cancancan 1.7.1 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8b59519bf23ea010add87e590aa543603311e94d
-  data.tar.gz: d5d584471d88253c065dc4fb4cc6019e89f8628c
+  metadata.gz: 7079b16052c2f98ebe67d6ce08e390188bca856d
+  data.tar.gz: faa43141ca3124dbe3d40ceb30a76ca78bc56117
 SHA512:
-  metadata.gz: bc703861ff1b65926ae6f4f1cf0141a3942b06aba4b3d8809c3db037adb658b3bf8976ccb90fbe8373aad8c095ccdef517af992978678aa748f21a0673b4cc14
-  data.tar.gz: 688d72ac6ed5133c4166dc56621fa489b31de8320462a24baa7c83bb93103cc9bf7a0592baab9fe32f886bfd744fa9f75a7e379a8fc69ed175a96de88c5c2856
+  metadata.gz: 8168024035574501d8bef61033f458facb1b7173ed98d901b9b51aedc0c659470f6210beb308273de9cd437e4d75027eb39321f104a9e8dc8f933593f1a67aa1
+  data.tar.gz: e71e7aa4f2a66f0f660aa9ce224dff3c0de2efc3b0fb85d461113175e5349700bf4475f5f9ca7abf16c56457488a33b3b5d954e753b021f162428c5827e28cd5

data/.travis.yml

@@ -8,9 +8,12 @@ rvm:
   - jruby
   - rbx
 gemfile:
-  - gemfiles/rails_3.0.gemfile
-  - gemfiles/rails_3.0_datamapper.gemfile
-  - gemfiles/rails_3.0_mongoid.gemfile
+  - gemfiles/activerecord_3.0.gemfile
+  - gemfiles/activerecord_3.1.gemfile
+  - gemfiles/activerecord_3.2.gemfile
+  - gemfiles/datamapper_1.x.gemfile
+  - gemfiles/mongoid_2.x.gemfile
+  - gemfiles/sequel_3.x.gemfile
 services:
   - mongodb
 matrix:

data/Appraisals

@@ -1,6 +1,6 @@
-appraise "rails_3.0" do
+appraise "activerecord_3.0" do
   gem "activerecord", "~> 3.0.20", :require => "active_record"
-  gem "with_model", "~> 0.2.5"
+  gem 'activesupport', '~> 3.0.20', :require => 'active_support/all'
   gem "meta_where"
 
   gemfile.platforms :jruby do
@@ -13,16 +13,62 @@ appraise "rails_3.0" do
   end
 end
 
-appraise "rails_3.0_datamapper" do
+appraise "activerecord_3.1" do
+  gem "activerecord", "~> 3.1.0", :require => "active_record"
+
+  gemfile.platforms :jruby do
+    gem "activerecord-jdbcsqlite3-adapter"
+    gem "jdbc-sqlite3"
+  end
+
+  gemfile.platforms :ruby, :mswin, :mingw do
+    gem "sqlite3"
+  end
+end
+
+appraise "activerecord_3.2" do
+  gem "activerecord", "~> 3.2.0", :require => "active_record"
+
+  gemfile.platforms :jruby do
+    gem "activerecord-jdbcsqlite3-adapter"
+    gem "jdbc-sqlite3"
+  end
+
+  gemfile.platforms :ruby, :mswin, :mingw do
+    gem "sqlite3"
+  end
+end
+
+appraise "datamapper_1.x" do
+  gem 'activesupport', '~> 3.0', :require => 'active_support/all'
   gem "dm-core", "~> 1.0.2"
   gem "dm-sqlite-adapter", "~> 1.0.2"
   gem "dm-migrations", "~> 1.0.2"
 end
 
-appraise "rails_3.0_mongoid" do
+appraise "mongoid_2.x" do
+  gem 'activesupport', '~> 3.0', :require => 'active_support/all'
   gem "mongoid", "~> 2.0.0"
 
   gemfile.platforms :ruby, :mswin, :mingw do
     gem "bson_ext", "~> 1.1"
   end
+
+  gemfile.platforms :jruby do
+    gem "mongo", "~> 1.9.2"
+  end
+end
+
+appraise "sequel_3.x" do
+  gem "sequel", "~> 3.47.0"
+  gem 'activesupport', '~> 3.0', :require => 'active_support/all'
+
+  gemfile.platforms :jruby do
+    gem "activerecord-jdbcsqlite3-adapter"
+    gem "jdbc-sqlite3"
+  end
+
+  gemfile.platforms :ruby, :mswin, :mingw do
+    gem "sqlite3"
+  end
 end

data/CHANGELOG.rdoc

@@ -1,4 +1,15 @@
-Master
+Develop
+
+
+1.8.0 (May 8th, 2014)
+
+* Feature cancan#884 - Add a Sequel model adapter (szetobo)
+
+* Feature cancancan#3 - Permit "can?" check multiple subjects (cefigueiredo)
+
+* Feature cancancan#29 - Add ability to use a String that will get instance_eval'd or a Proc that will get called as the parameter method option for strong_parameter santization (svoop)
+
+* Feature cancancan#48 - Define a CanCanCan module. Even though it is not used, it is standard practice to define the module, and helpful for determining between CanCanCan and CanCan for external libraries.
 
 
 1.7.1 (March 19th, 2014)

data/README.rdoc

@@ -1,7 +1,7 @@
 = CanCanCan
 {<img src="https://badge.fury.io/rb/cancancan.png" alt="Gem Version" />}[http://badge.fury.io/rb/cancancan]
 {<img src="https://travis-ci.org/CanCanCommunity/cancancan.png?branch=master" alt="Build Status" />}[https://travis-ci.org/CanCanCommunity/cancancan]
-{<img src="https://codeclimate.com/github/bryanrite/cancancan.png?" alt="Code Climate" />}[https://codeclimate.com/github/bryanrite/cancancan]
+{<img src="https://codeclimate.com/github/CanCanCommunity/cancancan.png" />}[https://codeclimate.com/github/CanCanCommunity/cancancan]
 {<img src="http://inch-pages.github.io/github/CanCanCommunity/cancancan.png" alt="Inline docs" />}[http://inch-pages.github.io/github/CanCanCommunity/cancancan]
 
 Wiki[https://github.com/bryanrite/cancancan/wiki] | RDocs[http://rdoc.info/projects/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan]
@@ -22,7 +22,7 @@ Any help is greatly appreciated, feel free to submit pull-requests or open issue
 
 In <b>Rails 3 and 4</b>, add this to your Gemfile and run the +bundle+ command.
 
-  gem 'cancancan', '~> 1.7'
+  gem 'cancancan', '~> 1.8'
 
 In <b>Rails 2</b>, add this to your environment.rb file.
 
@@ -98,6 +98,8 @@ By default, CanCan will try to sanitize the input on <tt>:create</tt> and <tt>:u
 
 Additionally, <tt>load_and_authorize_resource</tt> can now take a <tt>param_method</tt> option to specify a custom method in the controller to run to sanitize input.
 
+You can associate the <tt>param_method</tt> option with a symbol corresponding to the name of a method that will get called:
+
   class ArticlesController < ApplicationController
     load_and_authorize_resource param_method: :my_sanitizer
 
@@ -116,6 +118,14 @@ Additionally, <tt>load_and_authorize_resource</tt> can now take a <tt>param_meth
     end
   end
 
+You can also use a string that will be evaluated in the context of the controller using <tt>instance_eval</tt> and needs to contain valid Ruby code. This does come in handy when using a PermittedParams class as suggested in Railscast 371:
+
+  load_and_authorize_resource param_method: 'permitted_params.article'
+
+Finally, it's possible to associate <tt>param_method</tt> with a Proc object which will be called with the controller as the only argument:
+
+  load_and_authorize_resource param_method: Proc.new { |c| c.params.require(:article).permit(:name) }
+
 See {Strong Parameters}[https://github.com/bryanrite/cancancan/wiki/Strong-Parameters] for more information.
 
 === 3. Handle Unauthorized Access

data/Rakefile

@@ -1,6 +1,4 @@
 require "bundler/gem_tasks"
-require 'rubygems'
-require 'rake'
 require 'rspec/core/rake_task'
 
 desc "Run RSpec"

data/cancancan.gemspec

@@ -22,9 +22,10 @@ Gem::Specification.new do |s|
   s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
   s.required_rubygems_version = ">= 1.3.4"
 
+  s.add_development_dependency 'bundler', '~> 1.3'
+  s.add_development_dependency 'rake', '~> 10.1.1'
   s.add_development_dependency 'rspec', '~> 2.14'
-  s.add_development_dependency 'supermodel', '~> 0.1.6'
-  s.add_development_dependency 'appraisal', '>= 1.0.0.beta3'
+  s.add_development_dependency 'appraisal', '>= 1.0.0'
 
   s.rubyforge_project = s.name
 end

data/gemfiles/activerecord_3.0.gemfile

@@ -0,0 +1,18 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 3.0.20", :require => "active_record"
+gem "activesupport", "~> 3.0.20", :require => "active_support/all"
+gem "meta_where"
+
+platforms :jruby do
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jdbc-sqlite3"
+end
+
+platforms :ruby, :mswin, :mingw do
+  gem "sqlite3"
+end
+
+gemspec :path => "../"

data/gemfiles/{rails_3.0.gemfile → activerecord_3.1.gemfile}

@@ -2,9 +2,7 @@
 
 source "https://rubygems.org"
 
-gem "activerecord", "~> 3.0.20", :require=>"active_record"
-gem "with_model", "~> 0.2.5"
-gem "meta_where"
+gem "activerecord", "~> 3.1.0", :require => "active_record"
 
 platforms :jruby do
   gem "activerecord-jdbcsqlite3-adapter"
@@ -15,4 +13,4 @@ platforms :ruby, :mswin, :mingw do
   gem "sqlite3"
 end
 
-gemspec :path=>".././"
+gemspec :path => "../"

data/gemfiles/activerecord_3.2.gemfile

@@ -0,0 +1,16 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 3.2.0", :require => "active_record"
+
+platforms :jruby do
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jdbc-sqlite3"
+end
+
+platforms :ruby, :mswin, :mingw do
+  gem "sqlite3"
+end
+
+gemspec :path => "../"

data/gemfiles/{rails_3.0_datamapper.gemfile → datamapper_1.x.gemfile}

@@ -2,8 +2,9 @@
 
 source "https://rubygems.org"
 
+gem "activesupport", "~> 3.0", :require => "active_support/all"
 gem "dm-core", "~> 1.0.2"
 gem "dm-sqlite-adapter", "~> 1.0.2"
 gem "dm-migrations", "~> 1.0.2"
 
-gemspec :path=>".././"
+gemspec :path => "../"

data/gemfiles/{rails_3.0_mongoid.gemfile → mongoid_2.x.gemfile}

@@ -2,10 +2,15 @@
 
 source "https://rubygems.org"
 
+gem "activesupport", "~> 3.0", :require => "active_support/all"
 gem "mongoid", "~> 2.0.0"
 
 platforms :ruby, :mswin, :mingw do
   gem "bson_ext", "~> 1.1"
 end
 
-gemspec :path=>".././"
+platforms :jruby do
+  gem "mongo", "~> 1.9.2"
+end
+
+gemspec :path => "../"

data/gemfiles/sequel_3.x.gemfile

@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "sequel", "~> 3.47.0"
+gem "activesupport", "~> 3.0", :require => "active_support/all"
+
+platforms :jruby do
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jdbc-sqlite3"
+end
+
+platforms :ruby, :mswin, :mingw do
+  gem "sqlite3"
+end
+
+gemspec :path => "../"

data/lib/cancan.rb

@@ -12,3 +12,4 @@ require 'cancan/model_adapters/default_adapter'
 require 'cancan/model_adapters/active_record_adapter' if defined? ActiveRecord
 require 'cancan/model_adapters/data_mapper_adapter' if defined? DataMapper
 require 'cancan/model_adapters/mongoid_adapter' if defined?(Mongoid) && defined?(Mongoid::Document)
+require 'cancan/model_adapters/sequel_adapter' if defined? Sequel

data/lib/cancan/ability.rb

@@ -29,6 +29,13 @@ module CanCan
     #
     #   can? :create, @category => Project
     #
+    # You can also pass multiple objects to check. You only need to pass a hash
+    # following the pattern { :any => [many subjects] }. The behaviour is check if
+    # there is a permission on any of the given objects.
+    #
+    #   can? :create, {:any => [Project, Rule]}
+    #
+    #
     # Any additional arguments will be passed into the "can" block definition. This
     # can be used to pass more information about the user's request for example.
     #
@@ -54,12 +61,16 @@ module CanCan
     #
     # Also see the RSpec Matchers to aid in testing.
     def can?(action, subject, *extra_args)
-      match = relevant_rules_for_match(action, subject).detect do |rule|
-        rule.matches_conditions?(action, subject, extra_args)
-      end
+      subject = extract_subjects(subject)
+
+      match = subject.map do |subject|
+        relevant_rules_for_match(action, subject).detect do |rule|
+          rule.matches_conditions?(action, subject, extra_args)
+        end
+      end.compact.first
+
       match ? match.base_behavior : false
     end
-
     # Convenience method which works the same as "can?" but returns the opposite value.
     #
     #   cannot? :destroy, @project
@@ -272,6 +283,15 @@ module CanCan
       @expanded_actions ||= {}
     end
 
+    # It translates to an array the subject or the hash with multiple subjects given to can?.
+    def extract_subjects(subject)
+      subject = if subject.respond_to?(:keys) && subject.key?(:any)
+        subject[:any]
+      else
+        [subject]
+      end
+    end
+
     # Given an action, it will try to find all of the actions which are aliased to it.
     # This does the opposite kind of lookup as expand_actions.
     def aliases_for_action(action)

data/lib/cancan/controller_resource.rb

@@ -221,7 +221,11 @@ module CanCan
 
     def resource_params
       if param_actions.include?(@params[:action].to_sym) && params_method.present?
-        return @controller.send(params_method)
+        return case params_method
+          when Symbol then @controller.send(params_method)
+          when String then @controller.instance_eval(params_method)
+          when Proc then params_method.call(@controller)
+        end
       elsif @options[:class]
         params_key = extract_key(@options[:class])
         return @params[params_key] if @params[params_key]
@@ -236,7 +240,7 @@ module CanCan
 
     def params_method
       params_methods.each do |method|
-        return method if @controller.respond_to?(method, true)
+        return method if (method.is_a?(Symbol) && @controller.respond_to?(method, true)) || method.is_a?(String) || method.is_a?(Proc)
       end
       nil
     end

data/lib/cancan/model_adapters/sequel_adapter.rb

@@ -0,0 +1,87 @@
+module CanCan
+  module ModelAdapters
+    class SequelAdapter < AbstractAdapter
+      def self.for_class?(model_class)
+        model_class <= Sequel::Model
+      end
+
+      def self.find(model_class, id)
+        model_class[id]
+      end
+
+      def self.override_condition_matching?(subject, name, value)
+        value.kind_of?(Hash)
+      end
+
+      def self.matches_condition?(subject, name, value)
+        obj = subject.send(name)
+        if obj.nil?
+          false
+        else
+          value.each do |k, v|
+            if v.kind_of?(Hash)
+              return false unless self.matches_condition?(obj, k, v)
+            elsif obj.send(k) != v
+              return false
+            end
+          end
+        end
+      end
+
+      def database_records
+        if @rules.size == 0
+          @model_class.where('1=0')
+        else
+          # only need to process can rules if there are no can rule with empty conditions
+          rules = @rules.reject { |rule| rule.base_behavior && rule.conditions.empty? }
+          rules.reject! { |rule| rule.base_behavior } if rules.count < @rules.count
+
+          can_condition_added = false
+          rules.reverse.inject(@model_class.dataset) do |records, rule|
+            normalized_conditions = normalize_conditions(rule.conditions)
+            if rule.base_behavior
+              if can_condition_added
+                records.or normalized_conditions
+              else
+                can_condition_added = true
+                records.where normalized_conditions
+              end
+            else
+              records.exclude normalized_conditions
+            end
+          end
+        end
+      end
+
+      private
+
+      def normalize_conditions(conditions, model_class = @model_class)
+        return conditions unless conditions.kind_of? Hash
+        conditions.inject({}) do |result_hash, (name, value)|
+          if value.kind_of? Hash
+            value = value.dup
+            association_class = model_class.association_reflection(name).associated_class
+            nested = value.inject({}) do |nested, (k, v)|
+              if v.kind_of?(Hash)
+                value.delete(k)
+                nested_class = association_class.association_reflection(k).associated_class
+                nested[k] = nested_class.where(normalize_conditions(v, association_class))
+              else
+                nested[k] = v
+              end
+              nested
+            end
+            result_hash[name] = association_class.where(nested)
+          else
+            result_hash[name] = value
+          end
+          result_hash
+        end
+      end
+    end
+  end
+end
+
+Sequel::Model.class_eval do
+  include CanCan::ModelAdditions
+end