cancancan 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. checksums.yaml +15 -0
  2. data/CHANGELOG.rdoc +427 -0
  3. data/CONTRIBUTING.md +11 -0
  4. data/Gemfile +23 -0
  5. data/LICENSE +20 -0
  6. data/README.rdoc +161 -0
  7. data/Rakefile +18 -0
  8. data/init.rb +1 -0
  9. data/lib/cancan.rb +13 -0
  10. data/lib/cancan/ability.rb +324 -0
  11. data/lib/cancan/controller_additions.rb +397 -0
  12. data/lib/cancan/controller_resource.rb +286 -0
  13. data/lib/cancan/exceptions.rb +50 -0
  14. data/lib/cancan/inherited_resource.rb +20 -0
  15. data/lib/cancan/matchers.rb +14 -0
  16. data/lib/cancan/model_adapters/abstract_adapter.rb +56 -0
  17. data/lib/cancan/model_adapters/active_record_adapter.rb +180 -0
  18. data/lib/cancan/model_adapters/data_mapper_adapter.rb +34 -0
  19. data/lib/cancan/model_adapters/default_adapter.rb +7 -0
  20. data/lib/cancan/model_adapters/mongoid_adapter.rb +54 -0
  21. data/lib/cancan/model_additions.rb +31 -0
  22. data/lib/cancan/rule.rb +147 -0
  23. data/lib/cancancan.rb +1 -0
  24. data/lib/generators/cancan/ability/USAGE +4 -0
  25. data/lib/generators/cancan/ability/ability_generator.rb +11 -0
  26. data/lib/generators/cancan/ability/templates/ability.rb +32 -0
  27. data/spec/README.rdoc +28 -0
  28. data/spec/cancan/ability_spec.rb +455 -0
  29. data/spec/cancan/controller_additions_spec.rb +141 -0
  30. data/spec/cancan/controller_resource_spec.rb +553 -0
  31. data/spec/cancan/exceptions_spec.rb +58 -0
  32. data/spec/cancan/inherited_resource_spec.rb +60 -0
  33. data/spec/cancan/matchers_spec.rb +29 -0
  34. data/spec/cancan/model_adapters/active_record_adapter_spec.rb +358 -0
  35. data/spec/cancan/model_adapters/data_mapper_adapter_spec.rb +118 -0
  36. data/spec/cancan/model_adapters/default_adapter_spec.rb +7 -0
  37. data/spec/cancan/model_adapters/mongoid_adapter_spec.rb +226 -0
  38. data/spec/cancan/rule_spec.rb +52 -0
  39. data/spec/matchers.rb +13 -0
  40. data/spec/spec.opts +2 -0
  41. data/spec/spec_helper.rb +77 -0
  42. metadata +126 -0
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ ZDhlZWZlYTNiNDExOThhZDQwNDNmNTcxMmEyYTNkODA2MDNlNzkzNQ==
5
+ data.tar.gz: !binary |-
6
+ NzRlNmFkYTczZWUwNThkMmFiYmQ5OTg4NTAzNzZiMmRmOGNlYWY5YQ==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ ZWZjZGM0MGM3YWZhZjRlOWUwMDI0MWExODg1Njk5OWVlZjcxNjYyMjc4OTEx
10
+ N2Q3YTEyZDNhNDA4ZTUxOWVhNTg5OTljYmFlY2U0ZDg5NDEwODUxMGI0ZTli
11
+ NmIzMmVkYzY0MmI3NGMwM2QxMjk5ZWE2NWQ4MDk1OTg4NDJhM2U=
12
+ data.tar.gz: !binary |-
13
+ ZjI5OWQyYjg0MzYwYzdiYzAzNjI1MzIxNDI1NmE5OTgyZmI3MDhkMmY2ODg5
14
+ MTFlNzA2NWNjNmY4MTlmMzU1N2E4ZWIzYWYzOGE5MDk2MGU5NDZmNDg4ZTUy
15
+ Mzk5MjRlNTNkMmI4YzE3YzAwMzJkYzYzZGU2NWEzOTcyNjUzOGE=
@@ -0,0 +1,427 @@
1
+ Master
2
+
3
+
4
+ 1.7.0 (February 19th, 2014)
5
+
6
+ * Feature #988 Adds support for strong_parameters (bryanrite)
7
+
8
+ * Fix #726 - Allow multiple abilities with associations (elabs-dev)
9
+
10
+ * Fix #864 - Fix id_param in shallow routes (francocatena)
11
+
12
+ * Fix #871 - Fixes nested ability conditions (ricec)
13
+
14
+ * Fix #935 - Reduce unnecessary object allocations (grosser)
15
+
16
+ * Fix #966 - Fixes a variable name collision in nested conditions (knoopx)
17
+
18
+ * Fix #971 - Does not execute "empty?" scope when checking class rule (matt-glover)
19
+
20
+ * Fix #974 - Avoid unnecessary sql execution (inkstak)
21
+
22
+
23
+ 1.6.10 (May 7, 2013)
24
+
25
+ * fix matches_conditons_hash for string values on 1.8 (thanks rrosen)
26
+
27
+ * work around SQL injection vulnerability in older Rails versions (thanks steerio) - issue #800
28
+
29
+ * add support for nested join conditions (thanks yuszuv) - issue #806
30
+
31
+ * fix load_resource "find_by" in mongoid resources (thanks albertobajo) - issue #705
32
+
33
+ * fix namespace split behavior (thanks xinuc) - issue #668
34
+
35
+
36
+ 1.6.9 (February 4, 2013)
37
+
38
+ * fix inserting AND (NULL) to end of SQL queries (thanks jonsgreen) - issue #687
39
+
40
+ * fix merge_joins for nested association hashes (thanks DavidMikeSimon) - issues #655, #560
41
+
42
+ * raise error on recursive alias_action (thanks fl00r) - issue #660
43
+
44
+ * fix namespace controllers not loading params (thanks andhapp) - issues #670, #664
45
+
46
+
47
+ 1.6.8 (June 25, 2012)
48
+
49
+ * improved support for namespaced controllers and models
50
+
51
+ * pass :if and :unless options for load and authorize resource (thanks mauriciozaffari)
52
+
53
+ * Travis CI badge (thanks plentz)
54
+
55
+ * adding Ability#merge for combining multiple abilities (thanks rogercampos)
56
+
57
+ * support for multiple MetaWhere rules (thanks andhapp)
58
+
59
+ * various fixes for DataMapper, Mongoid, and Inherited Resource integration
60
+
61
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.7...1.6.8]
62
+
63
+
64
+ 1.6.7 (October 4, 2011)
65
+
66
+ * fixing nested resource problem caused by namespace addition - issue #482
67
+
68
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.6...1.6.7]
69
+
70
+
71
+ 1.6.6 (September 28, 2011)
72
+
73
+ * correct "return cant jump across threads" error when using check_authorization (thanks codeprimate) - issues #463, #469
74
+
75
+ * fixing tests in development by specifying with_model version (thanks kirkconnell) - issue #476
76
+
77
+ * added travis.yml file for TravisCI support (thanks bai) - issue #427
78
+
79
+ * better support for namespaced models (thanks whilefalse) - issues #424
80
+
81
+ * adding :id_param option to load_and_authorize_resource (thanks skhisma) - issue #425
82
+
83
+ * make default unauthorized message translatable text (thanks nhocki) - issue #409
84
+
85
+ * improving DataMapper behavior (thanks psanford, maxsum-corin) - issue #410, #373
86
+
87
+ * allow :find_by option to be full find method name - issue #335
88
+
89
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.5...1.6.6]
90
+
91
+
92
+ 1.6.5 (May 18, 2011)
93
+
94
+ * pass action and subject through AccessDenied exception when :through isn't found - issue #366
95
+
96
+ * many Mongoid adapter improvements (thanks rahearn, cardagin) - issues #363, #352, #343
97
+
98
+ * allow :through option to work with private controller methods - issue #360
99
+
100
+ * ensure Mongoid::Document is defined before loading Mongoid adapter - issue #359
101
+
102
+ * many DataMapper adapter improvements (thanks emmanuel) - issue #355
103
+
104
+ * handle checking nil attributes through associations (thanks thatothermitch) - issue #330
105
+
106
+ * improve scope merging - issue #328
107
+
108
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.4...1.6.5]
109
+
110
+
111
+ 1.6.4 (March 29, 2011)
112
+
113
+ * Fixed mongoid 'or' error - see issue #322
114
+
115
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.3...1.6.4]
116
+
117
+
118
+ 1.6.3 (March 25, 2011)
119
+
120
+ * Make sure ActiveRecord::Relation is defined before checking conditions against it so Rails 2 is supported again - see issue #312
121
+
122
+ * Return subject passed to authorize! - see issue #314
123
+
124
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.2...1.6.3]
125
+
126
+
127
+ 1.6.2 (March 18, 2011)
128
+
129
+ * Fixed instance loading when :singleton option is used - see issue #310
130
+
131
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.1...1.6.2]
132
+
133
+
134
+ 1.6.1 (March 15, 2011)
135
+
136
+ * Use Item.new instead of build_item for singleton resource so it doesn't effect database - see issue #304
137
+
138
+ * Made accessible_by action default to :index and parent action default to :show instead of :read - see issue #302
139
+
140
+ * Reverted Inherited Resources "collection" override since it doesn't seem to be working - see issue #305
141
+
142
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.0...1.6.1]
143
+
144
+
145
+ 1.6.0 (March 11, 2011)
146
+
147
+ * Added MetaWhere support - see issue #194 and #261
148
+
149
+ * Allow Active Record scopes in Ability conditions - see issue #257
150
+
151
+ * Added :if and :unless options to check_authorization - see issue #284
152
+
153
+ * Several Inherited Resources fixes (thanks aq1018, tanordheim and stefanoverna)
154
+
155
+ * Pass action name to accessible_by call when loading a collection (thanks amw)
156
+
157
+ * Added :prepend option to load_and_authorize_resource to load before other filters - see issue #290
158
+
159
+ * Fixed spacing issue in I18n message for multi-word model names - see issue #292
160
+
161
+ * Load resource collection for any action which doesn't have an "id" parameter - see issue #296
162
+
163
+ * Raise an exception when trying to make a Ability condition with both a hash of conditions and a block - see issue #269
164
+
165
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.5.1...1.6.0]
166
+
167
+
168
+ 1.5.1 (January 20, 2011)
169
+
170
+ * Fixing deeply nested conditions in Active Record adapter - see issue #246
171
+
172
+ * Improving Mongoid support for multiple can and cannot definitions (thanks stellard) - see issue #239
173
+
174
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.5.0...1.5.1]
175
+
176
+
177
+ 1.5.0 (January 11, 2011)
178
+
179
+ * Added an Ability generator - see issue #170
180
+
181
+ * Added DataMapper support (thanks natemueller)
182
+
183
+ * Added Mongoid support (thanks bowsersenior)
184
+
185
+ * Added skip_load_and_authorize_resource methods to controller class - see issue #164
186
+
187
+ * Added support for uncountable resources in index action - see issue #193
188
+
189
+ * Cleaned up README and added spec/README
190
+
191
+ * Internal: renamed CanDefinition to Rule
192
+
193
+ * Internal: added a model adapter layer for easily supporting more ORMs
194
+
195
+ * Internal: added .rvmrc to auto-switch to 1.8.7 with gemset - see issue #231
196
+
197
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.4.1...1.5.0]
198
+
199
+
200
+ 1.4.1 (November 12, 2010)
201
+
202
+ * Renaming skip_authorization to skip_authorization_check - see issue #169
203
+
204
+ * Adding :through_association option to load_resource (thanks hunterae) - see issue #171
205
+
206
+ * The :shallow option now works with the :singleton option (thanks nandalopes) - see issue #187
207
+
208
+ * Play nicely with quick_scopes gem (thanks ramontayag) - see issue #183
209
+
210
+ * Fix odd behavior when "cache_classes = false" (thanks mphalliday) - see issue #174
211
+
212
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.4.0...1.4.1]
213
+
214
+
215
+ 1.4.0 (October 5, 2010)
216
+
217
+ * Adding Gemfile; to get specs running just +bundle+ and +rake+ - see issue #163
218
+
219
+ * Stop at 'cannot' definition when there are no conditions - see issue #161
220
+
221
+ * The :through option will now call a method with that name if instance variable doesn't exist - see issue #146
222
+
223
+ * Adding :shallow option to load_resource to bring back old behavior of fetching a child without a parent
224
+
225
+ * Raise AccessDenied error when loading a child and parent resource isn't found
226
+
227
+ * Abilities defined on a module will apply to anything that includes that module - see issue #150 and #152
228
+
229
+ * Abilities can be defined with a string of SQL in addition to a block so accessible_by works with a block - see issue #150
230
+
231
+ * Adding better support for InheritedResource - see issue #23
232
+
233
+ * Loading the collection instance variable (for index action) using accessible_by - see issue #137
234
+
235
+ * Adding action and subject variables to I18n unauthorized message - closes #142
236
+
237
+ * Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135
238
+
239
+ * Setting initial attributes based on ability conditions in new/create actions - see issue #114
240
+
241
+ * Check parent attributes for nested association in index action - see issue #121
242
+
243
+ * Supporting nesting in can? method using hash - see issue #121
244
+
245
+ * Adding I18n support for Access Denied messages (thanks EppO) - see issue #103
246
+
247
+ * Passing no arguments to +can+ definition will pass action, class, and object to block - see issue #129
248
+
249
+ * Don't pass action to block in +can+ definition when using :+manage+ option - see issue #129
250
+
251
+ * No longer calling block in +can+ definition when checking on class - see issue #116
252
+
253
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.4...1.4.0]
254
+
255
+
256
+ 1.3.4 (August 31, 2010)
257
+
258
+ * Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131
259
+
260
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.3...1.3.4]
261
+
262
+
263
+ 1.3.3 (August 20, 2010)
264
+
265
+ * Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119
266
+
267
+ * Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123
268
+
269
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.2...1.3.3]
270
+
271
+
272
+ 1.3.2 (August 7, 2010)
273
+
274
+ * Fixing slice error when passing in custom resource name - see issue #112
275
+
276
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.1...1.3.2]
277
+
278
+
279
+ 1.3.1 (August 6, 2010)
280
+
281
+ * Fixing protected sanitize_sql error - see issue #111
282
+
283
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.0...1.3.1]
284
+
285
+
286
+ 1.3.0 (August 6, 2010)
287
+
288
+ * Adding :find_by option to load_resource - see issue #19
289
+
290
+ * Adding :singleton option to load_resource - see issue #93
291
+
292
+ * Supporting multiple resources in :through option for polymorphic associations - see issue #73
293
+
294
+ * Supporting Single Table Inheritance for "can" comparisons - see issue #55
295
+
296
+ * Adding :instance_name option to load/authorize_resource - see issue #44
297
+
298
+ * Don't pass nil to "new" to keep MongoMapper happy - see issue #63
299
+
300
+ * Parent resources are now authorized with :read action.
301
+
302
+ * Changing :resource option in load/authorize_resource back to :class with ability to pass false
303
+
304
+ * Removing :nested option in favor of :through option with separate load/authorize call
305
+
306
+ * Moving internal logic from ResourceAuthorization to ControllerResource class
307
+
308
+ * Supporting multiple "can" and "cannot" calls with accessible_by (thanks funny-falcon) - see issue #71
309
+
310
+ * Supporting deeply nested aliases - see issue #98
311
+
312
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.2.0...1.3.0]
313
+
314
+
315
+ 1.2.0 (July 16, 2010)
316
+
317
+ * Load nested parent resources on collection actions such as "index" (thanks dohzya)
318
+
319
+ * Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65
320
+
321
+ * Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66
322
+
323
+ * Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62
324
+
325
+ * Support has_many association or arrays in can conditions hash
326
+
327
+ * Adding joins clause to accessible_by when conditions are across associations
328
+
329
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.1.1...1.2.0]
330
+
331
+
332
+ 1.1.1 (April 17, 2010)
333
+
334
+ * Fixing behavior in Rails 3 by properly initializing ResourceAuthorization
335
+
336
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.1...1.1.1]
337
+
338
+
339
+ 1.1.0 (April 17, 2010)
340
+
341
+ * Supporting arrays, ranges, and nested hashes in ability conditions
342
+
343
+ * Removing "unauthorized!" method in favor of "authorize!" in controllers
344
+
345
+ * Adding action, subject and default_message abilities to AccessDenied exception - see issue #40
346
+
347
+ * Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.
348
+
349
+ * Adding "accessible_by" method to Active Record for fetching records matching a specific ability
350
+
351
+ * Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53
352
+
353
+ * Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45
354
+
355
+ * Properly handle Admin::AbilitiesController in params[:controller] - see issue #46
356
+
357
+ * Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54
358
+
359
+ * Support additional arguments to can? which get passed to the block - see issue #48
360
+
361
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.2...1.1]
362
+
363
+
364
+ 1.0.2 (Dec 30, 2009)
365
+
366
+ * Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
367
+
368
+ * Append aliased actions (don't overwrite them) - see issue #20
369
+
370
+ * Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
371
+
372
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.1...1.0.2]
373
+
374
+
375
+ 1.0.1 (Dec 14, 2009)
376
+
377
+ * Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
378
+
379
+ * Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
380
+
381
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.0...1.0.1]
382
+
383
+
384
+ 1.0.0 (Dec 13, 2009)
385
+
386
+ * Don't set resource instance variable if it has been set already - see issue #13
387
+
388
+ * Allowing :nested option to accept an array for deep nesting
389
+
390
+ * Adding :nested option to load resource method - see issue #10
391
+
392
+ * Pass :only and :except options to before filters for load/authorize resource methods.
393
+
394
+ * Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.
395
+
396
+ * BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.
397
+
398
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.2.1...1.0.0]
399
+
400
+
401
+ 0.2.1 (Nov 26, 2009)
402
+
403
+ * many internal refactorings - see issues #11 and #12
404
+
405
+ * adding "cannot" method to define which abilities cannot be done - see issue #7
406
+
407
+ * support custom objects (usually symbols) in can definition - see issue #8
408
+
409
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.2.0...0.2.1]
410
+
411
+
412
+ 0.2.0 (Nov 17, 2009)
413
+
414
+ * fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3
415
+
416
+ * support arrays being passed to "can" to specify multiple actions or classes - see issue #2
417
+
418
+ * adding "cannot?" method to ability, controller, and view which is inverse of "can?" - see issue #1
419
+
420
+ * BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4
421
+
422
+ * {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.1.0...0.2.0]
423
+
424
+
425
+ 0.1.0 (Nov 16, 2009)
426
+
427
+ * initial release
@@ -0,0 +1,11 @@
1
+ ### Please read before contributing
2
+
3
+ 1) If you have any questions about CanCan, search the [Wiki](https://github.com/bryanrite/cancancan/wiki) or use [Stack Overflow](http://stackoverflow.com/questions/tagged/cancancan). Do not post questions here.
4
+
5
+ 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [bryan@bryanrite.com](mailto:bryan@bryanrite.com) instead.
6
+
7
+ 3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. In case it was not, create your report including Rails and CanCan versions. If you are getting exceptions, please include the full backtrace.
8
+
9
+ That's it! The more information you give, the more easy it becomes for us to track it down and fix it. Ideal scenario would be adding the issue to CanCan test suite or to a sample application.
10
+
11
+ Thanks!