cancancan 1.7.1 → 1.8.0

data/spec/cancan/inherited_resource_spec.rb

@@ -1,60 +1,71 @@
 require "spec_helper"
 
 describe CanCan::InheritedResource do
+  let(:ability) { Ability.new(nil) }
+  let(:params) { HashWithIndifferentAccess.new(:controller => "models") }
+  let(:controller_class) { Class.new }
+  let(:controller) { controller_class.new }
+
   before(:each) do
-    @params = HashWithIndifferentAccess.new(:controller => "projects")
-    @controller_class = Class.new
-    @controller = @controller_class.new
-    @ability = Ability.new(nil)
-    allow(@controller).to receive(:params).and_return { @params }
-    allow(@controller).to receive(:current_ability) { @ability }
-    allow(@controller_class).to receive(:cancan_skipper) { {:authorize => {}, :load => {}} }
+    class Model
+      attr_accessor :name
+
+      def initialize(attributes={})
+        attributes.each do |attribute, value|
+          send("#{attribute}=", value)
+        end
+      end
+    end
+
+    allow(controller).to receive(:params) { params }
+    allow(controller).to receive(:current_ability) { ability }
+    allow(controller_class).to receive(:cancan_skipper) { {:authorize => {}, :load => {}} }
   end
 
-  it "show loads resource through @controller.resource" do
-    @params.merge!(:action => "show", :id => 123)
-    allow(@controller).to receive(:resource) { :project_resource }
-    CanCan::InheritedResource.new(@controller).load_resource
-    expect(@controller.instance_variable_get(:@project)).to eq(:project_resource)
+  it "show loads resource through controller.resource" do
+    params.merge!(:action => "show", :id => 123)
+    allow(controller).to receive(:resource) { :model_resource }
+    CanCan::InheritedResource.new(controller).load_resource
+    expect(controller.instance_variable_get(:@model)).to eq(:model_resource)
   end
 
-  it "new loads through @controller.build_resource" do
-    @params[:action] = "new"
-    allow(@controller).to receive(:build_resource) { :project_resource }
-    CanCan::InheritedResource.new(@controller).load_resource
-    expect(@controller.instance_variable_get(:@project)).to eq(:project_resource)
+  it "new loads through controller.build_resource" do
+    params[:action] = "new"
+    allow(controller).to receive(:build_resource) { :model_resource }
+    CanCan::InheritedResource.new(controller).load_resource
+    expect(controller.instance_variable_get(:@model)).to eq(:model_resource)
   end
 
-  it "index loads through @controller.association_chain when parent" do
-    @params[:action] = "index"
-    allow(@controller).to receive(:association_chain) { @controller.instance_variable_set(:@project, :project_resource) }
-    CanCan::InheritedResource.new(@controller, :parent => true).load_resource
-    expect(@controller.instance_variable_get(:@project)).to eq(:project_resource)
+  it "index loads through controller.association_chain when parent" do
+    params[:action] = "index"
+    allow(controller).to receive(:association_chain) { controller.instance_variable_set(:@model, :model_resource) }
+    CanCan::InheritedResource.new(controller, :parent => true).load_resource
+    expect(controller.instance_variable_get(:@model)).to eq(:model_resource)
   end
 
-  it "index loads through @controller.end_of_association_chain" do
-    @params[:action] = "index"
-    allow(Project).to receive(:accessible_by).with(@ability, :index) { :projects }
-    allow(@controller).to receive(:end_of_association_chain) { Project }
-    CanCan::InheritedResource.new(@controller).load_resource
-    expect(@controller.instance_variable_get(:@projects)).to eq(:projects)
+  it "index loads through controller.end_of_association_chain" do
+    params[:action] = "index"
+    allow(Model).to receive(:accessible_by).with(ability, :index) { :projects }
+    allow(controller).to receive(:end_of_association_chain) { Model }
+    CanCan::InheritedResource.new(controller).load_resource
+    expect(controller.instance_variable_get(:@models)).to eq(:projects)
   end
 
   it "builds a new resource with attributes from current ability" do
-    @params[:action] = "new"
-    @ability.can(:create, Project, :name => "from conditions")
-    allow(@controller).to receive(:build_resource) { Struct.new(:name).new }
-    resource = CanCan::InheritedResource.new(@controller)
+    params[:action] = "new"
+    ability.can(:create, Model, :name => "from conditions")
+    allow(controller).to receive(:build_resource) { Struct.new(:name).new }
+    resource = CanCan::InheritedResource.new(controller)
     resource.load_resource
-    expect(@controller.instance_variable_get(:@project).name).to eq("from conditions")
+    expect(controller.instance_variable_get(:@model).name).to eq("from conditions")
   end
 
   it "overrides initial attributes with params" do
-    @params.merge!(:action => "new", :project => {:name => "from params"})
-    @ability.can(:create, Project, :name => "from conditions")
-    allow(@controller).to receive(:build_resource) { Struct.new(:name).new }
-    resource = CanCan::ControllerResource.new(@controller)
+    params.merge!(:action => "new", :model => {:name => "from params"})
+    ability.can(:create, Model, :name => "from conditions")
+    allow(controller).to receive(:build_resource) { Struct.new(:name).new }
+    resource = CanCan::ControllerResource.new(controller)
     resource.load_resource
-    expect(@controller.instance_variable_get(:@project).name).to eq("from params")
+    expect(controller.instance_variable_get(:@model).name).to eq("from params")
   end
 end

data/spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -2,61 +2,65 @@ require "spec_helper"
 
 if defined? CanCan::ModelAdapters::ActiveRecordAdapter
 
-  RSpec.configure do |config|
-    config.extend WithModel
-  end
+  describe CanCan::ModelAdapters::ActiveRecordAdapter do
 
-  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+    before :each do
+      ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+      ActiveRecord::Migration.verbose = false
+      ActiveRecord::Schema.define do
+        create_table(:categories) do |t|
+          t.string :name
+          t.boolean :visible
+          t.timestamps
+        end
+
+        create_table(:projects) do |t|
+          t.string :name
+          t.timestamps
+        end
+
+        create_table(:articles) do |t|
+          t.string :name
+          t.timestamps
+          t.boolean :published
+          t.boolean :secret
+          t.integer :priority
+          t.integer :category_id
+          t.integer :user_id
+        end
+
+        create_table(:comments) do |t|
+          t.boolean :spam
+          t.integer :article_id
+          t.timestamps
+        end
+
+        create_table(:users) do |t|
+          t.timestamps
+        end
+      end
 
-  describe CanCan::ModelAdapters::ActiveRecordAdapter do
-    with_model :category do
-      table do |t|
-        t.string "name"
-        t.boolean "visible"
+      class Project < ActiveRecord::Base
       end
-      model do
+
+      class Category < ActiveRecord::Base
         has_many :articles
       end
-    end
 
-    with_model :article do
-      table do |t|
-        t.string  "name"
-        t.boolean "published"
-        t.boolean "secret"
-        t.integer "priority"
-        t.integer "category_id"
-        t.integer "user_id"
-      end
-      model do
+      class Article < ActiveRecord::Base
         belongs_to :category
         has_many :comments
         belongs_to :user
       end
-    end
 
-    with_model :comment do
-      table do |t|
-        t.boolean "spam"
-        t.integer "article_id"
-      end
-      model do
+      class Comment < ActiveRecord::Base
         belongs_to :article
       end
-    end
 
-    with_model :user do
-      table do |t|
-
-      end
-      model do
+      class User < ActiveRecord::Base
         has_many :articles
       end
-    end
 
-    before(:each) do
-      Article.delete_all
-      Comment.delete_all
       (@ability = double).extend(CanCan::Ability)
       @article_table = Article.table_name
       @comment_table = Comment.table_name
@@ -295,60 +299,6 @@ if defined? CanCan::ModelAdapters::ActiveRecordAdapter
       expect(Article.accessible_by(ability)).to eq([article])
     end
 
-    it "restricts articles given a MetaWhere condition" do
-      @ability.can :read, Article, :priority.lt => 2
-      article1 = Article.create!(:priority => 1)
-      article2 = Article.create!(:priority => 3)
-      expect(Article.accessible_by(@ability)).to eq([article1])
-      expect(@ability).to be_able_to(:read, article1)
-      expect(@ability).to_not be_able_to(:read, article2)
-    end
-
-    it "merges MetaWhere and non-MetaWhere conditions" do
-      @ability.can :read, Article, :priority.lt => 2
-      @ability.can :read, Article, :priority => 1
-      article1 = Article.create!(:priority => 1)
-      article2 = Article.create!(:priority => 3)
-      expect(Article.accessible_by(@ability)).to eq([article1])
-      expect(@ability).to be_able_to(:read, article1)
-      expect(@ability).to_not be_able_to(:read, article2)
-    end
-
-    it "matches any MetaWhere condition" do
-      adapter = CanCan::ModelAdapters::ActiveRecordAdapter
-      article1 = Article.new(:priority => 1, :name => "Hello World")
-      expect(adapter.matches_condition?(article1, :priority.eq, 1)).to be_true
-      expect(adapter.matches_condition?(article1, :priority.eq, 2)).to be_false
-      expect(adapter.matches_condition?(article1, :priority.eq_any, [1, 2])).to be_true
-      expect(adapter.matches_condition?(article1, :priority.eq_any, [2, 3])).to be_false
-      expect(adapter.matches_condition?(article1, :priority.eq_all, [1, 1])).to be_true
-      expect(adapter.matches_condition?(article1, :priority.eq_all, [1, 2])).to be_false
-      expect(adapter.matches_condition?(article1, :priority.ne, 2)).to be_true
-      expect(adapter.matches_condition?(article1, :priority.ne, 1)).to be_false
-      expect(adapter.matches_condition?(article1, :priority.in, [1, 2])).to be_true
-      expect(adapter.matches_condition?(article1, :priority.in, [2, 3])).to be_false
-      expect(adapter.matches_condition?(article1, :priority.nin, [2, 3])).to be_true
-      expect(adapter.matches_condition?(article1, :priority.nin, [1, 2])).to be_false
-      expect(adapter.matches_condition?(article1, :priority.lt, 2)).to be_true
-      expect(adapter.matches_condition?(article1, :priority.lt, 1)).to be_false
-      expect(adapter.matches_condition?(article1, :priority.lteq, 1)).to be_true
-      expect(adapter.matches_condition?(article1, :priority.lteq, 0)).to be_false
-      expect(adapter.matches_condition?(article1, :priority.gt, 0)).to be_true
-      expect(adapter.matches_condition?(article1, :priority.gt, 1)).to be_false
-      expect(adapter.matches_condition?(article1, :priority.gteq, 1)).to be_true
-      expect(adapter.matches_condition?(article1, :priority.gteq, 2)).to be_false
-      expect(adapter.matches_condition?(article1, :name.like, "%ello worl%")).to be_true
-      expect(adapter.matches_condition?(article1, :name.like, "hello world")).to be_true
-      expect(adapter.matches_condition?(article1, :name.like, "hello%")).to be_true
-      expect(adapter.matches_condition?(article1, :name.like, "h%d")).to be_true
-      expect(adapter.matches_condition?(article1, :name.like, "%helo%")).to be_false
-      expect(adapter.matches_condition?(article1, :name.like, "hello")).to be_false
-      expect(adapter.matches_condition?(article1, :name.like, "hello.world")).to be_false
-      # For some reason this is reporting "The not_matches MetaWhere condition is not supported."
-      # expect(adapter.matches_condition?(article1, :name.nlike, "%helo%")).to be_true
-      # expect(adapter.matches_condition?(article1, :name.nlike, "%ello worl%")).to be_false
-    end
-
     it 'should not execute a scope when checking ability on the class' do
       relation = Article.where(:secret => true)
       @ability.can :read, Article, relation do |article|
@@ -359,5 +309,69 @@ if defined? CanCan::ModelAdapters::ActiveRecordAdapter
 
       expect { @ability.can? :read, Article }.not_to raise_error
     end
+
+    context "when MetaWhere is defined" do
+
+      before :each do
+        pending "[Deprecated] MetaWhere support is being removed" unless defined? MetaWhere
+      end
+
+      it "restricts articles given a MetaWhere condition" do
+        # pending "[Deprecated] MetaWhere support is being removed" unless defined? MetaWhere
+        @ability.can :read, Article, :priority.lt => 2
+        article1 = Article.create!(:priority => 1)
+        article2 = Article.create!(:priority => 3)
+        expect(Article.accessible_by(@ability)).to eq([article1])
+        expect(@ability).to be_able_to(:read, article1)
+        expect(@ability).to_not be_able_to(:read, article2)
+      end
+
+      it "merges MetaWhere and non-MetaWhere conditions" do
+        # pending "[Deprecated] MetaWhere support is being removed" unless defined? MetaWhere
+        @ability.can :read, Article, :priority.lt => 2
+        @ability.can :read, Article, :priority => 1
+        article1 = Article.create!(:priority => 1)
+        article2 = Article.create!(:priority => 3)
+        expect(Article.accessible_by(@ability)).to eq([article1])
+        expect(@ability).to be_able_to(:read, article1)
+        expect(@ability).to_not be_able_to(:read, article2)
+      end
+
+      it "matches any MetaWhere condition" do
+
+        adapter = CanCan::ModelAdapters::ActiveRecordAdapter
+        article1 = Article.new(:priority => 1, :name => "Hello World")
+        expect(adapter.matches_condition?(article1, :priority.eq, 1)).to be_true
+        expect(adapter.matches_condition?(article1, :priority.eq, 2)).to be_false
+        expect(adapter.matches_condition?(article1, :priority.eq_any, [1, 2])).to be_true
+        expect(adapter.matches_condition?(article1, :priority.eq_any, [2, 3])).to be_false
+        expect(adapter.matches_condition?(article1, :priority.eq_all, [1, 1])).to be_true
+        expect(adapter.matches_condition?(article1, :priority.eq_all, [1, 2])).to be_false
+        expect(adapter.matches_condition?(article1, :priority.ne, 2)).to be_true
+        expect(adapter.matches_condition?(article1, :priority.ne, 1)).to be_false
+        expect(adapter.matches_condition?(article1, :priority.in, [1, 2])).to be_true
+        expect(adapter.matches_condition?(article1, :priority.in, [2, 3])).to be_false
+        expect(adapter.matches_condition?(article1, :priority.nin, [2, 3])).to be_true
+        expect(adapter.matches_condition?(article1, :priority.nin, [1, 2])).to be_false
+        expect(adapter.matches_condition?(article1, :priority.lt, 2)).to be_true
+        expect(adapter.matches_condition?(article1, :priority.lt, 1)).to be_false
+        expect(adapter.matches_condition?(article1, :priority.lteq, 1)).to be_true
+        expect(adapter.matches_condition?(article1, :priority.lteq, 0)).to be_false
+        expect(adapter.matches_condition?(article1, :priority.gt, 0)).to be_true
+        expect(adapter.matches_condition?(article1, :priority.gt, 1)).to be_false
+        expect(adapter.matches_condition?(article1, :priority.gteq, 1)).to be_true
+        expect(adapter.matches_condition?(article1, :priority.gteq, 2)).to be_false
+        expect(adapter.matches_condition?(article1, :name.like, "%ello worl%")).to be_true
+        expect(adapter.matches_condition?(article1, :name.like, "hello world")).to be_true
+        expect(adapter.matches_condition?(article1, :name.like, "hello%")).to be_true
+        expect(adapter.matches_condition?(article1, :name.like, "h%d")).to be_true
+        expect(adapter.matches_condition?(article1, :name.like, "%helo%")).to be_false
+        expect(adapter.matches_condition?(article1, :name.like, "hello")).to be_false
+        expect(adapter.matches_condition?(article1, :name.like, "hello.world")).to be_false
+        # For some reason this is reporting "The not_matches MetaWhere condition is not supported."
+        # expect(adapter.matches_condition?(article1, :name.nlike, "%helo%")).to be_true
+        # expect(adapter.matches_condition?(article1, :name.nlike, "%ello worl%")).to be_false
+      end
+    end
   end
 end

data/spec/cancan/model_adapters/sequel_adapter_spec.rb

@@ -0,0 +1,148 @@
+if ENV["MODEL_ADAPTER"] == "sequel"
+  require "spec_helper"
+
+  DB = Sequel.sqlite
+
+  DB.create_table :users do
+    primary_key :id
+    String :name
+  end
+
+  class User < Sequel::Model
+    one_to_many :articles
+  end
+
+  DB.create_table :articles do
+    primary_key :id
+    String :name
+    TrueClass :published
+    TrueClass :secret
+    Integer :priority
+    foreign_key :user_id, :users
+  end
+
+  class Article < Sequel::Model
+    many_to_one :user
+    one_to_many :comments
+  end
+
+  DB.create_table :comments do
+    primary_key :id
+    TrueClass :spam
+    foreign_key :article_id, :articles
+  end
+
+  class Comment < Sequel::Model
+    many_to_one :article
+  end
+
+  describe CanCan::ModelAdapters::SequelAdapter do
+    before(:each) do
+      Comment.dataset.delete
+      Article.dataset.delete
+      User.dataset.delete
+      @ability = Object.new
+      @ability.extend(CanCan::Ability)
+    end
+
+    it "should be for only sequel model classes" do
+      CanCan::ModelAdapters::SequelAdapter.should_not be_for_class(Object)
+      CanCan::ModelAdapters::SequelAdapter.should be_for_class(Article)
+      CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article).should == CanCan::ModelAdapters::SequelAdapter
+    end
+
+    it "should find record" do
+      article = Article.create
+      CanCan::ModelAdapters::SequelAdapter.find(Article, article.id).should == article
+    end
+
+    it "should not fetch any records when no abilities are defined" do
+      Article.create
+      Article.accessible_by(@ability).all.should be_empty
+    end
+
+    it "should fetch all articles when one can read all" do
+      @ability.can :read, Article
+      article = Article.create
+      @ability.should be_able_to(:read, article)
+      Article.accessible_by(@ability).all.should == [article]
+    end
+
+    it "should fetch only the articles that are published" do
+      @ability.can :read, Article, :published => true
+      article1 = Article.create(:published => true)
+      article2 = Article.create(:published => false)
+      @ability.should be_able_to(:read, article1)
+      @ability.should_not be_able_to(:read, article2)
+      Article.accessible_by(@ability).all.should == [article1]
+    end
+
+    it "should fetch any articles which are published or secret" do
+      @ability.can :read, Article, :published => true
+      @ability.can :read, Article, :secret => true
+      article1 = Article.create(:published => true, :secret => false)
+      article2 = Article.create(:published => true, :secret => true)
+      article3 = Article.create(:published => false, :secret => true)
+      article4 = Article.create(:published => false, :secret => false)
+      @ability.should be_able_to(:read, article1)
+      @ability.should be_able_to(:read, article2)
+      @ability.should be_able_to(:read, article3)
+      @ability.should_not be_able_to(:read, article4)
+      Article.accessible_by(@ability).all.should == [article1, article2, article3]
+    end
+
+    it "should fetch only the articles that are published and not secret" do
+      @ability.can :read, Article, :published => true
+      @ability.cannot :read, Article, :secret => true
+      article1 = Article.create(:published => true, :secret => false)
+      article2 = Article.create(:published => true, :secret => true)
+      article3 = Article.create(:published => false, :secret => true)
+      article4 = Article.create(:published => false, :secret => false)
+      @ability.should be_able_to(:read, article1)
+      @ability.should_not be_able_to(:read, article2)
+      @ability.should_not be_able_to(:read, article3)
+      @ability.should_not be_able_to(:read, article4)
+      Article.accessible_by(@ability).all.should == [article1]
+    end
+
+    it "should only read comments for articles which are published" do
+      @ability.can :read, Comment, :article => { :published => true }
+      comment1 = Comment.create(:article => Article.create(:published => true))
+      comment2 = Comment.create(:article => Article.create(:published => false))
+      @ability.should be_able_to(:read, comment1)
+      @ability.should_not be_able_to(:read, comment2)
+      Comment.accessible_by(@ability).all.should == [comment1]
+    end
+
+    it "should only read comments for articles which are published and user is 'me'" do
+      @ability.can :read, Comment, :article => { :user => { :name => 'me' }, :published => true }
+      user1 = User.create(:name => 'me')
+      comment1 = Comment.create(:article => Article.create(:published => true, :user => user1))
+      comment2 = Comment.create(:article => Article.create(:published => true))
+      comment3 = Comment.create(:article => Article.create(:published => false, :user => user1))
+      @ability.should be_able_to(:read, comment1)
+      @ability.should_not be_able_to(:read, comment2)
+      @ability.should_not be_able_to(:read, comment3)
+      Comment.accessible_by(@ability).all.should == [comment1]
+    end
+
+    it "should allow conditions in SQL and merge with hash conditions" do
+      @ability.can :read, Article, :published => true
+      @ability.can :read, Article, ["secret=?", true] do |article|
+        article.secret
+      end
+      @ability.cannot :read, Article, "priority > 1" do |article|
+        article.priority > 1
+      end
+      article1 = Article.create(:published => true, :secret => false, :priority => 1)
+      article2 = Article.create(:published => true, :secret => true, :priority => 1)
+      article3 = Article.create(:published => true, :secret => true, :priority => 2)
+      article4 = Article.create(:published => false, :secret => false, :priority => 2)
+      @ability.should be_able_to(:read, article1)
+      @ability.should be_able_to(:read, article2)
+      @ability.should_not be_able_to(:read, article3)
+      @ability.should_not be_able_to(:read, article4)
+      Article.accessible_by(@ability).all.should == [article1, article2]
+    end
+  end
+end