cancancan 1.17.0 → 3.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/cancancan.gemspec +10 -11
- data/init.rb +2 -0
- data/lib/cancan/ability/actions.rb +93 -0
- data/lib/cancan/ability/rules.rb +96 -0
- data/lib/cancan/ability/strong_parameter_support.rb +41 -0
- data/lib/cancan/ability.rb +87 -198
- data/lib/cancan/class_matcher.rb +30 -0
- data/lib/cancan/conditions_matcher.rb +147 -0
- data/lib/cancan/config.rb +101 -0
- data/lib/cancan/controller_additions.rb +13 -30
- data/lib/cancan/controller_resource.rb +33 -225
- data/lib/cancan/controller_resource_builder.rb +26 -0
- data/lib/cancan/controller_resource_finder.rb +42 -0
- data/lib/cancan/controller_resource_loader.rb +120 -0
- data/lib/cancan/controller_resource_name_finder.rb +23 -0
- data/lib/cancan/controller_resource_sanitizer.rb +32 -0
- data/lib/cancan/exceptions.rb +24 -4
- data/lib/cancan/matchers.rb +12 -1
- data/lib/cancan/model_adapters/abstract_adapter.rb +22 -1
- data/lib/cancan/model_adapters/active_record_4_adapter.rb +25 -44
- data/lib/cancan/model_adapters/active_record_5_adapter.rb +61 -0
- data/lib/cancan/model_adapters/active_record_adapter.rb +157 -83
- data/lib/cancan/model_adapters/conditions_extractor.rb +75 -0
- data/lib/cancan/model_adapters/conditions_normalizer.rb +49 -0
- data/lib/cancan/model_adapters/default_adapter.rb +2 -0
- data/lib/cancan/model_adapters/sti_normalizer.rb +47 -0
- data/lib/cancan/model_adapters/strategies/base.rb +40 -0
- data/lib/cancan/model_adapters/strategies/joined_alias_each_rule_as_exists_subquery.rb +93 -0
- data/lib/cancan/model_adapters/strategies/joined_alias_exists_subquery.rb +31 -0
- data/lib/cancan/model_adapters/strategies/left_join.rb +11 -0
- data/lib/cancan/model_adapters/strategies/subquery.rb +18 -0
- data/lib/cancan/model_additions.rb +6 -2
- data/lib/cancan/parameter_validators.rb +9 -0
- data/lib/cancan/relevant.rb +29 -0
- data/lib/cancan/rule.rb +67 -90
- data/lib/cancan/rules_compressor.rb +23 -0
- data/lib/cancan/sti_detector.rb +12 -0
- data/lib/cancan/unauthorized_message_resolver.rb +24 -0
- data/lib/cancan/version.rb +3 -1
- data/lib/cancan.rb +15 -10
- data/lib/cancancan.rb +2 -0
- data/lib/generators/cancan/ability/ability_generator.rb +3 -1
- data/lib/generators/cancan/ability/templates/ability.rb +9 -9
- metadata +64 -86
- data/.gitignore +0 -15
- data/.rspec +0 -1
- data/.rubocop.yml +0 -39
- data/.rubocop_todo.yml +0 -54
- data/.travis.yml +0 -39
- data/Appraisals +0 -105
- data/CHANGELOG.rdoc +0 -536
- data/CONTRIBUTING.md +0 -23
- data/Gemfile +0 -3
- data/LICENSE +0 -22
- data/README.md +0 -234
- data/Rakefile +0 -13
- data/gemfiles/activerecord_3.2.gemfile +0 -18
- data/gemfiles/activerecord_4.0.gemfile +0 -19
- data/gemfiles/activerecord_4.1.gemfile +0 -19
- data/gemfiles/activerecord_4.2.gemfile +0 -21
- data/gemfiles/activerecord_5.0.gemfile +0 -20
- data/gemfiles/mongoid_2.x.gemfile +0 -18
- data/gemfiles/sequel_3.x.gemfile +0 -18
- data/lib/cancan/inherited_resource.rb +0 -20
- data/lib/cancan/model_adapters/active_record_3_adapter.rb +0 -16
- data/lib/cancan/model_adapters/mongoid_adapter.rb +0 -80
- data/lib/cancan/model_adapters/sequel_adapter.rb +0 -87
- data/spec/README.rdoc +0 -27
- data/spec/cancan/ability_spec.rb +0 -553
- data/spec/cancan/controller_additions_spec.rb +0 -164
- data/spec/cancan/controller_resource_spec.rb +0 -645
- data/spec/cancan/exceptions_spec.rb +0 -58
- data/spec/cancan/inherited_resource_spec.rb +0 -71
- data/spec/cancan/matchers_spec.rb +0 -29
- data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb +0 -160
- data/spec/cancan/model_adapters/active_record_adapter_spec.rb +0 -415
- data/spec/cancan/model_adapters/default_adapter_spec.rb +0 -7
- data/spec/cancan/model_adapters/mongoid_adapter_spec.rb +0 -246
- data/spec/cancan/model_adapters/sequel_adapter_spec.rb +0 -129
- data/spec/cancan/rule_spec.rb +0 -52
- data/spec/matchers.rb +0 -13
- data/spec/spec.opts +0 -2
- data/spec/spec_helper.rb +0 -27
- data/spec/support/ability.rb +0 -6
|
@@ -1,164 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe CanCan::ControllerAdditions do
|
|
4
|
-
before(:each) do
|
|
5
|
-
@controller_class = Class.new
|
|
6
|
-
@controller = @controller_class.new
|
|
7
|
-
allow(@controller).to receive(:params) { {} }
|
|
8
|
-
allow(@controller).to receive(:current_user) { :current_user }
|
|
9
|
-
expect(@controller_class).to receive(:helper_method).with(:can?, :cannot?, :current_ability)
|
|
10
|
-
@controller_class.send(:include, CanCan::ControllerAdditions)
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it "raises ImplementationRemoved when attempting to call 'unauthorized!' on a controller" do
|
|
14
|
-
expect { @controller.unauthorized! }.to raise_error(CanCan::ImplementationRemoved)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
it 'authorize! assigns @_authorized instance variable and pass args to current ability' do
|
|
18
|
-
allow(@controller.current_ability).to receive(:authorize!).with(:foo, :bar)
|
|
19
|
-
@controller.authorize!(:foo, :bar)
|
|
20
|
-
expect(@controller.instance_variable_get(:@_authorized)).to be(true)
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it 'has a current_ability method which generates an ability for the current user' do
|
|
24
|
-
expect(@controller.current_ability).to be_kind_of(Ability)
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
it 'provides a can? and cannot? methods which go through the current ability' do
|
|
28
|
-
expect(@controller.current_ability).to be_kind_of(Ability)
|
|
29
|
-
expect(@controller.can?(:foo, :bar)).to be(false)
|
|
30
|
-
expect(@controller.cannot?(:foo, :bar)).to be(true)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
it 'load_and_authorize_resource setups a before filter which passes call to ControllerResource' do
|
|
34
|
-
expect(cancan_resource_class = double).to receive(:load_and_authorize_resource)
|
|
35
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, foo: :bar) { cancan_resource_class }
|
|
36
|
-
expect(@controller_class)
|
|
37
|
-
.to receive(callback_action(:before_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
38
|
-
@controller_class.load_and_authorize_resource foo: :bar
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
it 'load_and_authorize_resource properly passes first argument as the resource name' do
|
|
42
|
-
expect(cancan_resource_class = double).to receive(:load_and_authorize_resource)
|
|
43
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, :project, foo: :bar) { cancan_resource_class }
|
|
44
|
-
expect(@controller_class)
|
|
45
|
-
.to receive(callback_action(:before_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
46
|
-
@controller_class.load_and_authorize_resource :project, foo: :bar
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
it 'load_and_authorize_resource with :prepend prepends the before filter' do
|
|
50
|
-
expect(@controller_class).to receive(callback_action(:prepend_before_action)).with({})
|
|
51
|
-
@controller_class.load_and_authorize_resource foo: :bar, prepend: true
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
it 'authorize_resource setups a before filter which passes call to ControllerResource' do
|
|
55
|
-
expect(cancan_resource_class = double).to receive(:authorize_resource)
|
|
56
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, foo: :bar) { cancan_resource_class }
|
|
57
|
-
expect(@controller_class)
|
|
58
|
-
.to receive(callback_action(:before_action)).with(except: :show, if: true) do |_options, &block|
|
|
59
|
-
block.call(@controller)
|
|
60
|
-
end
|
|
61
|
-
@controller_class.authorize_resource foo: :bar, except: :show, if: true
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
it 'load_resource setups a before filter which passes call to ControllerResource' do
|
|
65
|
-
expect(cancan_resource_class = double).to receive(:load_resource)
|
|
66
|
-
allow(CanCan::ControllerResource).to receive(:new).with(@controller, nil, foo: :bar) { cancan_resource_class }
|
|
67
|
-
expect(@controller_class)
|
|
68
|
-
.to receive(callback_action(:before_action)).with(only: [:show, :index], unless: false) do |_options, &block|
|
|
69
|
-
block.call(@controller)
|
|
70
|
-
end
|
|
71
|
-
@controller_class.load_resource foo: :bar, only: [:show, :index], unless: false
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
it 'skip_authorization_check setups a before filter which sets @_authorized to true' do
|
|
75
|
-
expect(@controller_class)
|
|
76
|
-
.to receive(callback_action(:before_action)).with(:filter_options) { |_options, &block| block.call(@controller) }
|
|
77
|
-
@controller_class.skip_authorization_check(:filter_options)
|
|
78
|
-
expect(@controller.instance_variable_get(:@_authorized)).to be(true)
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
it 'check_authorization triggers AuthorizationNotPerformed in after filter' do
|
|
82
|
-
expect(@controller_class)
|
|
83
|
-
.to receive(callback_action(:after_action)).with(only: [:test]) { |_options, &block| block.call(@controller) }
|
|
84
|
-
expect do
|
|
85
|
-
@controller_class.check_authorization(only: [:test])
|
|
86
|
-
end.to raise_error(CanCan::AuthorizationNotPerformed)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
it 'check_authorization does not trigger AuthorizationNotPerformed when :if is false' do
|
|
90
|
-
allow(@controller).to receive(:check_auth?) { false }
|
|
91
|
-
allow(@controller_class)
|
|
92
|
-
.to receive(callback_action(:after_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
93
|
-
expect do
|
|
94
|
-
@controller_class.check_authorization(if: :check_auth?)
|
|
95
|
-
end.not_to raise_error
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
it 'check_authorization does not trigger AuthorizationNotPerformed when :unless is true' do
|
|
99
|
-
allow(@controller).to receive(:engine_controller?) { true }
|
|
100
|
-
expect(@controller_class)
|
|
101
|
-
.to receive(callback_action(:after_action)).with({}) { |_options, &block| block.call(@controller) }
|
|
102
|
-
expect do
|
|
103
|
-
@controller_class.check_authorization(unless: :engine_controller?)
|
|
104
|
-
end.not_to raise_error
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
it 'check_authorization does not raise error when @_authorized is set' do
|
|
108
|
-
@controller.instance_variable_set(:@_authorized, true)
|
|
109
|
-
expect(@controller_class)
|
|
110
|
-
.to receive(callback_action(:after_action)).with(only: [:test]) { |_options, &block| block.call(@controller) }
|
|
111
|
-
expect do
|
|
112
|
-
@controller_class.check_authorization(only: [:test])
|
|
113
|
-
end.not_to raise_error
|
|
114
|
-
end
|
|
115
|
-
|
|
116
|
-
it 'cancan_resource_class is ControllerResource by default' do
|
|
117
|
-
expect(@controller.class.cancan_resource_class).to eq(CanCan::ControllerResource)
|
|
118
|
-
end
|
|
119
|
-
|
|
120
|
-
it 'cancan_resource_class is InheritedResource when class includes InheritedResources::Actions' do
|
|
121
|
-
allow(@controller.class).to receive(:ancestors) { ['InheritedResources::Actions'] }
|
|
122
|
-
expect(@controller.class.cancan_resource_class).to eq(CanCan::InheritedResource)
|
|
123
|
-
end
|
|
124
|
-
|
|
125
|
-
it 'cancan_skipper is an empty hash with :authorize and :load options and remember changes' do
|
|
126
|
-
expect(@controller_class.cancan_skipper).to eq(authorize: {}, load: {})
|
|
127
|
-
@controller_class.cancan_skipper[:load] = true
|
|
128
|
-
expect(@controller_class.cancan_skipper[:load]).to be(true)
|
|
129
|
-
end
|
|
130
|
-
|
|
131
|
-
it 'skip_authorize_resource adds itself to the cancan skipper with given model name and options' do
|
|
132
|
-
@controller_class.skip_authorize_resource(:project, only: [:index, :show])
|
|
133
|
-
expect(@controller_class.cancan_skipper[:authorize][:project]).to eq(only: [:index, :show])
|
|
134
|
-
@controller_class.skip_authorize_resource(only: [:index, :show])
|
|
135
|
-
expect(@controller_class.cancan_skipper[:authorize][nil]).to eq(only: [:index, :show])
|
|
136
|
-
@controller_class.skip_authorize_resource(:article)
|
|
137
|
-
expect(@controller_class.cancan_skipper[:authorize][:article]).to eq({})
|
|
138
|
-
end
|
|
139
|
-
|
|
140
|
-
it 'skip_load_resource adds itself to the cancan skipper with given model name and options' do
|
|
141
|
-
@controller_class.skip_load_resource(:project, only: [:index, :show])
|
|
142
|
-
expect(@controller_class.cancan_skipper[:load][:project]).to eq(only: [:index, :show])
|
|
143
|
-
@controller_class.skip_load_resource(only: [:index, :show])
|
|
144
|
-
expect(@controller_class.cancan_skipper[:load][nil]).to eq(only: [:index, :show])
|
|
145
|
-
@controller_class.skip_load_resource(:article)
|
|
146
|
-
expect(@controller_class.cancan_skipper[:load][:article]).to eq({})
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
it 'skip_load_and_authore_resource adds itself to the cancan skipper with given model name and options' do
|
|
150
|
-
@controller_class.skip_load_and_authorize_resource(:project, only: [:index, :show])
|
|
151
|
-
expect(@controller_class.cancan_skipper[:load][:project]).to eq(only: [:index, :show])
|
|
152
|
-
expect(@controller_class.cancan_skipper[:authorize][:project]).to eq(only: [:index, :show])
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
private
|
|
156
|
-
|
|
157
|
-
def callback_action(action)
|
|
158
|
-
if ActiveSupport.respond_to?(:version) && ActiveSupport.version >= Gem::Version.new('4')
|
|
159
|
-
action
|
|
160
|
-
else
|
|
161
|
-
action.to_s.sub(/_action/, '_filter')
|
|
162
|
-
end
|
|
163
|
-
end
|
|
164
|
-
end
|