cancancan 2.1.4 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6cb217274c85fd48abb32dd84f46bd09e32189bb50e945eed2bc1bdc17311004
-  data.tar.gz: 04bf927a117ecefa9375e01f0e170b284103562b4da0a1d72b8b8a56adf4f702
+  metadata.gz: cd789707449c90277a31d5808e55c36140b88b3aa3c2b9035640d777220b2d27
+  data.tar.gz: 64fbbaa5657ae8b334e7096f33eb12b975a224ea7c516c0091d3d7ac94c0acbd
 SHA512:
-  metadata.gz: d470789a6f4ad54825af660f82888b17b00b60a12ee9caa8473a522ed2ddbdf745121bab1d1eb65fb28de4ba6771ae03994641e257d46933de0455211f6949c3
-  data.tar.gz: 5b6c1bdf71f64d07c77c8362c6d43ed5e869fc7e8fd58be9951e4c7dc6d4492a6713c8975fff3269baa7e79fd3f06094ee30d58f50c5ec134ef4e620052552ba
+  metadata.gz: 70ba8098042c7114a7cf419a892c12794089da88046873fb6abf1c45dac3854731adb860ff95d2556f7e9ffad4543b5f53dc05579defd5ff8273bcf51476e0ce
+  data.tar.gz: 5d390ebd7fa75ffbff3783502d6bf329d5949787b70ccd26559d40be4471c61efb8f4ea4adc2d53b6bac81f9e32e619d3569c268ff8a6277f16cab72ea162bf5

data/lib/cancan.rb

@@ -12,4 +12,5 @@ require 'cancan/model_adapters/default_adapter'
 if defined? ActiveRecord
   require 'cancan/model_adapters/active_record_adapter'
   require 'cancan/model_adapters/active_record_4_adapter'
+  require 'cancan/model_adapters/active_record_5_adapter'
 end

data/lib/cancan/ability.rb

@@ -173,7 +173,7 @@ module CanCan
       end
       if cannot?(action, subject, *args)
         message ||= unauthorized_message(action, subject)
-        raise AccessDenied.new(message, action, subject)
+        raise AccessDenied.new(message, action, subject, args)
       end
       subject
     end

data/lib/cancan/controller_additions.rb

@@ -384,14 +384,6 @@ module CanCan
   end
 end
 
-if defined? ActionController::Base
-  ActionController::Base.class_eval do
-    include CanCan::ControllerAdditions
-  end
-end
-
-if defined? ActionController::API
-  ActionController::API.class_eval do
-    include CanCan::ControllerAdditions
-  end
+ActiveSupport.on_load(:action_controller) do
+  include CanCan::ControllerAdditions
 end

data/lib/cancan/exceptions.rb

@@ -33,13 +33,14 @@ module CanCan
   # See ControllerAdditions#authorized! for more information on rescuing from this exception
   # and customizing the message using I18n.
   class AccessDenied < Error
-    attr_reader :action, :subject
+    attr_reader :action, :subject, :conditions
     attr_writer :default_message
 
-    def initialize(message = nil, action = nil, subject = nil)
+    def initialize(message = nil, action = nil, subject = nil, conditions = nil)
       @message = message
       @action = action
       @subject = subject
+      @conditions = conditions
       @default_message = I18n.t(:"unauthorized.default", default: 'You are not authorized to access this page.')
     end
 

data/lib/cancan/model_adapters/active_record_4_adapter.rb

@@ -3,7 +3,7 @@ module CanCan
     class ActiveRecord4Adapter < AbstractAdapter
       include ActiveRecordAdapter
       def self.for_class?(model_class)
-        model_class <= ActiveRecord::Base
+        ActiveRecord::VERSION::MAJOR == 4 && model_class <= ActiveRecord::Base
       end
 
       # TODO: this should be private
@@ -39,11 +39,8 @@ module CanCan
 
       # Rails 4.2 deprecates `sanitize_sql_hash_for_conditions`
       def sanitize_sql(conditions)
-        if ActiveRecord::VERSION::MAJOR > 4 && conditions.is_a?(Hash)
-          sanitize_sql_activerecord5(conditions)
-        elsif ActiveRecord::VERSION::MINOR >= 2 && conditions.is_a?(Hash)
+        if ActiveRecord::VERSION::MINOR >= 2 && conditions.is_a?(Hash)
           sanitize_sql_activerecord4(conditions)
-
         else
           @model_class.send(:sanitize_sql, conditions)
         end
@@ -59,21 +56,6 @@ module CanCan
           @model_class.send(:connection).visitor.compile b
         end.join(' AND ')
       end
-
-      def sanitize_sql_activerecord5(conditions)
-        table = @model_class.send(:arel_table)
-        table_metadata = ActiveRecord::TableMetadata.new(@model_class, table)
-        predicate_builder = ActiveRecord::PredicateBuilder.new(table_metadata)
-
-        conditions = predicate_builder.resolve_column_aliases(conditions)
-        conditions = @model_class.send(:expand_hash_conditions_for_aggregates, conditions)
-
-        conditions.stringify_keys!
-
-        predicate_builder.build_from_hash(conditions).map do |b|
-          @model_class.send(:connection).visitor.compile b
-        end.join(' AND ')
-      end
     end
   end
 end

data/lib/cancan/model_adapters/active_record_5_adapter.rb

@@ -0,0 +1,70 @@
+module CanCan
+  module ModelAdapters
+    class ActiveRecord5Adapter < ActiveRecord4Adapter
+      AbstractAdapter.inherited(self)
+
+      def self.for_class?(model_class)
+        ActiveRecord::VERSION::MAJOR == 5 && model_class <= ActiveRecord::Base
+      end
+
+      # rails 5 is capable of using strings in enum
+      # but often people use symbols in rules
+      def self.matches_condition?(subject, name, value)
+        return super if Array.wrap(value).all? { |x| x.is_a? Integer }
+
+        attribute = subject.send(name)
+        if value.is_a?(Enumerable)
+          value.map(&:to_s).include? attribute
+        else
+          attribute == value.to_s
+        end
+      end
+
+      private
+
+      # As of rails 4, `includes()` no longer causes active record to
+      # look inside the where clause to decide to outer join tables
+      # you're using in the where. Instead, `references()` is required
+      # in addition to `includes()` to force the outer join.
+      def build_relation(*where_conditions)
+        relation = @model_class.where(*where_conditions)
+        relation = relation.includes(joins).references(joins) if joins.present?
+        relation
+      end
+
+      # Rails 4.2 deprecates `sanitize_sql_hash_for_conditions`
+      def sanitize_sql(conditions)
+        if conditions.is_a?(Hash)
+          sanitize_sql_activerecord5(conditions)
+        else
+          @model_class.send(:sanitize_sql, conditions)
+        end
+      end
+
+      def sanitize_sql_activerecord5(conditions)
+        table = @model_class.send(:arel_table)
+        table_metadata = ActiveRecord::TableMetadata.new(@model_class, table)
+        predicate_builder = ActiveRecord::PredicateBuilder.new(table_metadata)
+
+        conditions = predicate_builder.resolve_column_aliases(conditions)
+
+        conditions.stringify_keys!
+
+        predicate_builder.build_from_hash(conditions).map do |b|
+          visit_nodes(b)
+        end.join(' AND ')
+      end
+
+      def visit_nodes(b)
+        # Rails 5.2 adds a BindParam node that prevents the visitor method from properly compiling the SQL query
+        if ActiveRecord::VERSION::MINOR >= 2
+          connection = @model_class.send(:connection)
+          collector = Arel::Collectors::SubstituteBinds.new(connection, Arel::Collectors::SQLString.new)
+          connection.visitor.accept(b, collector).value
+        else
+          @model_class.send(:connection).visitor.compile(b)
+        end
+      end
+    end
+  end
+end

data/lib/cancan/version.rb

@@ -1,3 +1,3 @@
 module CanCan
-  VERSION = '2.1.4'.freeze
+  VERSION = '2.2.0'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancancan
 version: !ruby/object:Gem::Version
-  version: 2.1.4
+  version: 2.2.0
 platform: ruby
 authors:
 - Alessandro Rodi (Renuo AG)
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-09 00:00:00.000000000 Z
+date: 2018-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -126,6 +126,7 @@ files:
 - lib/cancan/matchers.rb
 - lib/cancan/model_adapters/abstract_adapter.rb
 - lib/cancan/model_adapters/active_record_4_adapter.rb
+- lib/cancan/model_adapters/active_record_5_adapter.rb
 - lib/cancan/model_adapters/active_record_adapter.rb
 - lib/cancan/model_adapters/can_can/model_adapters/active_record_adapter/joins.rb
 - lib/cancan/model_adapters/default_adapter.rb