  end
-  it "check_authorization does not trigger AuthorizationNotPerformed when :if is false" do
-    allow(@controller).to receive(:check_auth?) { false }
-    allow(@controller_class).to receive(:after_filter).with({}) { |options, &block| block.call(@controller) }
-    expect {
-      @controller_class.check_authorization(:if => :check_auth?)
-    }.not_to raise_error
-  end
-  it "check_authorization does not trigger AuthorizationNotPerformed when :unless is true" do
-    allow(@controller).to receive(:engine_controller?) { true }
-    expect(@controller_class).to receive(:after_filter).with({}) { |options, &block| block.call(@controller) }
-    expect {
-      @controller_class.check_authorization(:unless => :engine_controller?)
-    }.not_to raise_error
-  end
-  it "check_authorization does not raise error when @_authorized is set" do
-    @controller.instance_variable_set(:@_authorized, true)
-    expect(@controller_class).to receive(:after_filter).with(:only => [:test]) { |options, &block| block.call(@controller) }
-    expect {
-      @controller_class.check_authorization(:only => [:test])
-    }.not_to raise_error
-  end
-  it "cancan_resource_class is ControllerResource by default" do
-    expect(@controller.class.cancan_resource_class).to eq(CanCan::ControllerResource)
-  end
-  it "cancan_resource_class is InheritedResource when class includes InheritedResources::Actions" do
-    allow(@controller.class).to receive(:ancestors) { ["InheritedResources::Actions"] }
-    expect(@controller.class.cancan_resource_class).to eq(CanCan::InheritedResource)
-  end
-  it "cancan_skipper is an empty hash with :authorize and :load options and remember changes" do
-    expect(@controller_class.cancan_skipper).to eq({:authorize => {}, :load => {}})
-    @controller_class.cancan_skipper[:load] = true
-    expect(@controller_class.cancan_skipper[:load]).to be(true)
-  end
-  it "skip_authorize_resource adds itself to the cancan skipper with given model name and options" do
-    @controller_class.skip_authorize_resource(:project, :only => [:index, :show])
-    expect(@controller_class.cancan_skipper[:authorize][:project]).to eq({:only => [:index, :show]})
-    @controller_class.skip_authorize_resource(:only => [:index, :show])
-    expect(@controller_class.cancan_skipper[:authorize][nil]).to eq({:only => [:index, :show]})
-    @controller_class.skip_authorize_resource(:article)
-    expect(@controller_class.cancan_skipper[:authorize][:article]).to eq({})
-  end
-  it "skip_load_resource adds itself to the cancan skipper with given model name and options" do
-    @controller_class.skip_load_resource(:project, :only => [:index, :show])
-    expect(@controller_class.cancan_skipper[:load][:project]).to eq({:only => [:index, :show]})
-    @controller_class.skip_load_resource(:only => [:index, :show])
-    expect(@controller_class.cancan_skipper[:load][nil]).to eq({:only => [:index, :show]})
-    @controller_class.skip_load_resource(:article)
-    expect(@controller_class.cancan_skipper[:load][:article]).to eq({})
-  end
-  it "skip_load_and_authore_resource adds itself to the cancan skipper with given model name and options" do
-    @controller_class.skip_load_and_authorize_resource(:project, :only => [:index, :show])
-    expect(@controller_class.cancan_skipper[:load][:project]).to eq({:only => [:index, :show]})
-    expect(@controller_class.cancan_skipper[:authorize][:project]).to eq({:only => [:index, :show]})
-  end
-end

data/spec/cancan/controller_resource_spec.rb DELETED

@@ -1,632 +0,0 @@
-require "spec_helper"
-describe CanCan::ControllerResource do
-  let(:ability) { Ability.new(nil) }
-  let(:params) { HashWithIndifferentAccess.new(:controller => "models") }
-  let(:controller_class) { Class.new }
-  let(:controller) { controller_class.new }
-  before(:each) do
-    class Model
-      attr_accessor :name
-      def initialize(attributes={})
-        attributes.each do |attribute, value|
-          send("#{attribute}=", value)
-        end
-      end
-    end
-    allow(controller).to receive(:params) { params }
-    allow(controller).to receive(:current_ability) { ability }
-    allow(controller_class).to receive(:cancan_skipper) { {:authorize => {}, :load => {}} }
-  end
-  context "on build actions" do
-    before :each do
-      params.merge!(:action => "new")
-    end
-    it "builds a new resource with attributes from current ability" do
-      ability.can(:create, Model, :name => "from conditions")
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("from conditions")
-    end
-    it "overrides initial attributes with params" do
-      params.merge!(:model => {:name => "from params"})
-      ability.can(:create, Model, :name => "from conditions")
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("from params")
-    end
-    it "builds a resource when on custom new action even when params[:id] exists" do
-      params.merge!(:action => "build", :id => "123")
-      allow(Model).to receive(:new) { :some_model }
-      resource = CanCan::ControllerResource.new(controller, :new => :build)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "only authorizes :show action on parent resource" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      params.merge!(:model_id => 123)
-      allow(controller).to receive(:authorize!).with(:show, model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller, :model, :parent => true)
-      expect { resource.load_and_authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-  end
-  context "on create actions" do
-    before :each do
-      params.merge!(:action => 'create')
-    end
-    # Rails includes namespace in params, see issue #349
-    it "creates through the namespaced params" do
-      module MyEngine
-        class Model < ::Model; end
-      end
-      params.merge!(:controller => "my_engine/models", :my_engine_model => {:name => "foobar"})
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("foobar")
-    end
-    it "builds a new resource with hash if params[:id] is not specified" do
-      params.merge!(:model => {:name => "foobar"})
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("foobar")
-    end
-    it "builds a new resource for namespaced model with hash if params[:id] is not specified" do
-      module Sub
-        class Model < ::Model; end
-      end
-      params.merge!('sub_model' => {:name => "foobar"})
-      resource = CanCan::ControllerResource.new(controller, :class => ::Sub::Model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("foobar")
-    end
-    it "builds a new resource for namespaced controller and namespaced model with hash if params[:id] is not specified" do
-      params.merge!(:controller => "admin/sub_models", 'sub_model' => {:name => "foobar"})
-      resource = CanCan::ControllerResource.new(controller, :class => Model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@sub_model).name).to eq("foobar")
-    end
-    it "builds a new resource for namespaced controller given through folder format" do
-      module Admin
-        module SubModule
-          class HiddenModel < ::Model; end
-        end
-      end
-      params.merge!(:controller => "admin/sub_module/hidden_models")
-      resource = CanCan::ControllerResource.new(controller)
-      expect { resource.load_resource }.not_to raise_error
-    end
-    it "does not build record through has_one association with :singleton option because it can cause it to delete it in the database" do
-      category = Class.new
-      allow_any_instance_of(Model).to receive('category=').with(category)
-      allow_any_instance_of(Model).to receive('category') { category }
-      params.merge!(:model => {:name => "foobar"})
-      controller.instance_variable_set(:@category, category)
-      resource = CanCan::ControllerResource.new(controller, :through => :category, :singleton => true)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("foobar")
-      expect(controller.instance_variable_get(:@model).category).to eq(category)
-    end
-    it "builds record through has_one association with :singleton and :shallow options" do
-      params.merge!(:model => {:name => "foobar"})
-      resource = CanCan::ControllerResource.new(controller, :through => :category, :singleton => true, :shallow => true)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model).name).to eq("foobar")
-    end
-    context "with a strong parameters method" do
-      before :each do
-        params.merge!(:controller => "model", :model => { :name => 'test'})
-      end
-      it "accepts and uses the specified symbol for santitizing input" do
-        allow(controller).to receive(:resource_params).and_return(:resource => 'params')
-        allow(controller).to receive(:model_params).and_return(:model => 'params')
-        allow(controller).to receive(:create_params).and_return(:create => 'params')
-        allow(controller).to receive(:custom_params).and_return(:custom => 'params')
-        resource = CanCan::ControllerResource.new(controller, {:param_method => :custom_params})
-        expect(resource.send("resource_params")).to eq(:custom => 'params')
-      end
-      it "accepts the specified string for sanitizing input" do
-        resource = CanCan::ControllerResource.new(controller, {:param_method => "{:custom => 'params'}"})
-        expect(resource.send("resource_params")).to eq(:custom => 'params')
-      end
-      it "accepts the specified proc for sanitizing input" do
-        resource = CanCan::ControllerResource.new(controller, {:param_method => Proc.new { |c| {:custom => 'params'}}})
-        expect(resource.send("resource_params")).to eq(:custom => 'params')
-      end
-      it "prefers to use the create_params method for santitizing input" do
-        allow(controller).to receive(:resource_params).and_return(:resource => 'params')
-        allow(controller).to receive(:model_params).and_return(:model => 'params')
-        allow(controller).to receive(:create_params).and_return(:create => 'params')
-        allow(controller).to receive(:custom_params).and_return(:custom => 'params')
-        resource = CanCan::ControllerResource.new(controller)
-        expect(resource.send("resource_params")).to eq(:create => 'params')
-      end
-      it "prefers to use the <model_name>_params method for santitizing input if create is not found" do
-        allow(controller).to receive(:resource_params).and_return(:resource => 'params')
-        allow(controller).to receive(:model_params).and_return(:model => 'params')
-        allow(controller).to receive(:custom_params).and_return(:custom => 'params')
-        resource = CanCan::ControllerResource.new(controller)
-        expect(resource.send("resource_params")).to eq(:model => 'params')
-      end
-      it "prefers to use the resource_params method for santitizing input if create or model is not found" do
-        allow(controller).to receive(:resource_params).and_return(:resource => 'params')
-        allow(controller).to receive(:custom_params).and_return(:custom => 'params')
-        resource = CanCan::ControllerResource.new(controller)
-        expect(resource.send("resource_params")).to eq(:resource => 'params')
-      end
-    end
-  end
-  context "on collection actions" do
-    before :each do
-      params[:action] = 'index'
-    end
-    it "builds a collection when on index action when class responds to accessible_by" do
-      allow(Model).to receive(:accessible_by).with(ability, :index) { :found_models }
-      resource = CanCan::ControllerResource.new(controller, :model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to be_nil
-      expect(controller.instance_variable_get(:@models)).to eq(:found_models)
-    end
-    it "does not build a collection when on index action when class does not respond to accessible_by" do
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to be_nil
-      expect(controller.instance_variable_defined?(:@models)).to be(false)
-    end
-    it "does not use accessible_by when defining abilities through a block" do
-      allow(Model).to receive(:accessible_by).with(ability) { :found_models }
-      ability.can(:read, Model) { |p| false }
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to be_nil
-      expect(controller.instance_variable_defined?(:@models)).to be(false)
-    end
-    it "does not authorize single resource in collection action" do
-      allow(controller).to receive(:authorize!).with(:index, Model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller)
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-    it "authorizes parent resource in collection action" do
-      controller.instance_variable_set(:@category, :some_category)
-      allow(controller).to receive(:authorize!).with(:show, :some_category) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller, :category, :parent => true)
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-    it "authorizes with :custom_action for parent collection action" do
-      controller.instance_variable_set(:@category, :some_category)
-      allow(controller).to receive(:authorize!).with(:custom_action, :some_category) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller, :category, :parent => true, :parent_action => :custom_action )
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-    it "has the specified nested resource_class when using / for namespace" do
-      module Admin
-        class Dashboard; end
-      end
-      ability.can(:index, "admin/dashboard")
-      params.merge!(:controller => "admin/dashboard")
-      resource = CanCan::ControllerResource.new(controller, :authorize => true)
-      expect(resource.send(:resource_class)).to eq(Admin::Dashboard)
-    end
-    it "does not build a single resource when on custom collection action even with id" do
-      params.merge!(:action => "sort", :id => "123")
-      resource = CanCan::ControllerResource.new(controller, :collection => [:sort, :list])
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to be_nil
-    end
-    it "loads a collection resource when on custom action with no id param" do
-      allow(Model).to receive(:accessible_by).with(ability, :sort) { :found_models }
-      params[:action] = "sort"
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to be_nil
-      expect(controller.instance_variable_get(:@models)).to eq(:found_models)
-    end
-    it "loads parent resource through proper id parameter" do
-      model = Model.new
-      allow(Model).to receive(:find).with("1") { model }
-      params.merge!(:controller => "categories", :model_id => 1)
-      resource = CanCan::ControllerResource.new(controller, :model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "authorizes nested resource through parent association on index action" do
-      controller.instance_variable_set(:@category, category = double)
-      allow(controller).to receive(:authorize!).with(:index, category => Model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller, :through => :category)
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-  end
-  context "on instance read actions" do
-    before :each do
-      params.merge!(:action => "show", :id => "123")
-    end
-    it "loads the resource into an instance variable if params[:id] is specified" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "does not load resource into an instance variable if already set" do
-      controller.instance_variable_set(:@model, :some_model)
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "loads resource for namespaced controller" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      params.merge!(:controller => "admin/models")
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "performs authorization using controller action and loaded model" do
-      controller.instance_variable_set(:@model, :some_model)
-      allow(controller).to receive(:authorize!).with(:show, :some_model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller)
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-    it "performs authorization using controller action and non loaded model" do
-      allow(controller).to receive(:authorize!).with(:show, Model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller)
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-    it "calls load_resource and authorize_resource for load_and_authorize_resource" do
-      resource = CanCan::ControllerResource.new(controller)
-      expect(resource).to receive(:load_resource)
-      expect(resource).to receive(:authorize_resource)
-      resource.load_and_authorize_resource
-    end
-    it "loads resource through the association of another parent resource using instance variable" do
-      category = double(:models => {})
-      controller.instance_variable_set(:@category, category)
-      allow(category.models).to receive(:find).with("123") { :some_model }
-      resource = CanCan::ControllerResource.new(controller, :through => :category)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "loads resource through the custom association name" do
-      category = double(:custom_models => {})
-      controller.instance_variable_set(:@category, category)
-      allow(category.custom_models).to receive(:find).with("123") { :some_model }
-      resource = CanCan::ControllerResource.new(controller, :through => :category, :through_association => :custom_models)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "loads resource through the association of another parent resource using method" do
-      category = double(:models => {})
-      allow(controller).to receive(:category) { category }
-      allow(category.models).to receive(:find).with("123") { :some_model }
-      resource = CanCan::ControllerResource.new(controller, :through => :category)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "does not load through parent resource if instance isn't loaded when shallow" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      resource = CanCan::ControllerResource.new(controller, :through => :category, :shallow => true)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "raises AccessDenied when attempting to load resource through nil" do
-      resource = CanCan::ControllerResource.new(controller, :through => :category)
-      expect {
-        resource.load_resource
-      }.to raise_error(CanCan::AccessDenied) { |exception|
-        expect(exception.action).to eq(:show)
-        expect(exception.subject).to eq(Model)
-      }
-      expect(controller.instance_variable_get(:@model)).to be_nil
-    end
-    it "loads through first matching if multiple are given" do
-      category = double(:models => {})
-      controller.instance_variable_set(:@category, category)
-      allow(category.models).to receive(:find).with("123") { :some_model }
-      resource = CanCan::ControllerResource.new(controller, :through => [:category, :user])
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "finds record through has_one association with :singleton option without id param" do
-      params.merge!(:id => nil)
-      category = double(:model => :some_model)
-      controller.instance_variable_set(:@category, category)
-      resource = CanCan::ControllerResource.new(controller, :through => :category, :singleton => true)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(:some_model)
-    end
-    it "does not try to load resource for other action if params[:id] is undefined" do
-      params.merge!(:action => 'list', :id => nil)
-      resource = CanCan::ControllerResource.new(controller)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to be_nil
-    end
-    it "finds record through has_one association with :singleton and :shallow options" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      resource = CanCan::ControllerResource.new(controller, :through => :category, :singleton => true, :shallow => true)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "loads the model using a custom class" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      resource = CanCan::ControllerResource.new(controller, :class => Model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "loads the model using a custom namespaced class" do
-      module Sub
-        class Model < ::Model; end
-      end
-      model = Sub::Model.new
-      allow(Sub::Model).to receive(:find).with("123") { model }
-      resource = CanCan::ControllerResource.new(controller, :class => ::Sub::Model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "authorizes based on resource name if class is false" do
-      allow(controller).to receive(:authorize!).with(:show, :model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller, :class => false)
-      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
-    end
-    it "loads and authorize using custom instance name" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      allow(controller).to receive(:authorize!).with(:show, model) { raise CanCan::AccessDenied }
-      resource = CanCan::ControllerResource.new(controller, :instance_name => :custom_model)
-      expect { resource.load_and_authorize_resource }.to raise_error(CanCan::AccessDenied)
-      expect(controller.instance_variable_get(:@custom_model)).to eq(model)
-    end
-    it "loads resource using custom ID param" do
-      model = Model.new
-      allow(Model).to receive(:find).with("123") { model }
-      params.merge!(:the_model => 123)
-      resource = CanCan::ControllerResource.new(controller, :id_param => :the_model)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    # CVE-2012-5664
-    it "always converts id param to string" do
-      params.merge!(:the_model => { :malicious => "I am" })
-      resource = CanCan::ControllerResource.new(controller, :id_param => :the_model)
-      expect(resource.send(:id_param).class).to eq(String)
-    end
-    it "should id param return nil if param is nil" do
-      params.merge!(:the_model => nil)
-      resource = CanCan::ControllerResource.new(controller, :id_param => :the_model)
-      expect(resource.send(:id_param)).to be_nil
-    end
-    it "loads resource using custom find_by attribute" do
-      model = Model.new
-      allow(Model).to receive(:name).with('foo') { model }
-      params.merge!(:action => "show", :id => "foo")
-      resource = CanCan::ControllerResource.new(controller, :find_by => :name)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-    it "allows full find method to be passed into find_by option" do
-      model = Model.new
-      allow(Model).to receive(:find_by_name).with('foo') { model }
-      params.merge!(:action => "show", :id => "foo")
-      resource = CanCan::ControllerResource.new(controller, :find_by => :find_by_name)
-      resource.load_resource
-      expect(controller.instance_variable_get(:@model)).to eq(model)
-    end
-  end
-  it "calls the santitizer when the parameter hash matches our object" do
-    params.merge!(:action => 'create', :model => { :name => 'test' })
-    allow(controller).to receive(:create_params).and_return({})
-    resource = CanCan::ControllerResource.new(controller)
-    resource.load_resource
-    expect(controller.instance_variable_get(:@model).name).to eq nil
-  end
-  it "santitizes correctly when the instance name is overriden" do
-    params.merge!(:action => 'create', :custom_name => {:name => "foobar"})
-    allow(controller).to receive(:create_params).and_return({})
-    resource = CanCan::ControllerResource.new(controller, :instance_name => :custom_name)
-    resource.load_resource
-    expect(controller.instance_variable_get(:@custom_name).name).to eq nil
-  end
-  it "calls the santitize method on non-save actions when required" do
-    params.merge!(:action => 'new', :model => { :name => 'test' })
-    allow(controller).to receive(:resource_params).and_return({})
-    resource = CanCan::ControllerResource.new(controller)
-    resource.load_resource
-    expect(controller.instance_variable_get(:@model).name).to eq nil
-  end
-  it "doesn't sanitize parameters on non-save actions when not required" do
-    params.merge!(:action => 'new', :not_our_model => { :name => 'test' })
-    allow(controller).to receive(:resource_params).and_raise
-    resource = CanCan::ControllerResource.new(controller)
-    expect {
-      resource.load_resource
-    }.to_not raise_error
-  end
-  it "is a parent resource when name is provided which doesn't match controller" do
-    resource = CanCan::ControllerResource.new(controller, :category)
-    expect(resource).to be_parent
-  end
-  it "does not be a parent resource when name is provided which matches controller" do
-    resource = CanCan::ControllerResource.new(controller, :model)
-    expect(resource).to_not be_parent
-  end
-  it "is parent if specified in options" do
-    resource = CanCan::ControllerResource.new(controller, :model, {:parent => true})
-    expect(resource).to be_parent
-  end
-  it "does not be parent if specified in options" do
-    resource = CanCan::ControllerResource.new(controller, :category, {:parent => false})
-    expect(resource).to_not be_parent
-  end
-  it "has the specified resource_class if 'name' is passed to load_resource" do
-    class Section; end
-    resource = CanCan::ControllerResource.new(controller, :section)
-    expect(resource.send(:resource_class)).to eq(Section)
-  end
-  it "raises ImplementationRemoved when adding :name option" do
-    expect {
-      CanCan::ControllerResource.new(controller, :name => :foo)
-    }.to raise_error(CanCan::ImplementationRemoved)
-  end
-  it "raises ImplementationRemoved exception when specifying :resource option since it is no longer used" do
-    expect {
-      CanCan::ControllerResource.new(controller, :resource => Model)
-    }.to raise_error(CanCan::ImplementationRemoved)
-  end
-  it "raises ImplementationRemoved exception when passing :nested option" do
-    expect {
-      CanCan::ControllerResource.new(controller, :nested => :model)
-    }.to raise_error(CanCan::ImplementationRemoved)
-  end
-  it "skips resource behavior for :only actions in array" do
-    allow(controller_class).to receive(:cancan_skipper) { {:load => {nil => {:only => [:index, :show]}}} }
-    params.merge!(:action => "index")
-    expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be(true)
-    expect(CanCan::ControllerResource.new(controller, :some_resource).skip?(:load)).to be(false)
-    params.merge!(:action => "show")
-    expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be(true)
-    params.merge!(:action => "other_action")
-    expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be_falsey
-  end
-  it "skips resource behavior for :only one action on resource" do
-    allow(controller_class).to receive(:cancan_skipper) { {:authorize => {:model => {:only => :index}}} }
-    params.merge!(:action => "index")
-    expect(CanCan::ControllerResource.new(controller).skip?(:authorize)).to be(false)
-    expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be(true)
-    params.merge!(:action => "other_action")
-    expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be_falsey
-  end
-  it "skips resource behavior :except actions in array" do
-    allow(controller_class).to receive(:cancan_skipper) { {:load => {nil => {:except => [:index, :show]}}} }
-    params.merge!(:action => "index")
-    expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be_falsey
-    params.merge!(:action => "show")
-    expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be_falsey
-    params.merge!(:action => "other_action")
-    expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be(true)
-    expect(CanCan::ControllerResource.new(controller, :some_resource).skip?(:load)).to be(false)
-  end
-  it "skips resource behavior :except one action on resource" do
-    allow(controller_class).to receive(:cancan_skipper) { {:authorize => {:model => {:except => :index}}} }
-    params.merge!(:action => "index")
-    expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be_falsey
-    params.merge!(:action => "other_action")
-    expect(CanCan::ControllerResource.new(controller).skip?(:authorize)).to be(false)
-    expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be(true)
-  end
-  it "skips loading and authorization" do
-    allow(controller_class).to receive(:cancan_skipper) { {:authorize => {nil => {}}, :load => {nil => {}}} }
-    params.merge!(:action => "new")
-    resource = CanCan::ControllerResource.new(controller)
-    expect { resource.load_and_authorize_resource }.not_to raise_error
-    expect(controller.instance_variable_get(:@model)).to be_nil
-  end
-end