cancancan 1.15.0 → 1.16.0

data/lib/cancan/controller_additions.rb

@@ -1,5 +1,4 @@
 module CanCan
-
   # This module is automatically included into all controllers.
   # It also makes the "can?" and "cannot?" methods available to all views.
   module ControllerAdditions
@@ -72,8 +71,8 @@ module CanCan
       #   Load this resource through another one. This should match the name of the parent instance variable or method.
       #
       # [:+through_association+]
-      #   The name of the association to fetch the child records through the parent resource. This is normally not needed
-      #   because it defaults to the pluralized resource name.
+      #   The name of the association to fetch the child records through the parent resource.
+      #   This is normally not needed because it defaults to the pluralized resource name.
       #
       # [:+shallow+]
       #   Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
@@ -82,8 +81,8 @@ module CanCan
       #   Pass +true+ if this is a singleton resource through a +has_one+ association.
       #
       # [:+parent+]
-      #   True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
-      #   name is given which does not match the controller.
+      #   True or false depending on if the resource is considered a parent resource.
+      #   This defaults to +true+ if a resource name is given which does not match the controller.
       #
       # [:+class+]
       #   The class to use for the model (string or constant).
@@ -160,8 +159,8 @@ module CanCan
       #   Pass +true+ if this is a singleton resource through a +has_one+ association.
       #
       # [:+parent+]
-      #   True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
-      #   name is given which does not match the controller.
+      #   True or false depending on if the resource is considered a parent resource.
+      #   This defaults to +true+ if a resource name is given which does not match the controller.
       #
       # [:+class+]
       #   The class to use for the model (string or constant). This passed in when the instance variable is not set.
@@ -227,7 +226,8 @@ module CanCan
       end
 
       # Add this to a controller to ensure it performs authorization through +authorized+! or +authorize_resource+ call.
-      # If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised.
+      # If neither of these authorization methods are called,
+      # a CanCan::AuthorizationNotPerformed exception will be raised.
       # This is normally added to the ApplicationController to ensure all controller actions do authorization.
       #
       #   class ApplicationController < ActionController::Base
@@ -244,26 +244,30 @@ module CanCan
       #   Does not apply to given actions.
       #
       # [:+if+]
-      #   Supply the name of a controller method to be called. The authorization check only takes place if this returns true.
+      #   Supply the name of a controller method to be called.
+      #   The authorization check only takes place if this returns true.
       #
       #     check_authorization :if => :admin_controller?
       #
       # [:+unless+]
-      #   Supply the name of a controller method to be called. The authorization check only takes place if this returns false.
+      #   Supply the name of a controller method to be called.
+      #   The authorization check only takes place if this returns false.
       #
       #     check_authorization :unless => :devise_controller?
       #
       def check_authorization(options = {})
-        method_name = ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new("4") ? :after_action : :after_filter
+        method_name = active_support_4? ? :after_action : :after_filter
 
-        block = Proc.new do |controller|
+        block = proc do |controller|
           next if controller.instance_variable_defined?(:@_authorized)
           next if options[:if] && !controller.send(options[:if])
           next if options[:unless] && controller.send(options[:unless])
-          raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
+          raise AuthorizationNotPerformed,
+                'This action failed the check_authorization because it does not authorize_resource. '\
+                'Add skip_authorization_check to bypass this check.'
         end
 
-        self.send(method_name, options.slice(:only, :except), &block)
+        send(method_name, options.slice(:only, :except), &block)
       end
 
       # Call this in the class of a controller to skip the check_authorization behavior on the actions.
@@ -274,17 +278,19 @@ module CanCan
       #
       # Any arguments are passed to the +before_action+ it triggers.
       def skip_authorization_check(*args)
-        method_name = ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new("4") ? :before_action : :before_filter
-        block = Proc.new{ |controller| controller.instance_variable_set(:@_authorized, true) }
-        self.send(method_name, *args, &block)
+        method_name = active_support_4? ? :before_action : :before_filter
+        block = proc { |controller| controller.instance_variable_set(:@_authorized, true) }
+        send(method_name, *args, &block)
       end
 
-      def skip_authorization(*args)
-        raise ImplementationRemoved, "The CanCan skip_authorization method has been renamed to skip_authorization_check. Please update your code."
+      def skip_authorization(*_args)
+        raise ImplementationRemoved,
+              'The CanCan skip_authorization method has been renamed to skip_authorization_check. '\
+              'Please update your code.'
       end
 
       def cancan_resource_class
-        if ancestors.map(&:to_s).include? "InheritedResources::Actions"
+        if ancestors.map(&:to_s).include? 'InheritedResources::Actions'
           InheritedResource
         else
           ControllerResource
@@ -292,7 +298,11 @@ module CanCan
       end
 
       def cancan_skipper
-        @_cancan_skipper ||= {:authorize => {}, :load => {}}
+        @_cancan_skipper ||= { authorize: {}, load: {} }
+      end
+
+      def active_support_4?
+        ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new('4')
       end
     end
 
@@ -342,8 +352,8 @@ module CanCan
       current_ability.authorize!(*args)
     end
 
-    def unauthorized!(message = nil)
-      raise ImplementationRemoved, "The unauthorized! method has been removed from CanCan, use authorize! instead."
+    def unauthorized!(_message = nil)
+      raise ImplementationRemoved, 'The unauthorized! method has been removed from CanCan, use authorize! instead.'
     end
 
     # Creates and returns the current user's ability and caches it. If you

data/lib/cancan/controller_resource.rb

@@ -1,5 +1,6 @@
 module CanCan
-  # Handle the load and authorization controller logic so we don't clutter up all controllers with non-interface methods.
+  # Handle the load and authorization controller logic
+  # so we don't clutter up all controllers with non-interface methods.
   # This class is used internally, so you do not need to call methods directly on it.
   class ControllerResource # :nodoc:
     def self.add_before_action(controller_class, method, *args)
@@ -7,12 +8,13 @@ module CanCan
       resource_name = args.first
       before_action_method = before_callback_name(options)
       controller_class.send(before_action_method, options.slice(:only, :except, :if, :unless)) do |controller|
-        controller.class.cancan_resource_class.new(controller, resource_name, options.except(:only, :except, :if, :unless)).send(method)
+        controller.class.cancan_resource_class
+                  .new(controller, resource_name, options.except(:only, :except, :if, :unless)).send(method)
       end
     end
 
     def self.before_callback_name(options)
-      if ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new("4")
+      if ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new('4')
         options.delete(:prepend) ? :prepend_before_action : :before_action
       else
         options.delete(:prepend) ? :prepend_before_filter : :before_filter
@@ -24,9 +26,12 @@ module CanCan
       @params = controller.params
       @options = args.extract_options!
       @name = args.first
-      raise CanCan::ImplementationRemoved, "The :nested option is no longer supported, instead use :through with separate load/authorize call." if @options[:nested]
-      raise CanCan::ImplementationRemoved, "The :name option is no longer supported, instead pass the name as the first argument." if @options[:name]
-      raise CanCan::ImplementationRemoved, "The :resource option has been renamed back to :class, use false if no class." if @options[:resource]
+      nested_err = 'The :nested option is no longer supported, instead use :through with separate load/authorize call.'
+      raise CanCan::ImplementationRemoved, nested_err if @options[:nested]
+      name_err = 'The :name option is no longer supported, instead pass the name as the first argument.'
+      raise CanCan::ImplementationRemoved, name_err if @options[:name]
+      resource_err = 'The :resource option has been renamed back to :class, use false if no class.'
+      raise CanCan::ImplementationRemoved, resource_err if @options[:resource]
     end
 
     def load_and_authorize_resource
@@ -35,31 +40,28 @@ module CanCan
     end
 
     def load_resource
-      unless skip?(:load)
-        if load_instance?
-          self.resource_instance ||= load_resource_instance
-        elsif load_collection?
-          self.collection_instance ||= load_collection
-        end
+      return if skip?(:load)
+      if load_instance?
+        self.resource_instance ||= load_resource_instance
+      elsif load_collection?
+        self.collection_instance ||= load_collection
       end
     end
 
     def authorize_resource
-      unless skip?(:authorize)
-        @controller.authorize!(authorization_action, resource_instance || resource_class_with_parent)
-      end
+      return if skip?(:authorize)
+      @controller.authorize!(authorization_action, resource_instance || resource_class_with_parent)
     end
 
     def parent?
-      @options.has_key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym
+      @options.key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym
     end
 
     def skip?(behavior)
-      return false unless options = @controller.class.cancan_skipper[behavior][@name]
-
+      return false unless (options = @controller.class.cancan_skipper[behavior][@name])
       options == {} ||
-      options[:except] && !action_exists_in?(options[:except]) ||
-      action_exists_in?(options[:only])
+        options[:except] && !action_exists_in?(options[:except]) ||
+        action_exists_in?(options[:only])
     end
 
     protected
@@ -98,7 +100,7 @@ module CanCan
     end
 
     def initial_attributes
-      current_ability.attributes_for(@params[:action].to_sym, resource_class).delete_if do |key, value|
+      current_ability.attributes_for(@params[:action].to_sym, resource_class).delete_if do |key, _value|
         resource_params && resource_params.include?(key)
       end
     end
@@ -106,18 +108,20 @@ module CanCan
     def find_resource
       if @options[:singleton] && parent_resource.respond_to?(name)
         parent_resource.send(name)
+      elsif @options[:find_by]
+        find_resource_using_find_by
       else
-        if @options[:find_by]
-          if resource_base.respond_to? "find_by_#{@options[:find_by]}!"
-            resource_base.send("find_by_#{@options[:find_by]}!", id_param)
-          elsif resource_base.respond_to? "find_by"
-            resource_base.send("find_by", { @options[:find_by].to_sym => id_param })
-          else
-            resource_base.send(@options[:find_by], id_param)
-          end
-        else
-          adapter.find(resource_base, id_param)
-        end
+        adapter.find(resource_base, id_param)
+      end
+    end
+
+    def find_resource_using_find_by
+      if resource_base.respond_to? "find_by_#{@options[:find_by]}!"
+        resource_base.send("find_by_#{@options[:find_by]}!", id_param)
+      elsif resource_base.respond_to? 'find_by'
+        resource_base.send('find_by', @options[:find_by].to_sym => id_param)
+      else
+        resource_base.send(@options[:find_by], id_param)
       end
     end
 
@@ -146,7 +150,9 @@ module CanCan
     end
 
     def member_action?
-      new_actions.include?(@params[:action].to_sym) || @options[:singleton] || ( (@params[:id] || @params[@options[:id_param]]) && !collection_actions.include?(@params[:action].to_sym))
+      new_actions.include?(@params[:action].to_sym) || @options[:singleton] ||
+        ((@params[:id] || @params[@options[:id_param]]) &&
+          !collection_actions.include?(@params[:action].to_sym))
     end
 
     # Returns the class used for this resource. This can be overriden by the :class option.
@@ -154,15 +160,19 @@ module CanCan
     # only be used for authorization, not loading since there's no class to load through.
     def resource_class
       case @options[:class]
-      when false  then name.to_sym
-      when nil    then namespaced_name.to_s.camelize.constantize
-      when String then @options[:class].constantize
-      else @options[:class]
+      when false then
+        name.to_sym
+      when nil then
+        namespaced_name.to_s.camelize.constantize
+      when String then
+        @options[:class].constantize
+      else
+        @options[:class]
       end
     end
 
     def resource_class_with_parent
-      parent_resource ? {parent_resource => resource_class} : resource_class
+      parent_resource ? { parent_resource => resource_class } : resource_class
     end
 
     def resource_instance=(instance)
@@ -187,20 +197,33 @@ module CanCan
     # If the :singleton option is passed it won't use the association because it needs to be handled later.
     def resource_base
       if @options[:through]
-        if parent_resource
-          base = @options[:singleton] ? resource_class : parent_resource.send(@options[:through_association] || name.to_s.pluralize)
-          base = base.scoped if base.respond_to?(:scoped) && defined?(ActiveRecord) && ActiveRecord::VERSION::MAJOR == 3
-          base
-        elsif @options[:shallow]
-          resource_class
-        else
-          raise AccessDenied.new(nil, authorization_action, resource_class) # maybe this should be a record not found error instead?
-        end
+        resource_base_through
       else
         resource_class
       end
     end
 
+    def resource_base_through
+      if parent_resource
+        base = if @options[:singleton]
+                 resource_class
+               else
+                 parent_resource.send(@options[:through_association] || name.to_s.pluralize)
+               end
+        base = base.scoped if base.respond_to?(:scoped) && active_record_3?
+        base
+      elsif @options[:shallow]
+        resource_class
+      else
+        # maybe this should be a record not found error instead?
+        raise AccessDenied.new(nil, authorization_action, resource_class)
+      end
+    end
+
+    def active_record_3?
+      defined?(ActiveRecord) && ActiveRecord::VERSION::MAJOR == 3
+    end
+
     def parent_name
       @options[:through] && [@options[:through]].flatten.detect { |i| fetch_parent(i) }
     end
@@ -228,10 +251,13 @@ module CanCan
 
     def resource_params
       if parameters_require_sanitizing? && params_method.present?
-        return case params_method
-          when Symbol then @controller.send(params_method)
-          when String then @controller.instance_eval(params_method)
-          when Proc then params_method.call(@controller)
+        case params_method
+        when Symbol then
+          @controller.send(params_method)
+        when String then
+          @controller.instance_eval(params_method)
+        when Proc then
+          params_method.call(@controller)
         end
       else
         resource_params_by_namespaced_name
@@ -243,9 +269,9 @@ module CanCan
     end
 
     def resource_params_by_namespaced_name
-      if @options[:instance_name] && @params.has_key?(extract_key(@options[:instance_name]))
+      if @options[:instance_name] && @params.key?(extract_key(@options[:instance_name]))
         @params[extract_key(@options[:instance_name])]
-      elsif @options[:class] && @params.has_key?(extract_key(@options[:class]))
+      elsif @options[:class] && @params.key?(extract_key(@options[:class]))
         @params[extract_key(@options[:class])]
       else
         @params[extract_key(namespaced_name)]
@@ -254,7 +280,8 @@ module CanCan
 
     def params_method
       params_methods.each do |method|
-        return method if (method.is_a?(Symbol) && @controller.respond_to?(method, true)) || method.is_a?(String) || method.is_a?(Proc)
+        return method if (method.is_a?(Symbol) && @controller.respond_to?(method, true)) ||
+                         method.is_a?(String) || method.is_a?(Proc)
       end
       nil
     end
@@ -270,7 +297,7 @@ module CanCan
     end
 
     def namespaced_name
-      ([namespace, name] * '/').singularize.camelize.safe_constantize || name
+      [namespace, name].join('/').singularize.camelize.safe_constantize || name
     end
 
     def name_from_controller
@@ -300,7 +327,7 @@ module CanCan
     end
 
     def extract_key(value)
-       value.to_s.underscore.gsub('/', '_')
+      value.to_s.underscore.tr('/', '_')
     end
   end
 end

data/lib/cancan/exceptions.rb

@@ -40,7 +40,7 @@ module CanCan
       @message = message
       @action = action
       @subject = subject
-      @default_message = I18n.t(:"unauthorized.default", :default => "You are not authorized to access this page.")
+      @default_message = I18n.t(:"unauthorized.default", default: 'You are not authorized to access this page.')
     end
 
     def to_s

data/lib/cancan/matchers.rb

@@ -14,11 +14,11 @@ Kernel.const_get(rspec_module)::Matchers.define :be_able_to do |*args|
 
   # Check that RSpec is < 2.99
   if !respond_to?(:failure_message) && respond_to?(:failure_message_for_should)
-    alias :failure_message :failure_message_for_should
+    alias_method :failure_message, :failure_message_for_should
   end
 
   if !respond_to?(:failure_message_when_negated) && respond_to?(:failure_message_for_should_not)
-    alias :failure_message_when_negated :failure_message_for_should_not
+    alias_method :failure_message_when_negated, :failure_message_for_should_not
   end
 
   failure_message do

data/lib/cancan/model_adapters/abstract_adapter.rb

@@ -11,7 +11,7 @@ module CanCan
       end
 
       # Used to determine if the given adapter should be used for the passed in class.
-      def self.for_class?(member_class)
+      def self.for_class?(_member_class)
         false # override in subclass
       end
 
@@ -22,24 +22,24 @@ module CanCan
 
       # Used to determine if this model adapter will override the matching behavior for a hash of conditions.
       # If this returns true then matches_conditions_hash? will be called. See Rule#matches_conditions_hash
-      def self.override_conditions_hash_matching?(subject, conditions)
+      def self.override_conditions_hash_matching?(_subject, _conditions)
         false
       end
 
       # Override if override_conditions_hash_matching? returns true
-      def self.matches_conditions_hash?(subject, conditions)
-        raise NotImplemented, "This model adapter does not support matching on a conditions hash."
+      def self.matches_conditions_hash?(_subject, _conditions)
+        raise NotImplemented, 'This model adapter does not support matching on a conditions hash.'
       end
 
       # Used to determine if this model adapter will override the matching behavior for a specific condition.
       # If this returns true then matches_condition? will be called. See Rule#matches_conditions_hash
-      def self.override_condition_matching?(subject, name, value)
+      def self.override_condition_matching?(_subject, _name, _value)
         false
       end
 
       # Override if override_condition_matching? returns true
-      def self.matches_condition?(subject, name, value)
-        raise NotImplemented, "This model adapter does not support matching on a specific condition."
+      def self.matches_condition?(_subject, _name, _value)
+        raise NotImplemented, 'This model adapter does not support matching on a specific condition.'
       end
 
       def initialize(model_class, rules)
@@ -49,7 +49,7 @@ module CanCan
 
       def database_records
         # This should be overridden in a subclass to return records which match @rules
-        raise NotImplemented, "This model adapter does not support fetching records from the database."
+        raise NotImplemented, 'This model adapter does not support fetching records from the database.'
       end
     end
   end