cancancan 2.1.0 → 2.1.1

data/lib/cancan/controller_resource_name_finder.rb

@@ -0,0 +1,21 @@
+module CanCan
+  module ControllerResourceNameFinder
+    protected
+
+    def name_from_controller
+      @params[:controller].split('/').last.singularize
+    end
+
+    def namespaced_name
+      [namespace, name].join('/').singularize.camelize.safe_constantize || name
+    end
+
+    def name
+      @name || name_from_controller
+    end
+
+    def namespace
+      @params[:controller].split('/')[0..-2]
+    end
+  end
+end

data/lib/cancan/controller_resource_sanitizer.rb

@@ -0,0 +1,30 @@
+module CanCan
+  module ControllerResourceSanitizer
+    protected
+
+    def sanitize_parameters
+      case params_method
+      when Symbol
+        @controller.send(params_method)
+      when String
+        @controller.instance_eval(params_method)
+      when Proc
+        params_method.call(@controller)
+      end
+    end
+
+    def params_methods
+      methods = ["#{@params[:action]}_params".to_sym, "#{name}_params".to_sym, :resource_params]
+      methods.unshift(@options[:param_method]) if @options[:param_method].present?
+      methods
+    end
+
+    def params_method
+      params_methods.each do |method|
+        return method if (method.is_a?(Symbol) && @controller.respond_to?(method, true)) ||
+                         method.is_a?(String) || method.is_a?(Proc)
+      end
+      nil
+    end
+  end
+end

data/lib/cancan/model_adapters/active_record_adapter.rb

@@ -1,6 +1,9 @@
+require_relative 'can_can/model_adapters/active_record_adapter/joins.rb'
 module CanCan
   module ModelAdapters
     module ActiveRecordAdapter
+      include CanCan::ModelAdapters::ActiveRecordAdapter::Joins
+
       # Returns conditions intended to be used inside a database query. Normally you will not call this
       # method directly, but instead go through ModelAdditions#accessible_by.
       #
@@ -21,54 +24,51 @@ module CanCan
           # Return the conditions directly if there's just one definition
           tableized_conditions(@rules.first.conditions).dup
         else
-          @rules.reverse.inject(false_sql) do |sql, rule|
-            merge_conditions(sql, tableized_conditions(rule.conditions).dup, rule.base_behavior)
-          end
+          extract_multiple_conditions
+        end
+      end
+
+      def extract_multiple_conditions
+        @rules.reverse.inject(false_sql) do |sql, rule|
+          merge_conditions(sql, tableized_conditions(rule.conditions).dup, rule.base_behavior)
         end
       end
 
       def tableized_conditions(conditions, model_class = @model_class)
         return conditions unless conditions.is_a? Hash
         conditions.each_with_object({}) do |(name, value), result_hash|
-          if value.is_a? Hash
-            value = value.dup
-            association_class = model_class.reflect_on_association(name).klass.name.constantize
-            nested_resulted = value.each_with_object({}) do |(k, v), nested|
-              if v.is_a? Hash
-                value.delete(k)
-                nested[k] = v
-              else
-                result_hash[model_class.reflect_on_association(name).table_name.to_sym] = value
-              end
-              nested
-            end
-            result_hash.merge!(tableized_conditions(nested_resulted, association_class))
-          else
-            result_hash[name] = value
-          end
-          result_hash
+          calculate_result_hash(model_class, name, result_hash, value)
         end
       end
 
-      # Returns the associations used in conditions for the :joins option of a search.
-      # See ModelAdditions#accessible_by
-      def joins
-        joins_hash = {}
-        @rules.each do |rule|
-          merge_joins(joins_hash, rule.associations_hash)
+      def calculate_result_hash(model_class, name, result_hash, value)
+        if value.is_a? Hash
+          association_class = model_class.reflect_on_association(name).klass.name.constantize
+          nested_resulted = calculate_nested(model_class, name, result_hash, value.dup)
+          result_hash.merge!(tableized_conditions(nested_resulted, association_class))
+        else
+          result_hash[name] = value
+        end
+        result_hash
+      end
+
+      def calculate_nested(model_class, name, result_hash, value)
+        value.each_with_object({}) do |(k, v), nested|
+          if v.is_a? Hash
+            value.delete(k)
+            nested[k] = v
+          else
+            result_hash[model_class.reflect_on_association(name).table_name.to_sym] = value
+          end
+          nested
         end
-        clean_joins(joins_hash) unless joins_hash.empty?
       end
 
       def database_records
         if override_scope
           @model_class.where(nil).merge(override_scope)
         elsif @model_class.respond_to?(:where) && @model_class.respond_to?(:joins)
-          if mergeable_conditions?
-            build_relation(conditions)
-          else
-            build_relation(*@rules.map(&:conditions))
-          end
+          mergeable_conditions? ? build_relation(conditions) : build_relation(*@rules.map(&:conditions))
         else
           @model_class.all(conditions: conditions, joins: joins)
         end
@@ -82,30 +82,35 @@ module CanCan
 
       def override_scope
         conditions = @rules.map(&:conditions).compact
-        return unless defined?(ActiveRecord::Relation) && conditions.any? { |c| c.is_a?(ActiveRecord::Relation) }
-        if conditions.size == 1
-          conditions.first
-        else
-          rule_found = @rules.detect { |rule| rule.conditions.is_a?(ActiveRecord::Relation) }
-          raise Error,
-                'Unable to merge an Active Record scope with other conditions. '\
-                "Instead use a hash or SQL for #{rule_found.actions.first} #{rule_found.subjects.first} ability."
-        end
+        return unless conditions.any? { |c| c.is_a?(ActiveRecord::Relation) }
+        return conditions.first if conditions.size == 1
+        raise_override_scope_error
+      end
+
+      def raise_override_scope_error
+        rule_found = @rules.detect { |rule| rule.conditions.is_a?(ActiveRecord::Relation) }
+        raise Error,
+              'Unable to merge an Active Record scope with other conditions. '\
+              "Instead use a hash or SQL for #{rule_found.actions.first} #{rule_found.subjects.first} ability."
       end
 
       def merge_conditions(sql, conditions_hash, behavior)
         if conditions_hash.blank?
           behavior ? true_sql : false_sql
         else
-          conditions = sanitize_sql(conditions_hash)
-          case sql
-          when true_sql
-            behavior ? true_sql : "not (#{conditions})"
-          when false_sql
-            behavior ? conditions : false_sql
-          else
-            behavior ? "(#{conditions}) OR (#{sql})" : "not (#{conditions}) AND (#{sql})"
-          end
+          merge_non_empty_conditions(behavior, conditions_hash, sql)
+        end
+      end
+
+      def merge_non_empty_conditions(behavior, conditions_hash, sql)
+        conditions = sanitize_sql(conditions_hash)
+        case sql
+        when true_sql
+          behavior ? true_sql : "not (#{conditions})"
+        when false_sql
+          behavior ? conditions : false_sql
+        else
+          behavior ? "(#{conditions}) OR (#{sql})" : "not (#{conditions}) AND (#{sql})"
         end
       end
 
@@ -120,26 +125,6 @@ module CanCan
       def sanitize_sql(conditions)
         @model_class.send(:sanitize_sql, conditions)
       end
-
-      # Takes two hashes and does a deep merge.
-      def merge_joins(base, add)
-        add.each do |name, nested|
-          if base[name].is_a?(Hash)
-            merge_joins(base[name], nested) unless nested.empty?
-          else
-            base[name] = nested
-          end
-        end
-      end
-
-      # Removes empty hashes and moves everything into arrays.
-      def clean_joins(joins_hash)
-        joins = []
-        joins_hash.each do |name, nested|
-          joins << (nested.empty? ? name : { name => clean_joins(nested) })
-        end
-        joins
-      end
     end
   end
 end

data/lib/cancan/model_adapters/can_can/model_adapters/active_record_adapter/joins.rb

@@ -0,0 +1,39 @@
+module CanCan
+  module ModelAdapters
+    module ActiveRecordAdapter
+      module Joins
+        # Returns the associations used in conditions for the :joins option of a search.
+        # See ModelAdditions#accessible_by
+        def joins
+          joins_hash = {}
+          @rules.each do |rule|
+            merge_joins(joins_hash, rule.associations_hash)
+          end
+          clean_joins(joins_hash) unless joins_hash.empty?
+        end
+
+        private
+
+        # Removes empty hashes and moves everything into arrays.
+        def clean_joins(joins_hash)
+          joins = []
+          joins_hash.each do |name, nested|
+            joins << (nested.empty? ? name : { name => clean_joins(nested) })
+          end
+          joins
+        end
+
+        # Takes two hashes and does a deep merge.
+        def merge_joins(base, add)
+          add.each do |name, nested|
+            if base[name].is_a?(Hash)
+              merge_joins(base[name], nested) unless nested.empty?
+            else
+              base[name] = nested
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cancan/rule.rb

@@ -1,8 +1,10 @@
+require_relative 'conditions_matcher.rb'
 module CanCan
   # This class is used internally and should only be called through Ability.
   # it holds the information about a "can" call made on Ability and provides
   # helpful methods to determine permission checking and conditions hash generation.
   class Rule # :nodoc:
+    include ConditionsMatcher
     attr_reader :base_behavior, :subjects, :actions, :conditions
     attr_writer :expanded_actions
 
@@ -28,22 +30,6 @@ module CanCan
       @match_all || (matches_action?(action) && matches_subject?(subject))
     end
 
-    # Matches the block or conditions hash
-    def matches_conditions?(action, subject, extra_args)
-      if @match_all
-        call_block_with_all(action, subject, extra_args)
-      elsif @block && !subject_class?(subject)
-        @block.call(subject, *extra_args)
-      elsif @conditions.is_a?(Hash) && subject.class == Hash
-        nested_subject_matches_conditions?(subject)
-      elsif @conditions.is_a?(Hash) && !subject_class?(subject)
-        matches_conditions_hash?(subject)
-      else
-        # Don't stop at "cannot" definitions when there are conditions.
-        conditions_empty? ? true : @base_behavior
-      end
-    end
-
     def only_block?
       conditions_empty? && @block
     end
@@ -52,10 +38,6 @@ module CanCan
       @block.nil? && !conditions_empty? && !@conditions.is_a?(Hash)
     end
 
-    def conditions_empty?
-      @conditions == {} || @conditions.nil?
-    end
-
     def unmergeable?
       @conditions.respond_to?(:keys) && @conditions.present? &&
         (!@conditions.keys.first.is_a? Symbol)
@@ -83,11 +65,6 @@ module CanCan
 
     private
 
-    def subject_class?(subject)
-      klass = (subject.is_a?(Hash) ? subject.values.first : subject).class
-      klass == Class || klass == Module
-    end
-
     def matches_action?(action)
       @expanded_actions.include?(:manage) || @expanded_actions.include?(action)
     end
@@ -99,64 +76,8 @@ module CanCan
     def matches_subject_class?(subject)
       @subjects.any? do |sub|
         sub.is_a?(Module) && (subject.is_a?(sub) ||
-                                 subject.class.to_s == sub.to_s ||
-                                 (subject.is_a?(Module) && subject.ancestors.include?(sub)))
-      end
-    end
-
-    # Checks if the given subject matches the given conditions hash.
-    # This behavior can be overriden by a model adapter by defining two class methods:
-    # override_matching_for_conditions?(subject, conditions) and
-    # matches_conditions_hash?(subject, conditions)
-    def matches_conditions_hash?(subject, conditions = @conditions)
-      return true if conditions.empty?
-      adapter = model_adapter(subject)
-
-      if adapter.override_conditions_hash_matching?(subject, conditions)
-        return adapter.matches_conditions_hash?(subject, conditions)
-      end
-
-      conditions.all? do |name, value|
-        if adapter.override_condition_matching?(subject, name, value)
-          adapter.matches_condition?(subject, name, value)
-        else
-          condition_match?(subject.send(name), value)
-        end
-      end
-    end
-
-    def nested_subject_matches_conditions?(subject_hash)
-      parent, _child = subject_hash.first
-      matches_conditions_hash?(parent, @conditions[parent.class.name.downcase.to_sym] || {})
-    end
-
-    def call_block_with_all(action, subject, extra_args)
-      if subject.class == Class
-        @block.call(action, subject, nil, *extra_args)
-      else
-        @block.call(action, subject.class, subject, *extra_args)
-      end
-    end
-
-    def model_adapter(subject)
-      CanCan::ModelAdapters::AbstractAdapter.adapter_class(subject_class?(subject) ? subject : subject.class)
-    end
-
-    def condition_match?(attribute, value)
-      case value
-      when Hash       then hash_condition_match?(attribute, value)
-      when String     then attribute == value
-      when Range      then value.cover?(attribute)
-      when Enumerable then value.include?(attribute)
-      else attribute == value
-      end
-    end
-
-    def hash_condition_match?(attribute, value)
-      if attribute.is_a?(Array) || (defined?(ActiveRecord) && attribute.is_a?(ActiveRecord::Relation))
-        attribute.any? { |element| matches_conditions_hash?(element, value) }
-      else
-        attribute && matches_conditions_hash?(attribute, value)
+          subject.class.to_s == sub.to_s ||
+          (subject.is_a?(Module) && subject.ancestors.include?(sub)))
       end
     end
   end

data/lib/cancan/version.rb

@@ -1,3 +1,3 @@
 module CanCan
-  VERSION = '2.1.0'.freeze
+  VERSION = '2.1.1'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancancan
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Alessandro Rodi (Renuo AG)
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-10 00:00:00.000000000 Z
+date: 2017-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -112,13 +112,22 @@ files:
 - init.rb
 - lib/cancan.rb
 - lib/cancan/ability.rb
+- lib/cancan/ability/actions.rb
+- lib/cancan/ability/rules.rb
+- lib/cancan/conditions_matcher.rb
 - lib/cancan/controller_additions.rb
 - lib/cancan/controller_resource.rb
+- lib/cancan/controller_resource_builder.rb
+- lib/cancan/controller_resource_finder.rb
+- lib/cancan/controller_resource_loader.rb
+- lib/cancan/controller_resource_name_finder.rb
+- lib/cancan/controller_resource_sanitizer.rb
 - lib/cancan/exceptions.rb
 - lib/cancan/matchers.rb
 - lib/cancan/model_adapters/abstract_adapter.rb
 - lib/cancan/model_adapters/active_record_4_adapter.rb
 - lib/cancan/model_adapters/active_record_adapter.rb
+- lib/cancan/model_adapters/can_can/model_adapters/active_record_adapter/joins.rb
 - lib/cancan/model_adapters/default_adapter.rb
 - lib/cancan/model_additions.rb
 - lib/cancan/rule.rb