cancancan 1.17.0 → 3.5.0

data/README.md

@@ -1,234 +0,0 @@
-# CanCanCan
-
-[![Gem Version](https://badge.fury.io/rb/cancancan.svg)](http://badge.fury.io/rb/cancancan)
-[![Travis badge](https://travis-ci.org/CanCanCommunity/cancancan.svg?branch=develop)](https://travis-ci.org/CanCanCommunity/cancancan)
-[![Code Climate Badge](https://codeclimate.com/github/CanCanCommunity/cancancan.svg)](https://codeclimate.com/github/CanCanCommunity/cancancan)
-[![Inch CI](http://inch-ci.org/github/CanCanCommunity/cancancan.svg)](http://inch-ci.org/github/CanCanCommunity/cancancan)
-
-[Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | 
-[RDocs](http://rdoc.info/projects/CanCanCommunity/cancancan) | 
-[Screencast](http://railscasts.com/episodes/192-authorization-with-cancan) | 
-[Gitter](https://gitter.im/CanCanCommunity/cancancan)
-
-CanCanCan is an authorization library for Ruby 2.0+ and Ruby on Rails 3+ which restricts what resources a given user is allowed to access. 
-
-All permissions are defined in a single location (the `Ability` class) and not duplicated across controllers, views, and database queries.
-
-
-## Installation
-
-Add this to your Gemfile: 
-
-    gem 'cancancan', '~> 1.10'
-    
-and run the `bundle install` command.
-
-## Getting Started
-
-CanCanCan expects a `current_user` method to exist in the controller. 
-First, set up some authentication (such as [Devise](https://github.com/plataformatec/devise) or [Authlogic](https://github.com/binarylogic/authlogic)). 
-See [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/changing-defaults) if you need a different behavior.
-
-When using [rails-api](https://github.com/rails-api/rails-api), you have to manually include the controller methods for CanCanCan:
-```ruby
-class ApplicationController < ActionController::API
-  include CanCan::ControllerAdditions
-end
-```
-
-### 1. Define Abilities
-
-User permissions are defined in an `Ability` class.
-
-    rails g cancan:ability
-
-See [Defining Abilities](https://github.com/CanCanCommunity/cancancan/wiki/defining-abilities) for details.
-
-
-### 2. Check Abilities & Authorization
-
-The current user's permissions can then be checked using the `can?` and `cannot?` methods in views and controllers.
-
-```erb
-<% if can? :update, @article %>
-  <%= link_to "Edit", edit_article_path(@article) %>
-<% end %>
-```
-
-See [Checking Abilities](https://github.com/CanCanCommunity/cancancan/wiki/checking-abilities) for more information
-
-The `authorize!` method in the controller will raise an exception if the user is not able to perform the given action.
-
-```ruby
-def show
-  @article = Article.find(params[:id])
-  authorize! :read, @article
-end
-```
-
-Setting this for every action can be tedious, therefore the `load_and_authorize_resource` method is provided to 
-automatically authorize all actions in a RESTful style resource controller. 
-It will use a before action to load the resource into an instance variable and authorize it for every action.
-
-```ruby
-class ArticlesController < ApplicationController
-  load_and_authorize_resource
-
-  def show
-    # @article is already loaded and authorized
-  end
-end
-```
-
-See [Authorizing Controller Actions](https://github.com/CanCanCommunity/cancancan/wiki/authorizing-controller-actions) for more information.
-
-
-#### Strong Parameters
-
-When using `strong_parameters` or Rails 4+, you have to sanitize inputs before saving the record, in actions such as `:create` and `:update`.
-
-For the `:update` action, CanCanCan will load and authorize the resource but *not* change it automatically, so the typical usage would be something like:
-
-```ruby
-def update
-  if @article.update_attributes(update_params)
-    # hurray
-  else
-    render :edit
-  end
-end
-...
-
-def update_params
-  params.require(:article).permit(:body)
-end
-```
-
-For the `:create` action, CanCanCan will try to initialize a new instance with sanitized input by seeing if your 
-controller will respond to the following methods (in order):
-
-1. `create_params`
-2. `<model_name>_params` such as `article_params` (this is the default convention in rails for naming your param method)
-3. `resource_params` (a generically named method you could specify in each controller)
-
-Additionally, `load_and_authorize_resource` can now take a `param_method` option to specify a custom method in the controller to run to sanitize input.
-
-You can associate the `param_method` option with a symbol corresponding to the name of a method that will get called:
-
-```ruby
-class ArticlesController < ApplicationController
-  load_and_authorize_resource param_method: :my_sanitizer
-
-  def create
-    if @article.save
-      # hurray
-    else
-      render :new
-    end
-  end
-
-  private
-
-  def my_sanitizer
-    params.require(:article).permit(:name)
-  end
-end
-```
-
-You can also use a string that will be evaluated in the context of the controller using `instance_eval` and needs to contain valid Ruby code. 
-
-    load_and_authorize_resource param_method: 'permitted_params.article'
-
-Finally, it's possible to associate `param_method` with a Proc object which will be called with the controller as the only argument:
-
-    load_and_authorize_resource param_method: Proc.new { |c| c.params.require(:article).permit(:name) }
-
-See [Strong Parameters](https://github.com/CanCanCommunity/cancancan/wiki/Strong-Parameters) for more information.
-
-### 3. Handle Unauthorized Access
-
-If the user authorization fails, a `CanCan::AccessDenied` exception will be raised. 
-You can catch this and modify its behavior in the `ApplicationController`.
-
-```ruby
-class ApplicationController < ActionController::Base
-  rescue_from CanCan::AccessDenied do |exception|
-      respond_to do |format|
-        format.json { head :forbidden, content_type: 'text/html' }
-        format.html { redirect_to main_app.root_url, notice: exception.message }
-        format.js   { head :forbidden, content_type: 'text/html' }
-      end
-    end
-end
-```
-
-See [Exception Handling](https://github.com/CanCanCommunity/cancancan/wiki/exception-handling) for more information.
-
-
-### 4. Lock It Down
-
-If you want to ensure authorization happens on every action in your application, add `check_authorization` to your `ApplicationController`.
-
-```ruby
-class ApplicationController < ActionController::Base
-  check_authorization
-end
-```
-
-This will raise an exception if authorization is not performed in an action. 
-If you want to skip this, add `skip_authorization_check` to a controller subclass. 
-See [Ensure Authorization](https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization) for more information.
-
-
-## Wiki Docs
-
-* [Upgrading to 1.6](https://github.com/CanCanCommunity/cancancan/wiki/Upgrading-to-1.6)
-* [Defining Abilities](https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities)
-* [Checking Abilities](https://github.com/CanCanCommunity/cancancan/wiki/Checking-Abilities)
-* [Authorizing Controller Actions](https://github.com/CanCanCommunity/cancancan/wiki/Authorizing-Controller-Actions)
-* [Exception Handling](https://github.com/CanCanCommunity/cancancan/wiki/Exception-Handling)
-* [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/Changing-Defaults)
-* [See more](https://github.com/CanCanCommunity/cancancan/wiki)
-
-## Mission
-
-This repo is a continuation of the dead [CanCan](https://github.com/ryanb/cancan) project. 
-Our mission is to keep CanCan alive and moving forward, with maintenance fixes and new features. 
-Pull Requests are welcome!
-
-Any help is greatly appreciated, feel free to submit pull-requests or open issues.
-
-
-## Questions?
-
-If you have any question or doubt regarding CanCanCan which you cannot find the solution to in the 
-[documentation](https://github.com/CanCanCommunity/cancancan/wiki) or our 
-[mailing list](http://groups.google.com/group/cancancan), please 
-[open a question on Stackoverflow](http://stackoverflow.com/questions/ask?tags=cancancan) with tag 
-[cancancan](http://stackoverflow.com/questions/tagged/cancancan)
-
-## Bugs?
-
-If you find a bug please add an [issue on GitHub](https://github.com/CanCanCommunity/cancancan/issues) or fork the project and send a pull request.
-
-
-## Development
-
-CanCanCan uses [appraisals](https://github.com/thoughtbot/appraisal) to test the code base against multiple versions 
-of Rails, as well as the different model adapters.
-
-When first developing, you may need to run `bundle install` and then `appraisal install`, to install the different sets.
-
-You can then run all appraisal files (like CI does), with `appraisal rake` or just run a specific set `appraisal activerecord_3.0 rake`.
-
-See the [CONTRIBUTING](https://github.com/CanCanCommunity/cancancan/blob/develop/CONTRIBUTING.md) and 
-[spec/README](https://github.com/CanCanCommunity/cancancan/blob/master/spec/README.rdoc) for more information.
-
-
-## Special Thanks
-
-CanCanCan was inspired by [declarative_authorization](https://github.com/stffn/declarative_authorization/) and 
-[aegis](https://github.com/makandra/aegis). 
-
-Also many thanks to the [CanCanCan contributors](https://github.com/CanCanCommunity/cancancan/contributors). 
-See the [CHANGELOG](https://github.com/CanCanCommunity/cancancan/blob/master/CHANGELOG.rdoc) for the full list.

data/Rakefile

@@ -1,13 +0,0 @@
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-
-desc 'Run Rubocop'
-RuboCop::RakeTask.new
-
-desc 'Run RSpec'
-RSpec::Core::RakeTask.new do |t|
-  t.verbose = false
-end
-
-task default: [:rubocop, :spec]

data/gemfiles/activerecord_3.2.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 3.2.0", :require => "active_record"
-gem "actionpack", "~> 3.2.0", :require => "action_pack"
-gem "rubocop", "0.48.0"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_4.0.gemfile

@@ -1,19 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 4.0.5", :require => "active_record"
-gem "activesupport", "~> 4.0.5", :require => "active_support/all"
-gem "actionpack", "~> 4.0.5", :require => "action_pack"
-gem "rubocop", "0.48.0"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_4.1.gemfile

@@ -1,19 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 4.1.1", :require => "active_record"
-gem "activesupport", "~> 4.1.1", :require => "active_support/all"
-gem "actionpack", "~> 4.1.1", :require => "action_pack"
-gem "rubocop", "0.48.0"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_4.2.gemfile

@@ -1,21 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 4.2.0", :require => "active_record"
-gem "activesupport", "~> 4.2.0", :require => "active_support/all"
-gem "actionpack", "~> 4.2.0", :require => "action_pack"
-gem "nokogiri", "~> 1.6.8", :require => "nokogiri"
-gem "rubocop", "0.48.0"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-  gem "pg"
-end
-
-gemspec :path => "../"

data/gemfiles/activerecord_5.0.gemfile

@@ -1,20 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activerecord", "~> 5.0.0.rc1", :require => "active_record"
-gem "activesupport", "~> 5.0.0.rc1", :require => "active_support/all"
-gem "actionpack", "~> 5.0.0.rc1", :require => "action_pack"
-gem "rubocop", "0.48.0"
-
-platforms :jruby do
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-  gem "pg"
-end
-
-gemspec :path => "../"

data/gemfiles/mongoid_2.x.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "activesupport", "~> 3.0", :require => "active_support/all"
-gem "actionpack", "~> 3.0", :require => "action_pack"
-gem "mongoid", "~> 2.0.0"
-gem "rubocop", "0.48.0"
-
-platforms :ruby, :mswin, :mingw do
-  gem "bson_ext", "~> 1.1"
-end
-
-platforms :jruby do
-  gem "mongo", "~> 1.9.2"
-end
-
-gemspec :path => "../"

data/gemfiles/sequel_3.x.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "sequel", "~> 3.48.0"
-gem "activesupport", "~> 3.0", :require => "active_support/all"
-gem "actionpack", "~> 3.0", :require => "action_pack"
-gem "rubocop", "0.48.0"
-
-platforms :jruby do
-  gem "jdbc-sqlite3"
-end
-
-platforms :ruby, :mswin, :mingw do
-  gem "sqlite3"
-end
-
-gemspec :path => "../"

data/lib/cancan/inherited_resource.rb

@@ -1,20 +0,0 @@
-module CanCan
-  # For use with Inherited Resources
-  class InheritedResource < ControllerResource # :nodoc:
-    def load_resource_instance
-      if parent?
-        @controller.send :association_chain
-        @controller.instance_variable_get("@#{instance_name}")
-      elsif new_actions.include? @params[:action].to_sym
-        resource = @controller.send :build_resource
-        assign_attributes(resource)
-      else
-        @controller.send :resource
-      end
-    end
-
-    def resource_base
-      @controller.send :end_of_association_chain
-    end
-  end
-end

data/lib/cancan/model_adapters/active_record_3_adapter.rb

@@ -1,16 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class ActiveRecord3Adapter < AbstractAdapter
-      include ActiveRecordAdapter
-      def self.for_class?(model_class)
-        model_class <= ActiveRecord::Base
-      end
-
-      private
-
-      def build_relation(*where_conditions)
-        @model_class.where(*where_conditions).includes(joins)
-      end
-    end
-  end
-end

data/lib/cancan/model_adapters/mongoid_adapter.rb

@@ -1,80 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class MongoidAdapter < AbstractAdapter
-      def self.for_class?(model_class)
-        model_class <= Mongoid::Document
-      end
-
-      def self.override_conditions_hash_matching?(subject, conditions)
-        conditions.any? do |k, _v|
-          key_is_not_symbol = -> { !k.is_a?(Symbol) }
-          subject_value_is_array = lambda do
-            subject.respond_to?(k) && subject.send(k).is_a?(Array)
-          end
-
-          key_is_not_symbol.call || subject_value_is_array.call
-        end
-      end
-
-      def self.matches_conditions_hash?(subject, conditions)
-        # To avoid hitting the db, retrieve the raw Mongo selector from
-        # the Mongoid Criteria and use Mongoid::Matchers#matches?
-        subject.matches?(subject.class.where(conditions).selector)
-      end
-
-      def database_records
-        if @rules.empty?
-          @model_class.where(_id: { '$exists' => false, '$type' => 7 }) # return no records in Mongoid
-        elsif @rules.size == 1 && @rules[0].conditions.is_a?(Mongoid::Criteria)
-          @rules[0].conditions
-        else
-          # we only need to process can rules if
-          # there are no rules with empty conditions
-          database_records_from_multiple_rules
-        end
-      end
-
-      def database_records_from_multiple_rules
-        rules = @rules.reject { |rule| rule.conditions.empty? && rule.base_behavior }
-        process_can_rules = @rules.count == rules.count
-
-        rules.inject(@model_class.all) do |records, rule|
-          if process_can_rules && rule.base_behavior
-            records.or simplify_relations(@model_class, rule.conditions)
-          elsif !rule.base_behavior
-            records.excludes simplify_relations(@model_class, rule.conditions)
-          else
-            records
-          end
-        end
-      end
-
-      private
-
-      # Look for criteria on relations and replace with simple id queries
-      # eg.
-      # {user: {:tags.all => []}} becomes {"user_id" => {"$in" => [__, ..]}}
-      # {user: {:session => {:tags.all => []}}} becomes {"user_id" => {"session_id" => {"$in" => [__, ..]} }}
-      def simplify_relations(model_class, conditions)
-        model_relations = model_class.relations.with_indifferent_access
-        Hash[
-          conditions.map do |k, v|
-            if (relation = model_relations[k])
-              relation_class_name = relation[:class_name].blank? ? k.to_s.classify : relation[:class_name]
-              v = simplify_relations(relation_class_name.constantize, v)
-              relation_ids = relation_class_name.constantize.where(v).distinct(:_id)
-              k = "#{k}_id"
-              v = { '$in' => relation_ids }
-            end
-            [k, v]
-          end
-        ]
-      end
-    end
-  end
-end
-
-# simplest way to add `accessible_by` to all Mongoid Documents
-module Mongoid::Document::ClassMethods
-  include CanCan::ModelAdditions::ClassMethods
-end

data/lib/cancan/model_adapters/sequel_adapter.rb

@@ -1,87 +0,0 @@
-module CanCan
-  module ModelAdapters
-    class SequelAdapter < AbstractAdapter
-      def self.for_class?(model_class)
-        model_class <= Sequel::Model
-      end
-
-      def self.find(model_class, id)
-        model_class[id]
-      end
-
-      def self.override_condition_matching?(_subject, _name, value)
-        value.is_a?(Hash)
-      end
-
-      def self.matches_condition?(subject, name, value)
-        obj = subject.send(name)
-        if obj.nil?
-          false
-        else
-          value.each do |k, v|
-            if v.is_a?(Hash)
-              return false unless matches_condition?(obj, k, v)
-            elsif obj.send(k) != v
-              return false
-            end
-          end
-        end
-      end
-
-      def database_records
-        if @rules.empty?
-          @model_class.where('1=0')
-        else
-          # only need to process can rules if there are no can rule with empty conditions
-          rules = @rules.reject { |rule| rule.base_behavior && rule.conditions.empty? }
-          rules.reject!(&:base_behavior) if rules.count < @rules.count
-
-          can_condition_added = false
-          rules.reverse.inject(@model_class.dataset) do |records, rule|
-            normalized_conditions = normalize_conditions(rule.conditions)
-            if rule.base_behavior
-              if can_condition_added
-                records.or normalized_conditions
-              else
-                can_condition_added = true
-                records.where normalized_conditions
-              end
-            else
-              records.exclude normalized_conditions
-            end
-          end
-        end
-      end
-
-      private
-
-      def normalize_conditions(conditions, model_class = @model_class)
-        return conditions unless conditions.is_a? Hash
-        conditions.each_with_object({}) do |(name, value), result_hash|
-          if value.is_a? Hash
-            value = value.dup
-            association_class = model_class.association_reflection(name).associated_class
-            nested_resulted = value.each_with_object({}) do |(k, v), nested|
-              if v.is_a?(Hash)
-                value.delete(k)
-                nested_class = association_class.association_reflection(k).associated_class
-                nested[k] = nested_class.where(normalize_conditions(v, association_class))
-              else
-                nested[k] = v
-              end
-              nested
-            end
-            result_hash[name] = association_class.where(nested_resulted)
-          else
-            result_hash[name] = value
-          end
-          result_hash
-        end
-      end
-    end
-  end
-end
-
-Sequel::Model.class_eval do
-  include CanCan::ModelAdditions
-end

data/spec/README.rdoc

@@ -1,27 +0,0 @@
-= CanCan Specs
-
-== Running the specs
-
-To run the specs first run the +bundle+ command to install the necessary gems and the +rake+ command to run the specs.
-
-  bundle
-
-Then run the appraisal command to install all the necessary test sets:
-
-  appraisal install
-
-You can then run all test sets:
-
-  appraisal rake
-
-Or individual ones:
-
-  appraisal activerecord_3.2 rake
-
-A list of the tests is in the +Appraisal+ file.
-
-The specs support Ruby 1.8.7+
-
-== Model Adapters
-
-The model adapter ENV setting has been removed and replaced with the +Appraisal+ file.