cancancan 1.15.0 → 1.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +38 -0
- data/.rubocop_todo.yml +48 -0
- data/.travis.yml +8 -2
- data/Appraisals +1 -0
- data/CHANGELOG.rdoc +5 -0
- data/Gemfile +1 -1
- data/README.md +58 -41
- data/Rakefile +7 -3
- data/cancancan.gemspec +13 -12
- data/gemfiles/activerecord_4.2.gemfile +1 -0
- data/lib/cancan.rb +2 -2
- data/lib/cancan/ability.rb +26 -24
- data/lib/cancan/controller_additions.rb +33 -23
- data/lib/cancan/controller_resource.rb +83 -56
- data/lib/cancan/exceptions.rb +1 -1
- data/lib/cancan/matchers.rb +2 -2
- data/lib/cancan/model_adapters/abstract_adapter.rb +8 -8
- data/lib/cancan/model_adapters/active_record_4_adapter.rb +48 -35
- data/lib/cancan/model_adapters/active_record_adapter.rb +18 -17
- data/lib/cancan/model_adapters/mongoid_adapter.rb +26 -21
- data/lib/cancan/model_adapters/sequel_adapter.rb +12 -12
- data/lib/cancan/model_additions.rb +0 -1
- data/lib/cancan/rule.rb +23 -17
- data/lib/cancan/version.rb +1 -1
- data/lib/generators/cancan/ability/ability_generator.rb +1 -1
- data/spec/cancan/ability_spec.rb +189 -180
- data/spec/cancan/controller_additions_spec.rb +77 -64
- data/spec/cancan/controller_resource_spec.rb +230 -228
- data/spec/cancan/exceptions_spec.rb +20 -20
- data/spec/cancan/inherited_resource_spec.rb +21 -21
- data/spec/cancan/matchers_spec.rb +12 -12
- data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb +38 -32
- data/spec/cancan/model_adapters/active_record_adapter_spec.rb +155 -145
- data/spec/cancan/model_adapters/default_adapter_spec.rb +2 -2
- data/spec/cancan/model_adapters/mongoid_adapter_spec.rb +87 -88
- data/spec/cancan/model_adapters/sequel_adapter_spec.rb +44 -47
- data/spec/cancan/rule_spec.rb +18 -18
- data/spec/spec_helper.rb +2 -2
- data/spec/support/ability.rb +0 -1
- metadata +60 -19
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe CanCan::ControllerAdditions do
|
|
4
4
|
before(:each) do
|
|
@@ -14,135 +14,148 @@ describe CanCan::ControllerAdditions do
|
|
|
14
14
|
expect { @controller.unauthorized! }.to raise_error(CanCan::ImplementationRemoved)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it
|
|
17
|
+
it 'authorize! assigns @_authorized instance variable and pass args to current ability' do
|
|
18
18
|
allow(@controller.current_ability).to receive(:authorize!).with(:foo, :bar)
|
|
19
19
|
@controller.authorize!(:foo, :bar)
|
|
20
20
|
expect(@controller.instance_variable_get(:@_authorized)).to be(true)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
it
|
|
23
|
+
it 'has a current_ability method which generates an ability for the current user' do
|
|
24
24
|
expect(@controller.current_ability).to be_kind_of(Ability)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
it
|
|
27
|
+
it 'provides a can? and cannot? methods which go through the current ability' do
|
|
28
28
|
expect(@controller.current_ability).to be_kind_of(Ability)
|
|
29
29
|
expect(@controller.can?(:foo, :bar)).to be(false)
|
|
30
30
|
expect(@controller.cannot?(:foo, :bar)).to be(true)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
it
|
|
33
|
+
it 'load_and_authorize_resource setups a before filter which passes call to ControllerResource' do
|
|
34
34
|
expect(cancan_resource_class = double).to receive(:load_and_authorize_resource)
|
|
35
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, :
|
|
36
|
-
expect(@controller_class)
|
|
37
|
-
|
|
35
|
+
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, foo: :bar) { cancan_resource_class }
|
|
36
|
+
expect(@controller_class)
|
|
37
|
+
.to receive(callback_action(:before_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
38
|
+
@controller_class.load_and_authorize_resource foo: :bar
|
|
38
39
|
end
|
|
39
40
|
|
|
40
|
-
it
|
|
41
|
+
it 'load_and_authorize_resource properly passes first argument as the resource name' do
|
|
41
42
|
expect(cancan_resource_class = double).to receive(:load_and_authorize_resource)
|
|
42
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, :project, :
|
|
43
|
-
expect(@controller_class)
|
|
44
|
-
|
|
43
|
+
allow(CanCan::ControllerResource).to receive(:new).with(@controller, :project, foo: :bar) { cancan_resource_class }
|
|
44
|
+
expect(@controller_class)
|
|
45
|
+
.to receive(callback_action(:before_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
46
|
+
@controller_class.load_and_authorize_resource :project, foo: :bar
|
|
45
47
|
end
|
|
46
48
|
|
|
47
|
-
it
|
|
49
|
+
it 'load_and_authorize_resource with :prepend prepends the before filter' do
|
|
48
50
|
expect(@controller_class).to receive(callback_action(:prepend_before_action)).with({})
|
|
49
|
-
@controller_class.load_and_authorize_resource :
|
|
51
|
+
@controller_class.load_and_authorize_resource foo: :bar, prepend: true
|
|
50
52
|
end
|
|
51
53
|
|
|
52
|
-
it
|
|
54
|
+
it 'authorize_resource setups a before filter which passes call to ControllerResource' do
|
|
53
55
|
expect(cancan_resource_class = double).to receive(:authorize_resource)
|
|
54
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, :
|
|
55
|
-
expect(@controller_class)
|
|
56
|
-
|
|
56
|
+
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, foo: :bar) { cancan_resource_class }
|
|
57
|
+
expect(@controller_class)
|
|
58
|
+
.to receive(callback_action(:before_action)).with(except: :show, if: true) do |_options, &block|
|
|
59
|
+
block.call(@controller)
|
|
60
|
+
end
|
|
61
|
+
@controller_class.authorize_resource foo: :bar, except: :show, if: true
|
|
57
62
|
end
|
|
58
63
|
|
|
59
|
-
it
|
|
64
|
+
it 'load_resource setups a before filter which passes call to ControllerResource' do
|
|
60
65
|
expect(cancan_resource_class = double).to receive(:load_resource)
|
|
61
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, :
|
|
62
|
-
expect(@controller_class)
|
|
63
|
-
|
|
66
|
+
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, foo: :bar) { cancan_resource_class }
|
|
67
|
+
expect(@controller_class)
|
|
68
|
+
.to receive(callback_action(:before_action)).with(only: [:show, :index], unless: false) do |_options, &block|
|
|
69
|
+
block.call(@controller)
|
|
70
|
+
end
|
|
71
|
+
@controller_class.load_resource foo: :bar, only: [:show, :index], unless: false
|
|
64
72
|
end
|
|
65
73
|
|
|
66
|
-
it
|
|
67
|
-
expect(@controller_class)
|
|
74
|
+
it 'skip_authorization_check setups a before filter which sets @_authorized to true' do
|
|
75
|
+
expect(@controller_class)
|
|
76
|
+
.to receive(callback_action(:before_action)).with(:filter_options) { |_options, &block| block.call(@controller) }
|
|
68
77
|
@controller_class.skip_authorization_check(:filter_options)
|
|
69
78
|
expect(@controller.instance_variable_get(:@_authorized)).to be(true)
|
|
70
79
|
end
|
|
71
80
|
|
|
72
|
-
it
|
|
73
|
-
expect(@controller_class)
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
81
|
+
it 'check_authorization triggers AuthorizationNotPerformed in after filter' do
|
|
82
|
+
expect(@controller_class)
|
|
83
|
+
.to receive(callback_action(:after_action)).with(only: [:test]) { |_options, &block| block.call(@controller) }
|
|
84
|
+
expect do
|
|
85
|
+
@controller_class.check_authorization(only: [:test])
|
|
86
|
+
end.to raise_error(CanCan::AuthorizationNotPerformed)
|
|
77
87
|
end
|
|
78
88
|
|
|
79
|
-
it
|
|
89
|
+
it 'check_authorization does not trigger AuthorizationNotPerformed when :if is false' do
|
|
80
90
|
allow(@controller).to receive(:check_auth?) { false }
|
|
81
|
-
allow(@controller_class)
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
91
|
+
allow(@controller_class)
|
|
92
|
+
.to receive(callback_action(:after_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
93
|
+
expect do
|
|
94
|
+
@controller_class.check_authorization(if: :check_auth?)
|
|
95
|
+
end.not_to raise_error
|
|
85
96
|
end
|
|
86
97
|
|
|
87
|
-
it
|
|
98
|
+
it 'check_authorization does not trigger AuthorizationNotPerformed when :unless is true' do
|
|
88
99
|
allow(@controller).to receive(:engine_controller?) { true }
|
|
89
|
-
expect(@controller_class)
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
100
|
+
expect(@controller_class)
|
|
101
|
+
.to receive(callback_action(:after_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
102
|
+
expect do
|
|
103
|
+
@controller_class.check_authorization(unless: :engine_controller?)
|
|
104
|
+
end.not_to raise_error
|
|
93
105
|
end
|
|
94
106
|
|
|
95
|
-
it
|
|
107
|
+
it 'check_authorization does not raise error when @_authorized is set' do
|
|
96
108
|
@controller.instance_variable_set(:@_authorized, true)
|
|
97
|
-
expect(@controller_class)
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
109
|
+
expect(@controller_class)
|
|
110
|
+
.to receive(callback_action(:after_action)).with(only: [:test]) { |_options, &block| block.call(@controller) }
|
|
111
|
+
expect do
|
|
112
|
+
@controller_class.check_authorization(only: [:test])
|
|
113
|
+
end.not_to raise_error
|
|
101
114
|
end
|
|
102
115
|
|
|
103
|
-
it
|
|
116
|
+
it 'cancan_resource_class is ControllerResource by default' do
|
|
104
117
|
expect(@controller.class.cancan_resource_class).to eq(CanCan::ControllerResource)
|
|
105
118
|
end
|
|
106
119
|
|
|
107
|
-
it
|
|
108
|
-
allow(@controller.class).to receive(:ancestors) { [
|
|
120
|
+
it 'cancan_resource_class is InheritedResource when class includes InheritedResources::Actions' do
|
|
121
|
+
allow(@controller.class).to receive(:ancestors) { ['InheritedResources::Actions'] }
|
|
109
122
|
expect(@controller.class.cancan_resource_class).to eq(CanCan::InheritedResource)
|
|
110
123
|
end
|
|
111
124
|
|
|
112
|
-
it
|
|
113
|
-
expect(@controller_class.cancan_skipper).to eq(
|
|
125
|
+
it 'cancan_skipper is an empty hash with :authorize and :load options and remember changes' do
|
|
126
|
+
expect(@controller_class.cancan_skipper).to eq(authorize: {}, load: {})
|
|
114
127
|
@controller_class.cancan_skipper[:load] = true
|
|
115
128
|
expect(@controller_class.cancan_skipper[:load]).to be(true)
|
|
116
129
|
end
|
|
117
130
|
|
|
118
|
-
it
|
|
119
|
-
@controller_class.skip_authorize_resource(:project, :
|
|
120
|
-
expect(@controller_class.cancan_skipper[:authorize][:project]).to eq(
|
|
121
|
-
@controller_class.skip_authorize_resource(:
|
|
122
|
-
expect(@controller_class.cancan_skipper[:authorize][nil]).to eq(
|
|
131
|
+
it 'skip_authorize_resource adds itself to the cancan skipper with given model name and options' do
|
|
132
|
+
@controller_class.skip_authorize_resource(:project, only: [:index, :show])
|
|
133
|
+
expect(@controller_class.cancan_skipper[:authorize][:project]).to eq(only: [:index, :show])
|
|
134
|
+
@controller_class.skip_authorize_resource(only: [:index, :show])
|
|
135
|
+
expect(@controller_class.cancan_skipper[:authorize][nil]).to eq(only: [:index, :show])
|
|
123
136
|
@controller_class.skip_authorize_resource(:article)
|
|
124
137
|
expect(@controller_class.cancan_skipper[:authorize][:article]).to eq({})
|
|
125
138
|
end
|
|
126
139
|
|
|
127
|
-
it
|
|
128
|
-
@controller_class.skip_load_resource(:project, :
|
|
129
|
-
expect(@controller_class.cancan_skipper[:load][:project]).to eq(
|
|
130
|
-
@controller_class.skip_load_resource(:
|
|
131
|
-
expect(@controller_class.cancan_skipper[:load][nil]).to eq(
|
|
140
|
+
it 'skip_load_resource adds itself to the cancan skipper with given model name and options' do
|
|
141
|
+
@controller_class.skip_load_resource(:project, only: [:index, :show])
|
|
142
|
+
expect(@controller_class.cancan_skipper[:load][:project]).to eq(only: [:index, :show])
|
|
143
|
+
@controller_class.skip_load_resource(only: [:index, :show])
|
|
144
|
+
expect(@controller_class.cancan_skipper[:load][nil]).to eq(only: [:index, :show])
|
|
132
145
|
@controller_class.skip_load_resource(:article)
|
|
133
146
|
expect(@controller_class.cancan_skipper[:load][:article]).to eq({})
|
|
134
147
|
end
|
|
135
148
|
|
|
136
|
-
it
|
|
137
|
-
@controller_class.skip_load_and_authorize_resource(:project, :
|
|
138
|
-
expect(@controller_class.cancan_skipper[:load][:project]).to eq(
|
|
139
|
-
expect(@controller_class.cancan_skipper[:authorize][:project]).to eq(
|
|
149
|
+
it 'skip_load_and_authore_resource adds itself to the cancan skipper with given model name and options' do
|
|
150
|
+
@controller_class.skip_load_and_authorize_resource(:project, only: [:index, :show])
|
|
151
|
+
expect(@controller_class.cancan_skipper[:load][:project]).to eq(only: [:index, :show])
|
|
152
|
+
expect(@controller_class.cancan_skipper[:authorize][:project]).to eq(only: [:index, :show])
|
|
140
153
|
end
|
|
141
154
|
|
|
142
155
|
private
|
|
143
156
|
|
|
144
157
|
def callback_action(action)
|
|
145
|
-
if ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new(
|
|
158
|
+
if ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new('4')
|
|
146
159
|
action
|
|
147
160
|
else
|
|
148
161
|
action.to_s.sub(/_action/, '_filter')
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe CanCan::ControllerResource do
|
|
4
4
|
let(:ability) { Ability.new(nil) }
|
|
5
|
-
let(:params) { HashWithIndifferentAccess.new(:
|
|
5
|
+
let(:params) { HashWithIndifferentAccess.new(controller: 'models') }
|
|
6
6
|
let(:controller_class) { Class.new }
|
|
7
7
|
let(:controller) { controller_class.new }
|
|
8
8
|
|
|
@@ -10,7 +10,7 @@ describe CanCan::ControllerResource do
|
|
|
10
10
|
class Model
|
|
11
11
|
attr_accessor :name
|
|
12
12
|
|
|
13
|
-
def initialize(attributes={})
|
|
13
|
+
def initialize(attributes = {})
|
|
14
14
|
attributes.each do |attribute, value|
|
|
15
15
|
send("#{attribute}=", value)
|
|
16
16
|
end
|
|
@@ -19,178 +19,180 @@ describe CanCan::ControllerResource do
|
|
|
19
19
|
|
|
20
20
|
allow(controller).to receive(:params) { params }
|
|
21
21
|
allow(controller).to receive(:current_ability) { ability }
|
|
22
|
-
allow(controller_class).to receive(:cancan_skipper) { {:
|
|
22
|
+
allow(controller_class).to receive(:cancan_skipper) { { authorize: {}, load: {} } }
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
context
|
|
25
|
+
context 'on build actions' do
|
|
26
26
|
before :each do
|
|
27
|
-
params.merge!(:
|
|
27
|
+
params.merge!(action: 'new')
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
it
|
|
31
|
-
ability.can(:create, Model, :
|
|
30
|
+
it 'builds a new resource with attributes from current ability' do
|
|
31
|
+
ability.can(:create, Model, name: 'from conditions')
|
|
32
32
|
resource = CanCan::ControllerResource.new(controller)
|
|
33
33
|
resource.load_resource
|
|
34
|
-
expect(controller.instance_variable_get(:@model).name).to eq(
|
|
34
|
+
expect(controller.instance_variable_get(:@model).name).to eq('from conditions')
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
it
|
|
38
|
-
params
|
|
39
|
-
ability.can(:create, Model, :
|
|
37
|
+
it 'overrides initial attributes with params' do
|
|
38
|
+
params[:model] = { name: 'from params' }
|
|
39
|
+
ability.can(:create, Model, name: 'from conditions')
|
|
40
40
|
resource = CanCan::ControllerResource.new(controller)
|
|
41
41
|
resource.load_resource
|
|
42
|
-
expect(controller.instance_variable_get(:@model).name).to eq(
|
|
42
|
+
expect(controller.instance_variable_get(:@model).name).to eq('from params')
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
it
|
|
46
|
-
params.merge!(:
|
|
45
|
+
it 'builds a resource when on custom new action even when params[:id] exists' do
|
|
46
|
+
params.merge!(action: 'build', id: '123')
|
|
47
47
|
allow(Model).to receive(:new) { :some_model }
|
|
48
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
48
|
+
resource = CanCan::ControllerResource.new(controller, new: :build)
|
|
49
49
|
resource.load_resource
|
|
50
50
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
-
it
|
|
53
|
+
it 'only authorizes :show action on parent resource' do
|
|
54
54
|
model = Model.new
|
|
55
|
-
allow(Model).to receive(:find).with(
|
|
55
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
56
56
|
|
|
57
|
-
params
|
|
57
|
+
params[:model_id] = 123
|
|
58
58
|
allow(controller).to receive(:authorize!).with(:show, model) { raise CanCan::AccessDenied }
|
|
59
|
-
resource = CanCan::ControllerResource.new(controller, :model, :
|
|
59
|
+
resource = CanCan::ControllerResource.new(controller, :model, parent: true)
|
|
60
60
|
expect { resource.load_and_authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
context
|
|
64
|
+
context 'on create actions' do
|
|
65
65
|
before :each do
|
|
66
|
-
params.merge!(:
|
|
66
|
+
params.merge!(action: 'create')
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
# Rails includes namespace in params, see issue #349
|
|
70
|
-
it
|
|
70
|
+
it 'creates through the namespaced params' do
|
|
71
71
|
module MyEngine
|
|
72
72
|
class Model < ::Model; end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
params.merge!(:
|
|
75
|
+
params.merge!(controller: 'my_engine/models', my_engine_model: { name: 'foobar' })
|
|
76
76
|
resource = CanCan::ControllerResource.new(controller)
|
|
77
77
|
resource.load_resource
|
|
78
|
-
expect(controller.instance_variable_get(:@model).name).to eq(
|
|
78
|
+
expect(controller.instance_variable_get(:@model).name).to eq('foobar')
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
it
|
|
82
|
-
params
|
|
81
|
+
it 'builds a new resource with hash if params[:id] is not specified' do
|
|
82
|
+
params[:model] = { name: 'foobar' }
|
|
83
83
|
resource = CanCan::ControllerResource.new(controller)
|
|
84
84
|
resource.load_resource
|
|
85
|
-
expect(controller.instance_variable_get(:@model).name).to eq(
|
|
85
|
+
expect(controller.instance_variable_get(:@model).name).to eq('foobar')
|
|
86
86
|
end
|
|
87
87
|
|
|
88
|
-
it
|
|
88
|
+
it 'builds a new resource for namespaced model with hash if params[:id] is not specified' do
|
|
89
89
|
module Sub
|
|
90
90
|
class Model < ::Model; end
|
|
91
91
|
end
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
resource = CanCan::ControllerResource.new(controller, :class => ::Sub::Model)
|
|
92
|
+
params['sub_model'] = { name: 'foobar' }
|
|
93
|
+
resource = CanCan::ControllerResource.new(controller, class: ::Sub::Model)
|
|
95
94
|
resource.load_resource
|
|
96
|
-
expect(controller.instance_variable_get(:@model).name).to eq(
|
|
95
|
+
expect(controller.instance_variable_get(:@model).name).to eq('foobar')
|
|
97
96
|
end
|
|
98
97
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
98
|
+
context 'params[:id] is not specified' do
|
|
99
|
+
it 'builds a new resource for namespaced controller and namespaced model with hash' do
|
|
100
|
+
params.merge!(:controller => 'admin/sub_models', 'sub_model' => { name: 'foobar' })
|
|
101
|
+
resource = CanCan::ControllerResource.new(controller, class: Model)
|
|
102
|
+
resource.load_resource
|
|
103
|
+
expect(controller.instance_variable_get(:@sub_model).name).to eq('foobar')
|
|
104
|
+
end
|
|
104
105
|
end
|
|
105
106
|
|
|
106
|
-
it
|
|
107
|
+
it 'builds a new resource for namespaced controller given through folder format' do
|
|
107
108
|
module Admin
|
|
108
109
|
module SubModule
|
|
109
110
|
class HiddenModel < ::Model; end
|
|
110
111
|
end
|
|
111
112
|
end
|
|
112
|
-
params
|
|
113
|
+
params[:controller] = 'admin/sub_module/hidden_models'
|
|
113
114
|
resource = CanCan::ControllerResource.new(controller)
|
|
114
115
|
expect { resource.load_resource }.not_to raise_error
|
|
115
116
|
end
|
|
116
117
|
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
params.merge!(:model => {:name => "foobar"})
|
|
118
|
+
context 'with :singleton option' do
|
|
119
|
+
it 'does not build record through has_one association because it can cause it to delete it in the database' do
|
|
120
|
+
category = Class.new
|
|
121
|
+
allow_any_instance_of(Model).to receive('category=').with(category)
|
|
122
|
+
allow_any_instance_of(Model).to receive('category') { category }
|
|
123
123
|
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
124
|
+
params[:model] = { name: 'foobar' }
|
|
125
|
+
controller.instance_variable_set(:@category, category)
|
|
126
|
+
resource = CanCan::ControllerResource.new(controller, through: :category, singleton: true)
|
|
127
|
+
resource.load_resource
|
|
128
|
+
expect(controller.instance_variable_get(:@model).name).to eq('foobar')
|
|
129
|
+
expect(controller.instance_variable_get(:@model).category).to eq(category)
|
|
130
|
+
end
|
|
129
131
|
end
|
|
130
132
|
|
|
131
|
-
it
|
|
132
|
-
params
|
|
133
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
133
|
+
it 'builds record through has_one association with :singleton and :shallow options' do
|
|
134
|
+
params[:model] = { name: 'foobar' }
|
|
135
|
+
resource = CanCan::ControllerResource.new(controller, through: :category, singleton: true, shallow: true)
|
|
134
136
|
resource.load_resource
|
|
135
|
-
expect(controller.instance_variable_get(:@model).name).to eq(
|
|
137
|
+
expect(controller.instance_variable_get(:@model).name).to eq('foobar')
|
|
136
138
|
end
|
|
137
139
|
|
|
138
|
-
context
|
|
140
|
+
context 'with a strong parameters method' do
|
|
139
141
|
before :each do
|
|
140
|
-
params.merge!(:
|
|
142
|
+
params.merge!(controller: 'model', model: { name: 'test' })
|
|
141
143
|
end
|
|
142
144
|
|
|
143
|
-
it
|
|
144
|
-
allow(controller).to receive(:resource_params).and_return(:
|
|
145
|
-
allow(controller).to receive(:model_params).and_return(:
|
|
146
|
-
allow(controller).to receive(:create_params).and_return(:
|
|
147
|
-
allow(controller).to receive(:custom_params).and_return(:
|
|
148
|
-
resource = CanCan::ControllerResource.new(controller,
|
|
149
|
-
expect(resource.send(
|
|
145
|
+
it 'accepts and uses the specified symbol for santitizing input' do
|
|
146
|
+
allow(controller).to receive(:resource_params).and_return(resource: 'params')
|
|
147
|
+
allow(controller).to receive(:model_params).and_return(model: 'params')
|
|
148
|
+
allow(controller).to receive(:create_params).and_return(create: 'params')
|
|
149
|
+
allow(controller).to receive(:custom_params).and_return(custom: 'params')
|
|
150
|
+
resource = CanCan::ControllerResource.new(controller, param_method: :custom_params)
|
|
151
|
+
expect(resource.send('resource_params')).to eq(custom: 'params')
|
|
150
152
|
end
|
|
151
153
|
|
|
152
|
-
it
|
|
153
|
-
resource = CanCan::ControllerResource.new(controller,
|
|
154
|
-
expect(resource.send(
|
|
154
|
+
it 'accepts the specified string for sanitizing input' do
|
|
155
|
+
resource = CanCan::ControllerResource.new(controller, param_method: "{:custom => 'params'}")
|
|
156
|
+
expect(resource.send('resource_params')).to eq(custom: 'params')
|
|
155
157
|
end
|
|
156
158
|
|
|
157
|
-
it
|
|
158
|
-
resource = CanCan::ControllerResource.new(controller,
|
|
159
|
-
expect(resource.send(
|
|
159
|
+
it 'accepts the specified proc for sanitizing input' do
|
|
160
|
+
resource = CanCan::ControllerResource.new(controller, param_method: proc { |_c| { custom: 'params' } })
|
|
161
|
+
expect(resource.send('resource_params')).to eq(custom: 'params')
|
|
160
162
|
end
|
|
161
163
|
|
|
162
|
-
it
|
|
163
|
-
allow(controller).to receive(:resource_params).and_return(:
|
|
164
|
-
allow(controller).to receive(:model_params).and_return(:
|
|
165
|
-
allow(controller).to receive(:create_params).and_return(:
|
|
166
|
-
allow(controller).to receive(:custom_params).and_return(:
|
|
164
|
+
it 'prefers to use the create_params method for santitizing input' do
|
|
165
|
+
allow(controller).to receive(:resource_params).and_return(resource: 'params')
|
|
166
|
+
allow(controller).to receive(:model_params).and_return(model: 'params')
|
|
167
|
+
allow(controller).to receive(:create_params).and_return(create: 'params')
|
|
168
|
+
allow(controller).to receive(:custom_params).and_return(custom: 'params')
|
|
167
169
|
resource = CanCan::ControllerResource.new(controller)
|
|
168
|
-
expect(resource.send(
|
|
170
|
+
expect(resource.send('resource_params')).to eq(create: 'params')
|
|
169
171
|
end
|
|
170
172
|
|
|
171
|
-
it
|
|
172
|
-
allow(controller).to receive(:resource_params).and_return(:
|
|
173
|
-
allow(controller).to receive(:model_params).and_return(:
|
|
174
|
-
allow(controller).to receive(:custom_params).and_return(:
|
|
173
|
+
it 'prefers to use the <model_name>_params method for santitizing input if create is not found' do
|
|
174
|
+
allow(controller).to receive(:resource_params).and_return(resource: 'params')
|
|
175
|
+
allow(controller).to receive(:model_params).and_return(model: 'params')
|
|
176
|
+
allow(controller).to receive(:custom_params).and_return(custom: 'params')
|
|
175
177
|
resource = CanCan::ControllerResource.new(controller)
|
|
176
|
-
expect(resource.send(
|
|
178
|
+
expect(resource.send('resource_params')).to eq(model: 'params')
|
|
177
179
|
end
|
|
178
180
|
|
|
179
|
-
it
|
|
180
|
-
allow(controller).to receive(:resource_params).and_return(:
|
|
181
|
-
allow(controller).to receive(:custom_params).and_return(:
|
|
181
|
+
it 'prefers to use the resource_params method for santitizing input if create or model is not found' do
|
|
182
|
+
allow(controller).to receive(:resource_params).and_return(resource: 'params')
|
|
183
|
+
allow(controller).to receive(:custom_params).and_return(custom: 'params')
|
|
182
184
|
resource = CanCan::ControllerResource.new(controller)
|
|
183
|
-
expect(resource.send(
|
|
185
|
+
expect(resource.send('resource_params')).to eq(resource: 'params')
|
|
184
186
|
end
|
|
185
187
|
end
|
|
186
188
|
end
|
|
187
189
|
|
|
188
|
-
context
|
|
190
|
+
context 'on collection actions' do
|
|
189
191
|
before :each do
|
|
190
192
|
params[:action] = 'index'
|
|
191
193
|
end
|
|
192
194
|
|
|
193
|
-
it
|
|
195
|
+
it 'builds a collection when on index action when class responds to accessible_by' do
|
|
194
196
|
allow(Model).to receive(:accessible_by).with(ability, :index) { :found_models }
|
|
195
197
|
|
|
196
198
|
resource = CanCan::ControllerResource.new(controller, :model)
|
|
@@ -199,123 +201,123 @@ describe CanCan::ControllerResource do
|
|
|
199
201
|
expect(controller.instance_variable_get(:@models)).to eq(:found_models)
|
|
200
202
|
end
|
|
201
203
|
|
|
202
|
-
it
|
|
204
|
+
it 'does not build a collection when on index action when class does not respond to accessible_by' do
|
|
203
205
|
resource = CanCan::ControllerResource.new(controller)
|
|
204
206
|
resource.load_resource
|
|
205
207
|
expect(controller.instance_variable_get(:@model)).to be_nil
|
|
206
208
|
expect(controller.instance_variable_defined?(:@models)).to be(false)
|
|
207
209
|
end
|
|
208
210
|
|
|
209
|
-
it
|
|
211
|
+
it 'does not use accessible_by when defining abilities through a block' do
|
|
210
212
|
allow(Model).to receive(:accessible_by).with(ability) { :found_models }
|
|
211
213
|
|
|
212
|
-
ability.can(:read, Model) { |
|
|
214
|
+
ability.can(:read, Model) { |_p| false }
|
|
213
215
|
resource = CanCan::ControllerResource.new(controller)
|
|
214
216
|
resource.load_resource
|
|
215
217
|
expect(controller.instance_variable_get(:@model)).to be_nil
|
|
216
218
|
expect(controller.instance_variable_defined?(:@models)).to be(false)
|
|
217
219
|
end
|
|
218
220
|
|
|
219
|
-
it
|
|
221
|
+
it 'does not authorize single resource in collection action' do
|
|
220
222
|
allow(controller).to receive(:authorize!).with(:index, Model) { raise CanCan::AccessDenied }
|
|
221
223
|
resource = CanCan::ControllerResource.new(controller)
|
|
222
224
|
|
|
223
225
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
224
226
|
end
|
|
225
227
|
|
|
226
|
-
it
|
|
228
|
+
it 'authorizes parent resource in collection action' do
|
|
227
229
|
controller.instance_variable_set(:@category, :some_category)
|
|
228
230
|
allow(controller).to receive(:authorize!).with(:show, :some_category) { raise CanCan::AccessDenied }
|
|
229
231
|
|
|
230
|
-
resource = CanCan::ControllerResource.new(controller, :category, :
|
|
232
|
+
resource = CanCan::ControllerResource.new(controller, :category, parent: true)
|
|
231
233
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
232
234
|
end
|
|
233
235
|
|
|
234
|
-
it
|
|
236
|
+
it 'authorizes with :custom_action for parent collection action' do
|
|
235
237
|
controller.instance_variable_set(:@category, :some_category)
|
|
236
238
|
allow(controller).to receive(:authorize!).with(:custom_action, :some_category) { raise CanCan::AccessDenied }
|
|
237
239
|
|
|
238
|
-
resource = CanCan::ControllerResource.new(controller, :category, :
|
|
240
|
+
resource = CanCan::ControllerResource.new(controller, :category, parent: true, parent_action: :custom_action)
|
|
239
241
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
240
242
|
end
|
|
241
243
|
|
|
242
|
-
it
|
|
244
|
+
it 'has the specified nested resource_class when using / for namespace' do
|
|
243
245
|
module Admin
|
|
244
246
|
class Dashboard; end
|
|
245
247
|
end
|
|
246
|
-
ability.can(:index,
|
|
247
|
-
params
|
|
248
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
248
|
+
ability.can(:index, 'admin/dashboard')
|
|
249
|
+
params[:controller] = 'admin/dashboard'
|
|
250
|
+
resource = CanCan::ControllerResource.new(controller, authorize: true)
|
|
249
251
|
expect(resource.send(:resource_class)).to eq(Admin::Dashboard)
|
|
250
252
|
end
|
|
251
253
|
|
|
252
|
-
it
|
|
253
|
-
params.merge!(:
|
|
254
|
+
it 'does not build a single resource when on custom collection action even with id' do
|
|
255
|
+
params.merge!(action: 'sort', id: '123')
|
|
254
256
|
|
|
255
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
257
|
+
resource = CanCan::ControllerResource.new(controller, collection: [:sort, :list])
|
|
256
258
|
resource.load_resource
|
|
257
259
|
expect(controller.instance_variable_get(:@model)).to be_nil
|
|
258
260
|
end
|
|
259
261
|
|
|
260
|
-
it
|
|
262
|
+
it 'loads a collection resource when on custom action with no id param' do
|
|
261
263
|
allow(Model).to receive(:accessible_by).with(ability, :sort) { :found_models }
|
|
262
|
-
params[:action] =
|
|
264
|
+
params[:action] = 'sort'
|
|
263
265
|
resource = CanCan::ControllerResource.new(controller)
|
|
264
266
|
resource.load_resource
|
|
265
267
|
expect(controller.instance_variable_get(:@model)).to be_nil
|
|
266
268
|
expect(controller.instance_variable_get(:@models)).to eq(:found_models)
|
|
267
269
|
end
|
|
268
270
|
|
|
269
|
-
it
|
|
271
|
+
it 'loads parent resource through proper id parameter' do
|
|
270
272
|
model = Model.new
|
|
271
|
-
allow(Model).to receive(:find).with(
|
|
273
|
+
allow(Model).to receive(:find).with('1') { model }
|
|
272
274
|
|
|
273
|
-
params.merge!(:
|
|
275
|
+
params.merge!(controller: 'categories', model_id: 1)
|
|
274
276
|
resource = CanCan::ControllerResource.new(controller, :model)
|
|
275
277
|
resource.load_resource
|
|
276
278
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
277
279
|
end
|
|
278
280
|
|
|
279
|
-
it
|
|
281
|
+
it 'authorizes nested resource through parent association on index action' do
|
|
280
282
|
controller.instance_variable_set(:@category, category = double)
|
|
281
283
|
allow(controller).to receive(:authorize!).with(:index, category => Model) { raise CanCan::AccessDenied }
|
|
282
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
284
|
+
resource = CanCan::ControllerResource.new(controller, through: :category)
|
|
283
285
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
284
286
|
end
|
|
285
287
|
end
|
|
286
288
|
|
|
287
|
-
context
|
|
289
|
+
context 'on instance read actions' do
|
|
288
290
|
before :each do
|
|
289
|
-
params.merge!(:
|
|
291
|
+
params.merge!(action: 'show', id: '123')
|
|
290
292
|
end
|
|
291
293
|
|
|
292
|
-
it
|
|
294
|
+
it 'loads the resource into an instance variable if params[:id] is specified' do
|
|
293
295
|
model = Model.new
|
|
294
|
-
allow(Model).to receive(:find).with(
|
|
296
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
295
297
|
|
|
296
298
|
resource = CanCan::ControllerResource.new(controller)
|
|
297
299
|
resource.load_resource
|
|
298
300
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
299
301
|
end
|
|
300
302
|
|
|
301
|
-
it
|
|
303
|
+
it 'does not load resource into an instance variable if already set' do
|
|
302
304
|
controller.instance_variable_set(:@model, :some_model)
|
|
303
305
|
resource = CanCan::ControllerResource.new(controller)
|
|
304
306
|
resource.load_resource
|
|
305
307
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
306
308
|
end
|
|
307
309
|
|
|
308
|
-
it
|
|
310
|
+
it 'loads resource for namespaced controller' do
|
|
309
311
|
model = Model.new
|
|
310
|
-
allow(Model).to receive(:find).with(
|
|
311
|
-
params
|
|
312
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
313
|
+
params[:controller] = 'admin/models'
|
|
312
314
|
|
|
313
315
|
resource = CanCan::ControllerResource.new(controller)
|
|
314
316
|
resource.load_resource
|
|
315
317
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
316
318
|
end
|
|
317
319
|
|
|
318
|
-
it
|
|
320
|
+
it 'performs authorization using controller action and loaded model' do
|
|
319
321
|
controller.instance_variable_set(:@model, :some_model)
|
|
320
322
|
allow(controller).to receive(:authorize!).with(:show, :some_model) { raise CanCan::AccessDenied }
|
|
321
323
|
|
|
@@ -323,179 +325,179 @@ describe CanCan::ControllerResource do
|
|
|
323
325
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
324
326
|
end
|
|
325
327
|
|
|
326
|
-
it
|
|
328
|
+
it 'performs authorization using controller action and non loaded model' do
|
|
327
329
|
allow(controller).to receive(:authorize!).with(:show, Model) { raise CanCan::AccessDenied }
|
|
328
330
|
resource = CanCan::ControllerResource.new(controller)
|
|
329
331
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
330
332
|
end
|
|
331
333
|
|
|
332
|
-
it
|
|
334
|
+
it 'calls load_resource and authorize_resource for load_and_authorize_resource' do
|
|
333
335
|
resource = CanCan::ControllerResource.new(controller)
|
|
334
336
|
expect(resource).to receive(:load_resource)
|
|
335
337
|
expect(resource).to receive(:authorize_resource)
|
|
336
338
|
resource.load_and_authorize_resource
|
|
337
339
|
end
|
|
338
340
|
|
|
339
|
-
it
|
|
340
|
-
category = double(:
|
|
341
|
+
it 'loads resource through the association of another parent resource using instance variable' do
|
|
342
|
+
category = double(models: {})
|
|
341
343
|
controller.instance_variable_set(:@category, category)
|
|
342
|
-
allow(category.models).to receive(:find).with(
|
|
343
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
344
|
+
allow(category.models).to receive(:find).with('123') { :some_model }
|
|
345
|
+
resource = CanCan::ControllerResource.new(controller, through: :category)
|
|
344
346
|
resource.load_resource
|
|
345
347
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
346
348
|
end
|
|
347
349
|
|
|
348
|
-
it
|
|
349
|
-
category = double(:
|
|
350
|
+
it 'loads resource through the custom association name' do
|
|
351
|
+
category = double(custom_models: {})
|
|
350
352
|
controller.instance_variable_set(:@category, category)
|
|
351
|
-
allow(category.custom_models).to receive(:find).with(
|
|
352
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
353
|
+
allow(category.custom_models).to receive(:find).with('123') { :some_model }
|
|
354
|
+
resource = CanCan::ControllerResource.new(controller, through: :category, through_association: :custom_models)
|
|
353
355
|
resource.load_resource
|
|
354
356
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
355
357
|
end
|
|
356
358
|
|
|
357
|
-
it
|
|
358
|
-
category = double(:
|
|
359
|
+
it 'loads resource through the association of another parent resource using method' do
|
|
360
|
+
category = double(models: {})
|
|
359
361
|
allow(controller).to receive(:category) { category }
|
|
360
|
-
allow(category.models).to receive(:find).with(
|
|
361
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
362
|
+
allow(category.models).to receive(:find).with('123') { :some_model }
|
|
363
|
+
resource = CanCan::ControllerResource.new(controller, through: :category)
|
|
362
364
|
resource.load_resource
|
|
363
365
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
364
366
|
end
|
|
365
367
|
|
|
366
368
|
it "does not load through parent resource if instance isn't loaded when shallow" do
|
|
367
369
|
model = Model.new
|
|
368
|
-
allow(Model).to receive(:find).with(
|
|
370
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
369
371
|
|
|
370
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
372
|
+
resource = CanCan::ControllerResource.new(controller, through: :category, shallow: true)
|
|
371
373
|
resource.load_resource
|
|
372
374
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
373
375
|
end
|
|
374
376
|
|
|
375
|
-
it
|
|
376
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
377
|
-
expect
|
|
377
|
+
it 'raises AccessDenied when attempting to load resource through nil' do
|
|
378
|
+
resource = CanCan::ControllerResource.new(controller, through: :category)
|
|
379
|
+
expect do
|
|
378
380
|
resource.load_resource
|
|
379
|
-
|
|
381
|
+
end.to raise_error(CanCan::AccessDenied) { |exception|
|
|
380
382
|
expect(exception.action).to eq(:show)
|
|
381
383
|
expect(exception.subject).to eq(Model)
|
|
382
384
|
}
|
|
383
385
|
expect(controller.instance_variable_get(:@model)).to be_nil
|
|
384
386
|
end
|
|
385
387
|
|
|
386
|
-
it
|
|
387
|
-
category = double(:
|
|
388
|
+
it 'loads through first matching if multiple are given' do
|
|
389
|
+
category = double(models: {})
|
|
388
390
|
controller.instance_variable_set(:@category, category)
|
|
389
|
-
allow(category.models).to receive(:find).with(
|
|
391
|
+
allow(category.models).to receive(:find).with('123') { :some_model }
|
|
390
392
|
|
|
391
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
393
|
+
resource = CanCan::ControllerResource.new(controller, through: [:category, :user])
|
|
392
394
|
resource.load_resource
|
|
393
395
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
394
396
|
end
|
|
395
397
|
|
|
396
|
-
it
|
|
397
|
-
params
|
|
398
|
+
it 'finds record through has_one association with :singleton option without id param' do
|
|
399
|
+
params[:id] = nil
|
|
398
400
|
|
|
399
|
-
category = double(:
|
|
401
|
+
category = double(model: :some_model)
|
|
400
402
|
controller.instance_variable_set(:@category, category)
|
|
401
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
403
|
+
resource = CanCan::ControllerResource.new(controller, through: :category, singleton: true)
|
|
402
404
|
resource.load_resource
|
|
403
405
|
expect(controller.instance_variable_get(:@model)).to eq(:some_model)
|
|
404
406
|
end
|
|
405
407
|
|
|
406
|
-
it
|
|
407
|
-
params.merge!(:
|
|
408
|
+
it 'does not try to load resource for other action if params[:id] is undefined' do
|
|
409
|
+
params.merge!(action: 'list', id: nil)
|
|
408
410
|
resource = CanCan::ControllerResource.new(controller)
|
|
409
411
|
resource.load_resource
|
|
410
412
|
expect(controller.instance_variable_get(:@model)).to be_nil
|
|
411
413
|
end
|
|
412
414
|
|
|
413
|
-
it
|
|
415
|
+
it 'finds record through has_one association with :singleton and :shallow options' do
|
|
414
416
|
model = Model.new
|
|
415
|
-
allow(Model).to receive(:find).with(
|
|
417
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
416
418
|
|
|
417
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
419
|
+
resource = CanCan::ControllerResource.new(controller, through: :category, singleton: true, shallow: true)
|
|
418
420
|
resource.load_resource
|
|
419
421
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
420
422
|
end
|
|
421
423
|
|
|
422
|
-
it
|
|
424
|
+
it 'loads the model using a custom class' do
|
|
423
425
|
model = Model.new
|
|
424
|
-
allow(Model).to receive(:find).with(
|
|
426
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
425
427
|
|
|
426
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
428
|
+
resource = CanCan::ControllerResource.new(controller, class: Model)
|
|
427
429
|
resource.load_resource
|
|
428
430
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
429
431
|
end
|
|
430
432
|
|
|
431
|
-
it
|
|
433
|
+
it 'loads the model using a custom namespaced class' do
|
|
432
434
|
module Sub
|
|
433
435
|
class Model < ::Model; end
|
|
434
436
|
end
|
|
435
437
|
|
|
436
438
|
model = Sub::Model.new
|
|
437
|
-
allow(Sub::Model).to receive(:find).with(
|
|
439
|
+
allow(Sub::Model).to receive(:find).with('123') { model }
|
|
438
440
|
|
|
439
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
441
|
+
resource = CanCan::ControllerResource.new(controller, class: ::Sub::Model)
|
|
440
442
|
resource.load_resource
|
|
441
443
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
442
444
|
end
|
|
443
445
|
|
|
444
|
-
it
|
|
446
|
+
it 'authorizes based on resource name if class is false' do
|
|
445
447
|
allow(controller).to receive(:authorize!).with(:show, :model) { raise CanCan::AccessDenied }
|
|
446
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
448
|
+
resource = CanCan::ControllerResource.new(controller, class: false)
|
|
447
449
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
448
450
|
end
|
|
449
451
|
|
|
450
|
-
it
|
|
452
|
+
it 'loads and authorize using custom instance name' do
|
|
451
453
|
model = Model.new
|
|
452
|
-
allow(Model).to receive(:find).with(
|
|
454
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
453
455
|
|
|
454
456
|
allow(controller).to receive(:authorize!).with(:show, model) { raise CanCan::AccessDenied }
|
|
455
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
457
|
+
resource = CanCan::ControllerResource.new(controller, instance_name: :custom_model)
|
|
456
458
|
expect { resource.load_and_authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
457
459
|
expect(controller.instance_variable_get(:@custom_model)).to eq(model)
|
|
458
460
|
end
|
|
459
461
|
|
|
460
|
-
it
|
|
462
|
+
it 'loads resource using custom ID param' do
|
|
461
463
|
model = Model.new
|
|
462
|
-
allow(Model).to receive(:find).with(
|
|
464
|
+
allow(Model).to receive(:find).with('123') { model }
|
|
463
465
|
|
|
464
|
-
params
|
|
465
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
466
|
+
params[:the_model] = 123
|
|
467
|
+
resource = CanCan::ControllerResource.new(controller, id_param: :the_model)
|
|
466
468
|
resource.load_resource
|
|
467
469
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
468
470
|
end
|
|
469
471
|
|
|
470
472
|
# CVE-2012-5664
|
|
471
|
-
it
|
|
472
|
-
params
|
|
473
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
473
|
+
it 'always converts id param to string' do
|
|
474
|
+
params[:the_model] = { malicious: 'I am' }
|
|
475
|
+
resource = CanCan::ControllerResource.new(controller, id_param: :the_model)
|
|
474
476
|
expect(resource.send(:id_param).class).to eq(String)
|
|
475
477
|
end
|
|
476
478
|
|
|
477
|
-
it
|
|
478
|
-
params
|
|
479
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
479
|
+
it 'should id param return nil if param is nil' do
|
|
480
|
+
params[:the_model] = nil
|
|
481
|
+
resource = CanCan::ControllerResource.new(controller, id_param: :the_model)
|
|
480
482
|
expect(resource.send(:id_param)).to be_nil
|
|
481
483
|
end
|
|
482
484
|
|
|
483
|
-
it
|
|
485
|
+
it 'loads resource using custom find_by attribute' do
|
|
484
486
|
model = Model.new
|
|
485
487
|
allow(Model).to receive(:name).with('foo') { model }
|
|
486
488
|
|
|
487
|
-
params.merge!(:
|
|
488
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
489
|
+
params.merge!(action: 'show', id: 'foo')
|
|
490
|
+
resource = CanCan::ControllerResource.new(controller, find_by: :name)
|
|
489
491
|
resource.load_resource
|
|
490
492
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
491
493
|
end
|
|
492
494
|
|
|
493
|
-
it
|
|
495
|
+
it 'allows full find method to be passed into find_by option' do
|
|
494
496
|
model = Model.new
|
|
495
497
|
allow(Model).to receive(:find_by_name).with('foo') { model }
|
|
496
498
|
|
|
497
|
-
params.merge!(:
|
|
498
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
499
|
+
params.merge!(action: 'show', id: 'foo')
|
|
500
|
+
resource = CanCan::ControllerResource.new(controller, find_by: :find_by_name)
|
|
499
501
|
resource.load_resource
|
|
500
502
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
501
503
|
end
|
|
@@ -504,16 +506,16 @@ describe CanCan::ControllerResource do
|
|
|
504
506
|
context 'when @name passed as symbol' do
|
|
505
507
|
it 'returns namespaced #resource_class' do
|
|
506
508
|
module Admin; end
|
|
507
|
-
class Admin::Dashboard; end
|
|
508
|
-
params
|
|
509
|
+
class Admin::Dashboard; end
|
|
510
|
+
params[:controller] = 'admin/dashboard'
|
|
509
511
|
resource = CanCan::ControllerResource.new(controller, :dashboard)
|
|
510
512
|
|
|
511
513
|
expect(resource.send(:resource_class)).to eq Admin::Dashboard
|
|
512
514
|
end
|
|
513
515
|
end
|
|
514
516
|
|
|
515
|
-
it
|
|
516
|
-
params.merge!(:
|
|
517
|
+
it 'calls the santitizer when the parameter hash matches our object' do
|
|
518
|
+
params.merge!(action: 'create', model: { name: 'test' })
|
|
517
519
|
allow(controller).to receive(:create_params).and_return({})
|
|
518
520
|
|
|
519
521
|
resource = CanCan::ControllerResource.new(controller)
|
|
@@ -521,17 +523,17 @@ describe CanCan::ControllerResource do
|
|
|
521
523
|
expect(controller.instance_variable_get(:@model).name).to eq nil
|
|
522
524
|
end
|
|
523
525
|
|
|
524
|
-
it
|
|
525
|
-
params.merge!(:
|
|
526
|
+
it 'santitizes correctly when the instance name is overriden' do
|
|
527
|
+
params.merge!(action: 'create', custom_name: { name: 'foobar' })
|
|
526
528
|
allow(controller).to receive(:create_params).and_return({})
|
|
527
529
|
|
|
528
|
-
resource = CanCan::ControllerResource.new(controller, :
|
|
530
|
+
resource = CanCan::ControllerResource.new(controller, instance_name: :custom_name)
|
|
529
531
|
resource.load_resource
|
|
530
532
|
expect(controller.instance_variable_get(:@custom_name).name).to eq nil
|
|
531
533
|
end
|
|
532
534
|
|
|
533
|
-
it
|
|
534
|
-
params.merge!(:
|
|
535
|
+
it 'calls the santitize method on non-save actions when required' do
|
|
536
|
+
params.merge!(action: 'new', model: { name: 'test' })
|
|
535
537
|
|
|
536
538
|
allow(controller).to receive(:resource_params).and_return({})
|
|
537
539
|
resource = CanCan::ControllerResource.new(controller)
|
|
@@ -540,13 +542,13 @@ describe CanCan::ControllerResource do
|
|
|
540
542
|
end
|
|
541
543
|
|
|
542
544
|
it "doesn't sanitize parameters on non-save actions when not required" do
|
|
543
|
-
params.merge!(:
|
|
545
|
+
params.merge!(action: 'new', not_our_model: { name: 'test' })
|
|
544
546
|
allow(controller).to receive(:resource_params).and_raise
|
|
545
547
|
|
|
546
548
|
resource = CanCan::ControllerResource.new(controller)
|
|
547
|
-
expect
|
|
549
|
+
expect do
|
|
548
550
|
resource.load_resource
|
|
549
|
-
|
|
551
|
+
end.to_not raise_error
|
|
550
552
|
end
|
|
551
553
|
|
|
552
554
|
it "is a parent resource when name is provided which doesn't match controller" do
|
|
@@ -554,18 +556,18 @@ describe CanCan::ControllerResource do
|
|
|
554
556
|
expect(resource).to be_parent
|
|
555
557
|
end
|
|
556
558
|
|
|
557
|
-
it
|
|
559
|
+
it 'does not be a parent resource when name is provided which matches controller' do
|
|
558
560
|
resource = CanCan::ControllerResource.new(controller, :model)
|
|
559
561
|
expect(resource).to_not be_parent
|
|
560
562
|
end
|
|
561
563
|
|
|
562
|
-
it
|
|
563
|
-
resource = CanCan::ControllerResource.new(controller, :model,
|
|
564
|
+
it 'is parent if specified in options' do
|
|
565
|
+
resource = CanCan::ControllerResource.new(controller, :model, parent: true)
|
|
564
566
|
expect(resource).to be_parent
|
|
565
567
|
end
|
|
566
568
|
|
|
567
|
-
it
|
|
568
|
-
resource = CanCan::ControllerResource.new(controller, :category,
|
|
569
|
+
it 'does not be parent if specified in options' do
|
|
570
|
+
resource = CanCan::ControllerResource.new(controller, :category, parent: false)
|
|
569
571
|
expect(resource).to_not be_parent
|
|
570
572
|
end
|
|
571
573
|
|
|
@@ -575,67 +577,67 @@ describe CanCan::ControllerResource do
|
|
|
575
577
|
expect(resource.send(:resource_class)).to eq(Section)
|
|
576
578
|
end
|
|
577
579
|
|
|
578
|
-
it
|
|
579
|
-
expect
|
|
580
|
-
CanCan::ControllerResource.new(controller, :
|
|
581
|
-
|
|
580
|
+
it 'raises ImplementationRemoved when adding :name option' do
|
|
581
|
+
expect do
|
|
582
|
+
CanCan::ControllerResource.new(controller, name: :foo)
|
|
583
|
+
end.to raise_error(CanCan::ImplementationRemoved)
|
|
582
584
|
end
|
|
583
585
|
|
|
584
|
-
it
|
|
585
|
-
expect
|
|
586
|
-
CanCan::ControllerResource.new(controller, :
|
|
587
|
-
|
|
586
|
+
it 'raises ImplementationRemoved exception when specifying :resource option since it is no longer used' do
|
|
587
|
+
expect do
|
|
588
|
+
CanCan::ControllerResource.new(controller, resource: Model)
|
|
589
|
+
end.to raise_error(CanCan::ImplementationRemoved)
|
|
588
590
|
end
|
|
589
591
|
|
|
590
|
-
it
|
|
591
|
-
expect
|
|
592
|
-
CanCan::ControllerResource.new(controller, :
|
|
593
|
-
|
|
592
|
+
it 'raises ImplementationRemoved exception when passing :nested option' do
|
|
593
|
+
expect do
|
|
594
|
+
CanCan::ControllerResource.new(controller, nested: :model)
|
|
595
|
+
end.to raise_error(CanCan::ImplementationRemoved)
|
|
594
596
|
end
|
|
595
597
|
|
|
596
|
-
it
|
|
597
|
-
allow(controller_class).to receive(:cancan_skipper) { {:
|
|
598
|
-
params
|
|
598
|
+
it 'skips resource behavior for :only actions in array' do
|
|
599
|
+
allow(controller_class).to receive(:cancan_skipper) { { load: { nil => { only: [:index, :show] } } } }
|
|
600
|
+
params[:action] = 'index'
|
|
599
601
|
expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be(true)
|
|
600
602
|
expect(CanCan::ControllerResource.new(controller, :some_resource).skip?(:load)).to be(false)
|
|
601
|
-
params
|
|
603
|
+
params[:action] = 'show'
|
|
602
604
|
expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be(true)
|
|
603
|
-
params
|
|
605
|
+
params[:action] = 'other_action'
|
|
604
606
|
expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be_falsey
|
|
605
607
|
end
|
|
606
608
|
|
|
607
|
-
it
|
|
608
|
-
allow(controller_class).to receive(:cancan_skipper) { {:
|
|
609
|
-
params
|
|
609
|
+
it 'skips resource behavior for :only one action on resource' do
|
|
610
|
+
allow(controller_class).to receive(:cancan_skipper) { { authorize: { model: { only: :index } } } }
|
|
611
|
+
params[:action] = 'index'
|
|
610
612
|
expect(CanCan::ControllerResource.new(controller).skip?(:authorize)).to be(false)
|
|
611
613
|
expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be(true)
|
|
612
|
-
params
|
|
614
|
+
params[:action] = 'other_action'
|
|
613
615
|
expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be_falsey
|
|
614
616
|
end
|
|
615
617
|
|
|
616
|
-
it
|
|
617
|
-
allow(controller_class).to receive(:cancan_skipper) { {:
|
|
618
|
-
params
|
|
618
|
+
it 'skips resource behavior :except actions in array' do
|
|
619
|
+
allow(controller_class).to receive(:cancan_skipper) { { load: { nil => { except: [:index, :show] } } } }
|
|
620
|
+
params[:action] = 'index'
|
|
619
621
|
expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be_falsey
|
|
620
|
-
params
|
|
622
|
+
params[:action] = 'show'
|
|
621
623
|
expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be_falsey
|
|
622
|
-
params
|
|
624
|
+
params[:action] = 'other_action'
|
|
623
625
|
expect(CanCan::ControllerResource.new(controller).skip?(:load)).to be(true)
|
|
624
626
|
expect(CanCan::ControllerResource.new(controller, :some_resource).skip?(:load)).to be(false)
|
|
625
627
|
end
|
|
626
628
|
|
|
627
|
-
it
|
|
628
|
-
allow(controller_class).to receive(:cancan_skipper) { {:
|
|
629
|
-
params
|
|
629
|
+
it 'skips resource behavior :except one action on resource' do
|
|
630
|
+
allow(controller_class).to receive(:cancan_skipper) { { authorize: { model: { except: :index } } } }
|
|
631
|
+
params[:action] = 'index'
|
|
630
632
|
expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be_falsey
|
|
631
|
-
params
|
|
633
|
+
params[:action] = 'other_action'
|
|
632
634
|
expect(CanCan::ControllerResource.new(controller).skip?(:authorize)).to be(false)
|
|
633
635
|
expect(CanCan::ControllerResource.new(controller, :model).skip?(:authorize)).to be(true)
|
|
634
636
|
end
|
|
635
637
|
|
|
636
|
-
it
|
|
637
|
-
allow(controller_class).to receive(:cancan_skipper) { {:
|
|
638
|
-
params
|
|
638
|
+
it 'skips loading and authorization' do
|
|
639
|
+
allow(controller_class).to receive(:cancan_skipper) { { authorize: { nil => {} }, load: { nil => {} } } }
|
|
640
|
+
params[:action] = 'new'
|
|
639
641
|
resource = CanCan::ControllerResource.new(controller)
|
|
640
642
|
expect { resource.load_and_authorize_resource }.not_to raise_error
|
|
641
643
|
expect(controller.instance_variable_get(:@model)).to be_nil
|