cancancan 1.15.0 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (74) hide show
  1. checksums.yaml +5 -5
  2. data/cancancan.gemspec +18 -18
  3. data/init.rb +2 -0
  4. data/lib/cancan.rb +9 -11
  5. data/lib/cancan/ability.rb +90 -203
  6. data/lib/cancan/ability/actions.rb +93 -0
  7. data/lib/cancan/ability/rules.rb +93 -0
  8. data/lib/cancan/ability/strong_parameter_support.rb +41 -0
  9. data/lib/cancan/conditions_matcher.rb +106 -0
  10. data/lib/cancan/controller_additions.rb +29 -36
  11. data/lib/cancan/controller_resource.rb +46 -211
  12. data/lib/cancan/controller_resource_builder.rb +26 -0
  13. data/lib/cancan/controller_resource_finder.rb +42 -0
  14. data/lib/cancan/controller_resource_loader.rb +120 -0
  15. data/lib/cancan/controller_resource_name_finder.rb +23 -0
  16. data/lib/cancan/controller_resource_sanitizer.rb +32 -0
  17. data/lib/cancan/exceptions.rb +17 -5
  18. data/lib/cancan/matchers.rb +12 -3
  19. data/lib/cancan/model_adapters/abstract_adapter.rb +10 -8
  20. data/lib/cancan/model_adapters/active_record_4_adapter.rb +39 -43
  21. data/lib/cancan/model_adapters/active_record_5_adapter.rb +68 -0
  22. data/lib/cancan/model_adapters/active_record_adapter.rb +77 -82
  23. data/lib/cancan/model_adapters/conditions_extractor.rb +75 -0
  24. data/lib/cancan/model_adapters/conditions_normalizer.rb +49 -0
  25. data/lib/cancan/model_adapters/default_adapter.rb +2 -0
  26. data/lib/cancan/model_additions.rb +2 -1
  27. data/lib/cancan/parameter_validators.rb +9 -0
  28. data/lib/cancan/relevant.rb +29 -0
  29. data/lib/cancan/rule.rb +76 -106
  30. data/lib/cancan/rules_compressor.rb +23 -0
  31. data/lib/cancan/unauthorized_message_resolver.rb +24 -0
  32. data/lib/cancan/version.rb +3 -1
  33. data/lib/cancancan.rb +2 -0
  34. data/lib/generators/cancan/ability/ability_generator.rb +4 -2
  35. data/lib/generators/cancan/ability/templates/ability.rb +2 -0
  36. metadata +66 -57
  37. data/.gitignore +0 -15
  38. data/.rspec +0 -1
  39. data/.travis.yml +0 -33
  40. data/Appraisals +0 -104
  41. data/CHANGELOG.rdoc +0 -527
  42. data/CONTRIBUTING.md +0 -23
  43. data/Gemfile +0 -3
  44. data/LICENSE +0 -22
  45. data/README.md +0 -217
  46. data/Rakefile +0 -9
  47. data/gemfiles/activerecord_3.2.gemfile +0 -17
  48. data/gemfiles/activerecord_4.0.gemfile +0 -18
  49. data/gemfiles/activerecord_4.1.gemfile +0 -18
  50. data/gemfiles/activerecord_4.2.gemfile +0 -19
  51. data/gemfiles/activerecord_5.0.gemfile +0 -19
  52. data/gemfiles/mongoid_2.x.gemfile +0 -17
  53. data/gemfiles/sequel_3.x.gemfile +0 -17
  54. data/lib/cancan/inherited_resource.rb +0 -20
  55. data/lib/cancan/model_adapters/active_record_3_adapter.rb +0 -16
  56. data/lib/cancan/model_adapters/mongoid_adapter.rb +0 -75
  57. data/lib/cancan/model_adapters/sequel_adapter.rb +0 -87
  58. data/spec/README.rdoc +0 -27
  59. data/spec/cancan/ability_spec.rb +0 -544
  60. data/spec/cancan/controller_additions_spec.rb +0 -151
  61. data/spec/cancan/controller_resource_spec.rb +0 -643
  62. data/spec/cancan/exceptions_spec.rb +0 -58
  63. data/spec/cancan/inherited_resource_spec.rb +0 -71
  64. data/spec/cancan/matchers_spec.rb +0 -29
  65. data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb +0 -154
  66. data/spec/cancan/model_adapters/active_record_adapter_spec.rb +0 -405
  67. data/spec/cancan/model_adapters/default_adapter_spec.rb +0 -7
  68. data/spec/cancan/model_adapters/mongoid_adapter_spec.rb +0 -247
  69. data/spec/cancan/model_adapters/sequel_adapter_spec.rb +0 -132
  70. data/spec/cancan/rule_spec.rb +0 -52
  71. data/spec/matchers.rb +0 -13
  72. data/spec/spec.opts +0 -2
  73. data/spec/spec_helper.rb +0 -27
  74. data/spec/support/ability.rb +0 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: f603bcd9b02f8b042e5de713df94cb01abec7486
4
- data.tar.gz: 358a5080dcef4525f7993d9c1383daffc147d169
2
+ SHA256:
3
+ metadata.gz: 81afd3cec5dc78c4e4d9d14719482ae589ed43bf336cc1b4f9e5681dea56b99d
4
+ data.tar.gz: fd23ce69481f9daf4b227b61e4e7e236abcd40d7b5f0dd01f70ca20a3706fae3
5
5
  SHA512:
6
- metadata.gz: c56c8b9e82e5ab6868a5dafcf811d2363b023c4f1eb05149de64996919e6da6e60dff583e7d1b9f1c1eeb277a52a5327e03b52bf753b3ed79ce2cc22fad0b431
7
- data.tar.gz: a1be98535ecbcde3db1b8accc41446bbb139b413b544a2541af00f699e5e5a548d3fdfdb41b09ed951504d4c8a6a31fc24a50aea690ad70ed2fb224a1676d954
6
+ metadata.gz: 04ee2bfead0ce01e0bdc64e69fae219c221495c30950542323fc5e3d91e250e9a679863546c09db9f3a71a647cb414510bcbb92db41309d9b0b2d04f7d2a1b0e
7
+ data.tar.gz: 79b4b11ef02ca50417c4e441dd8586569ed86caa4d3216fc54e1713bd09071e544b529db0babd429dd14b0efc90f59f2dfbd8a8d101a9e4d4332908f0487115b
@@ -1,28 +1,28 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
3
4
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
5
  require 'cancan/version'
5
6
 
6
7
  Gem::Specification.new do |s|
7
- s.name = "cancancan"
8
+ s.name = 'cancancan'
8
9
  s.version = CanCan::VERSION
9
- s.authors = ["Bryan Rite", "Ryan Bates", "Richard Wilson"]
10
- s.email = "r.crawfordwilson@gmail.com"
11
- s.homepage = "https://github.com/CanCanCommunity/cancancan"
12
- s.summary = "Simple authorization solution for Rails."
13
- s.description = "Continuation of the simple authorization solution for Rails which is decoupled from user roles. All permissions are stored in a single location."
10
+ s.authors = ['Alessandro Rodi (Renuo AG)', 'Bryan Rite', 'Ryan Bates', 'Richard Wilson']
11
+ s.email = 'alessandro.rodi@renuo.ch'
12
+ s.homepage = 'https://github.com/CanCanCommunity/cancancan'
13
+ s.summary = 'Simple authorization solution for Rails.'
14
+ s.description = 'Simple authorization solution for Rails. All permissions are stored in a single location.'
14
15
  s.platform = Gem::Platform::RUBY
15
- s.license = "MIT"
16
+ s.license = 'MIT'
16
17
 
17
- s.files = `git ls-files`.split($/)
18
- s.test_files = `git ls-files -- Appraisals {spec,features,gemfiles}/*`.split($/)
19
- s.executables = `git ls-files -- bin/*`.split($/).map{ |f| File.basename(f) }
20
- s.require_paths = ["lib"]
18
+ s.files = `git ls-files lib init.rb cancancan.gemspec`.split($INPUT_RECORD_SEPARATOR)
19
+ s.require_paths = ['lib']
21
20
 
22
- s.required_ruby_version = ">= 2.0.0"
21
+ s.required_ruby_version = '>= 2.2.0'
23
22
 
24
- s.add_development_dependency 'bundler', '~> 1.3'
25
- s.add_development_dependency 'rake', '~> 10.1.1'
26
- s.add_development_dependency 'rspec', '~> 3.2.0'
27
- s.add_development_dependency 'appraisal', '>= 2.0.0'
23
+ s.add_development_dependency 'appraisal', '~> 2.0', '>= 2.0.0'
24
+ s.add_development_dependency 'bundler', '~> 2.0'
25
+ s.add_development_dependency 'rake', '~> 10.1', '>= 10.1.1'
26
+ s.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
27
+ s.add_development_dependency 'rubocop', '~> 0.63.1'
28
28
  end
data/init.rb CHANGED
@@ -1 +1,3 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'cancan'
@@ -1,24 +1,22 @@
1
- require "cancan/version"
1
+ # frozen_string_literal: true
2
+
3
+ require 'cancan/version'
4
+ require 'cancan/parameter_validators'
2
5
  require 'cancan/ability'
3
6
  require 'cancan/rule'
4
7
  require 'cancan/controller_resource'
5
8
  require 'cancan/controller_additions'
6
9
  require 'cancan/model_additions'
7
10
  require 'cancan/exceptions'
8
- require 'cancan/inherited_resource'
9
11
 
10
12
  require 'cancan/model_adapters/abstract_adapter'
11
13
  require 'cancan/model_adapters/default_adapter'
14
+ require 'cancan/rules_compressor'
12
15
 
13
16
  if defined? ActiveRecord
17
+ require 'cancan/model_adapters/conditions_extractor'
18
+ require 'cancan/model_adapters/conditions_normalizer'
14
19
  require 'cancan/model_adapters/active_record_adapter'
15
- if ActiveRecord.respond_to?(:version) &&
16
- ActiveRecord.version >= Gem::Version.new("4")
17
- require 'cancan/model_adapters/active_record_4_adapter'
18
- else
19
- require 'cancan/model_adapters/active_record_3_adapter'
20
- end
20
+ require 'cancan/model_adapters/active_record_4_adapter'
21
+ require 'cancan/model_adapters/active_record_5_adapter'
21
22
  end
22
-
23
- require 'cancan/model_adapters/mongoid_adapter' if defined?(Mongoid) && defined?(Mongoid::Document)
24
- require 'cancan/model_adapters/sequel_adapter' if defined? Sequel
@@ -1,5 +1,11 @@
1
- module CanCan
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'ability/rules.rb'
4
+ require_relative 'ability/actions.rb'
5
+ require_relative 'unauthorized_message_resolver.rb'
6
+ require_relative 'ability/strong_parameter_support'
2
7
 
8
+ module CanCan
3
9
  # This module is designed to be included into an Ability class. This will
4
10
  # provide the "can" methods for defining and checking abilities.
5
11
  #
@@ -16,6 +22,11 @@ module CanCan
16
22
  # end
17
23
  #
18
24
  module Ability
25
+ include CanCan::Ability::Rules
26
+ include CanCan::Ability::Actions
27
+ include CanCan::UnauthorizedMessageResolver
28
+ include StrongParameterSupport
29
+
19
30
  # Check if the user has permission to perform a given action on an object.
20
31
  #
21
32
  # can? :destroy, @project
@@ -60,14 +71,15 @@ module CanCan
60
71
  # end
61
72
  #
62
73
  # Also see the RSpec Matchers to aid in testing.
63
- def can?(action, subject, *extra_args)
74
+ def can?(action, subject, attribute = nil, *extra_args)
64
75
  match = extract_subjects(subject).lazy.map do |a_subject|
65
76
  relevant_rules_for_match(action, a_subject).detect do |rule|
66
- rule.matches_conditions?(action, a_subject, extra_args)
77
+ rule.matches_conditions?(action, a_subject, attribute, *extra_args) && rule.matches_attributes?(attribute)
67
78
  end
68
79
  end.reject(&:nil?).first
69
80
  match ? match.base_behavior : false
70
81
  end
82
+
71
83
  # Convenience method which works the same as "can?" but returns the opposite value.
72
84
  #
73
85
  # cannot? :destroy, @project
@@ -129,8 +141,8 @@ module CanCan
129
141
  # # check the database and return true/false
130
142
  # end
131
143
  #
132
- def can(action = nil, subject = nil, conditions = nil, &block)
133
- add_rule(Rule.new(true, action, subject, conditions, block))
144
+ def can(action = nil, subject = nil, *attributes_and_conditions, &block)
145
+ add_rule(Rule.new(true, action, subject, *attributes_and_conditions, &block))
134
146
  end
135
147
 
136
148
  # Defines an ability which cannot be done. Accepts the same arguments as "can".
@@ -145,59 +157,14 @@ module CanCan
145
157
  # product.invisible?
146
158
  # end
147
159
  #
148
- def cannot(action = nil, subject = nil, conditions = nil, &block)
149
- add_rule(Rule.new(false, action, subject, conditions, block))
150
- end
151
-
152
- # Alias one or more actions into another one.
153
- #
154
- # alias_action :update, :destroy, :to => :modify
155
- # can :modify, Comment
156
- #
157
- # Then :modify permission will apply to both :update and :destroy requests.
158
- #
159
- # can? :update, Comment # => true
160
- # can? :destroy, Comment # => true
161
- #
162
- # This only works in one direction. Passing the aliased action into the "can?" call
163
- # will not work because aliases are meant to generate more generic actions.
164
- #
165
- # alias_action :update, :destroy, :to => :modify
166
- # can :update, Comment
167
- # can? :modify, Comment # => false
168
- #
169
- # Unless that exact alias is used.
170
- #
171
- # can :modify, Comment
172
- # can? :modify, Comment # => true
173
- #
174
- # The following aliases are added by default for conveniently mapping common controller actions.
175
- #
176
- # alias_action :index, :show, :to => :read
177
- # alias_action :new, :to => :create
178
- # alias_action :edit, :to => :update
179
- #
180
- # This way one can use params[:action] in the controller to determine the permission.
181
- def alias_action(*args)
182
- target = args.pop[:to]
183
- validate_target(target)
184
- aliased_actions[target] ||= []
185
- aliased_actions[target] += args
160
+ def cannot(action = nil, subject = nil, *attributes_and_conditions, &block)
161
+ add_rule(Rule.new(false, action, subject, *attributes_and_conditions, &block))
186
162
  end
187
163
 
188
164
  # User shouldn't specify targets with names of real actions or it will cause Seg fault
189
165
  def validate_target(target)
190
- raise Error, "You can't specify target (#{target}) as alias because it is real action name" if aliased_actions.values.flatten.include? target
191
- end
192
-
193
- # Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
194
- def aliased_actions
195
- @aliased_actions ||= default_alias_actions
196
- end
197
-
198
- # Removes previously aliased actions including the defaults.
199
- def clear_aliased_actions
200
- @aliased_actions = {}
166
+ error_message = "You can't specify target (#{target}) as alias because it is real action name"
167
+ raise Error, error_message if aliased_actions.values.flatten.include? target
201
168
  end
202
169
 
203
170
  def model_adapter(model_class, action)
@@ -207,25 +174,14 @@ module CanCan
207
174
 
208
175
  # See ControllerAdditions#authorize! for documentation.
209
176
  def authorize!(action, subject, *args)
210
- message = nil
211
- if args.last.kind_of?(Hash) && args.last.has_key?(:message)
212
- message = args.pop[:message]
213
- end
177
+ message = args.last.is_a?(Hash) && args.last.key?(:message) ? args.pop[:message] : nil
214
178
  if cannot?(action, subject, *args)
215
179
  message ||= unauthorized_message(action, subject)
216
- raise AccessDenied.new(message, action, subject)
180
+ raise AccessDenied.new(message, action, subject, args)
217
181
  end
218
182
  subject
219
183
  end
220
184
 
221
- def unauthorized_message(action, subject)
222
- keys = unauthorized_message_keys(action, subject)
223
- variables = {:action => action.to_s}
224
- variables[:subject] = (subject.class == Class ? subject : subject.class).to_s.underscore.humanize.downcase
225
- message = I18n.translate(nil, variables.merge(:scope => :unauthorized, :default => keys + [""]))
226
- message.blank? ? nil : message
227
- end
228
-
229
185
  def attributes_for(action, subject)
230
186
  attributes = {}
231
187
  relevant_rules(action, subject).map do |rule|
@@ -242,10 +198,58 @@ module CanCan
242
198
  relevant_rules(action, subject).any?(&:only_raw_sql?)
243
199
  end
244
200
 
201
+ # Copies all rules and aliased actions of the given +CanCan::Ability+ and adds them to +self+.
202
+ # class ReadAbility
203
+ # include CanCan::Ability
204
+ #
205
+ # def initialize
206
+ # can :read, User
207
+ # alias_action :show, :index, to: :see
208
+ # end
209
+ # end
210
+ #
211
+ # class WritingAbility
212
+ # include CanCan::Ability
213
+ #
214
+ # def initialize
215
+ # can :edit, User
216
+ # alias_action :create, :update, to: :modify
217
+ # end
218
+ # end
219
+ #
220
+ # read_ability = ReadAbility.new
221
+ # read_ability.can? :edit, User.new #=> false
222
+ # read_ability.merge(WritingAbility.new)
223
+ # read_ability.can? :edit, User.new #=> true
224
+ # read_ability.aliased_actions #=> [:see => [:show, :index], :modify => [:create, :update]]
225
+ #
226
+ # If there are collisions when merging the +aliased_actions+, the actions on +self+ will be
227
+ # overwritten.
228
+ #
229
+ # class ReadAbility
230
+ # include CanCan::Ability
231
+ #
232
+ # def initialize
233
+ # alias_action :show, :index, to: :see
234
+ # end
235
+ # end
236
+ #
237
+ # class ShowAbility
238
+ # include CanCan::Ability
239
+ #
240
+ # def initialize
241
+ # alias_action :show, to: :see
242
+ # end
243
+ # end
244
+ #
245
+ # read_ability = ReadAbility.new
246
+ # read_ability.merge(ShowAbility)
247
+ # read_ability.aliased_actions #=> [:see => [:show]]
245
248
  def merge(ability)
246
249
  ability.rules.each do |rule|
247
250
  add_rule(rule.dup)
248
251
  end
252
+ @aliased_actions = aliased_actions.merge(ability.aliased_actions)
249
253
  self
250
254
  end
251
255
 
@@ -257,165 +261,48 @@ module CanCan
257
261
  #
258
262
  # Where can_hash and cannot_hash are formatted thusly:
259
263
  # {
260
- # action: array_of_objects
264
+ # action: { subject: [attributes] }
261
265
  # }
262
266
  def permissions
263
- permissions_list = {:can => {}, :cannot => {}}
264
-
265
- rules.each do |rule|
266
- subjects = rule.subjects
267
- expand_actions(rule.actions).each do |action|
268
- if(rule.base_behavior)
269
- permissions_list[:can][action] ||= []
270
- permissions_list[:can][action] += subjects.map(&:to_s)
271
- else
272
- permissions_list[:cannot][action] ||= []
273
- permissions_list[:cannot][action] += subjects.map(&:to_s)
274
- end
275
- end
276
- end
277
-
267
+ permissions_list = {
268
+ can: Hash.new { |actions, k1| actions[k1] = Hash.new { |subjects, k2| subjects[k2] = [] } },
269
+ cannot: Hash.new { |actions, k1| actions[k1] = Hash.new { |subjects, k2| subjects[k2] = [] } }
270
+ }
271
+ rules.each { |rule| extract_rule_in_permissions(permissions_list, rule) }
278
272
  permissions_list
279
273
  end
280
274
 
281
- protected
282
-
283
- # Must be protected as an ability can merge with other abilities.
284
- # This means that an ability must expose their rules with another ability.
285
- def rules
286
- @rules ||= []
275
+ def extract_rule_in_permissions(permissions_list, rule)
276
+ expand_actions(rule.actions).each do |action|
277
+ container = rule.base_behavior ? :can : :cannot
278
+ rule.subjects.each do |subject|
279
+ permissions_list[container][action][subject.to_s] += rule.attributes
280
+ end
281
+ end
287
282
  end
288
283
 
289
284
  private
290
285
 
291
286
  def unauthorized_message_keys(action, subject)
292
- subject = (subject.class == Class ? subject : subject.class).name.underscore unless subject.kind_of? Symbol
293
- [subject, :all].map do |try_subject|
294
- [aliases_for_action(action), :manage].flatten.map do |try_action|
295
- :"#{try_action}.#{try_subject}"
296
- end
297
- end.flatten
298
- end
299
-
300
- # Accepts an array of actions and returns an array of actions which match.
301
- # This should be called before "matches?" and other checking methods since they
302
- # rely on the actions to be expanded.
303
- def expand_actions(actions)
304
- expanded_actions[actions] ||= begin
305
- expanded = []
306
- actions.each do |action|
307
- expanded << action
308
- if aliases = aliased_actions[action]
309
- expanded += expand_actions(aliases)
310
- end
311
- end
312
- expanded
287
+ subject = (subject.class == Class ? subject : subject.class).name.underscore unless subject.is_a? Symbol
288
+ aliases = aliases_for_action(action)
289
+ [subject, :all].product([*aliases, :manage]).map do |try_subject, try_action|
290
+ :"#{try_action}.#{try_subject}"
313
291
  end
314
292
  end
315
293
 
316
- def expanded_actions
317
- @expanded_actions ||= {}
318
- end
319
-
320
294
  # It translates to an array the subject or the hash with multiple subjects given to can?.
321
295
  def extract_subjects(subject)
322
- if subject.kind_of?(Hash) && subject.key?(:any)
296
+ if subject.is_a?(Hash) && subject.key?(:any)
323
297
  subject[:any]
324
298
  else
325
299
  [subject]
326
300
  end
327
301
  end
328
302
 
329
- # Given an action, it will try to find all of the actions which are aliased to it.
330
- # This does the opposite kind of lookup as expand_actions.
331
- def aliases_for_action(action)
332
- results = [action]
333
- aliased_actions.each do |aliased_action, actions|
334
- results += aliases_for_action(aliased_action) if actions.include? action
335
- end
336
- results
337
- end
338
-
339
- def add_rule(rule)
340
- rules << rule
341
- add_rule_to_index(rule, rules.size - 1)
342
- end
343
-
344
- def add_rule_to_index(rule, position)
345
- @rules_index ||= Hash.new { |h, k| h[k] = [] }
346
-
347
- subjects = rule.subjects.compact
348
- subjects << :all if subjects.empty?
349
-
350
- subjects.each do |subject|
351
- @rules_index[subject] << position
352
- end
353
- end
354
-
355
303
  def alternative_subjects(subject)
356
304
  subject = subject.class unless subject.is_a?(Module)
357
- [:all, *subject.ancestors, subject.class.to_s]
358
- end
359
-
360
- # Returns an array of Rule instances which match the action and subject
361
- # This does not take into consideration any hash conditions or block statements
362
- def relevant_rules(action, subject)
363
- return [] unless @rules
364
- relevant = possible_relevant_rules(subject).select do |rule|
365
- rule.expanded_actions = expand_actions(rule.actions)
366
- rule.relevant? action, subject
367
- end
368
- relevant.reverse!.uniq!
369
- optimize_order! relevant
370
- relevant
371
- end
372
-
373
- # Optimizes the order of the rules, so that rules with the :all subject are evaluated first.
374
- def optimize_order!(rules)
375
- first_can_in_group = -1
376
- rules.each_with_index do |rule, i|
377
- (first_can_in_group = -1) and next unless rule.base_behavior
378
- (first_can_in_group = i) and next if first_can_in_group == -1
379
- if rule.subjects == [:all]
380
- rules[i] = rules[first_can_in_group]
381
- rules[first_can_in_group] = rule
382
- first_can_in_group += 1
383
- end
384
- end
385
- end
386
-
387
- def possible_relevant_rules(subject)
388
- if subject.is_a?(Hash)
389
- rules
390
- else
391
- positions = @rules_index.values_at(subject, *alternative_subjects(subject))
392
- positions.flatten!.sort!
393
- positions.map { |i| @rules[i] }
394
- end
395
- end
396
-
397
- def relevant_rules_for_match(action, subject)
398
- relevant_rules(action, subject).each do |rule|
399
- if rule.only_raw_sql?
400
- raise Error, "The can? and cannot? call cannot be used with a raw sql 'can' definition. The checking code cannot be determined for #{action.inspect} #{subject.inspect}"
401
- end
402
- end
403
- end
404
-
405
- def relevant_rules_for_query(action, subject)
406
- relevant_rules(action, subject).each do |rule|
407
- if rule.only_block?
408
- raise Error, "The accessible_by call cannot be used with a block 'can' definition. The SQL cannot be determined for #{action.inspect} #{subject.inspect}"
409
- end
410
- end
411
- end
412
-
413
- def default_alias_actions
414
- {
415
- :read => [:index, :show],
416
- :create => [:new],
417
- :update => [:edit],
418
- }
305
+ [:all, *subject.ancestors, subject.class.to_s]
419
306
  end
420
307
  end
421
308
  end