cancancan 1.10.1 → 1.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +7 -0
- data/CHANGELOG.rdoc +3 -0
- data/README.md +6 -15
- data/cancancan.gemspec +1 -0
- data/lib/cancan/controller_resource.rb +17 -14
- data/lib/cancan/version.rb +1 -1
- data/spec/cancan/controller_resource_spec.rb +10 -26
- data/spec/spec_helper.rb +1 -0
- metadata +17 -30
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 31c960036e585081371697da5c478888f7f5f03d
|
|
4
|
+
data.tar.gz: c0ecbe3789eae4ec649037153b750749bc5c6279
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3bf8dcc830c31f9b2b0658dd25f3995358d7ef2150a054a85646b766eb1e202c1c949a75ef618bdb0f772a8b5d9a10a3b35c9c392865092e1761f2a1693237cd
|
|
7
|
+
data.tar.gz: 7eebcdd0f7a211f958279848dde7a076f2a9c048f110096ecf939bd85731750dda57a5e6b50589fbe1c3708b107117f047049bdce651756955a23fad9a247c58
|
data/.travis.yml
CHANGED
|
@@ -4,6 +4,7 @@ rvm:
|
|
|
4
4
|
- 1.9.3
|
|
5
5
|
- 2.0.0
|
|
6
6
|
- 2.1.0
|
|
7
|
+
- 2.2.0
|
|
7
8
|
- ree
|
|
8
9
|
- jruby
|
|
9
10
|
- rbx
|
|
@@ -37,6 +38,12 @@ matrix:
|
|
|
37
38
|
gemfile: gemfiles/activerecord_4.1.gemfile
|
|
38
39
|
- rvm: 1.9.2
|
|
39
40
|
gemfile: gemfiles/activerecord_4.2.gemfile
|
|
41
|
+
- rvm: 2.2.0
|
|
42
|
+
gemfile: gemfiles/activerecord_3.0.gemfile
|
|
43
|
+
- rvm: 2.2.0
|
|
44
|
+
gemfile: gemfiles/activerecord_3.1.gemfile
|
|
45
|
+
- rvm: 2.2.0
|
|
46
|
+
gemfile: gemfiles/activerecord_3.2.gemfile
|
|
40
47
|
- rvm: ree
|
|
41
48
|
gemfile: gemfiles/activerecord_4.0.gemfile
|
|
42
49
|
- rvm: ree
|
data/CHANGELOG.rdoc
CHANGED
data/README.md
CHANGED
|
@@ -5,11 +5,10 @@
|
|
|
5
5
|
[](https://codeclimate.com/github/CanCanCommunity/cancancan)
|
|
6
6
|
[](http://inch-ci.org/github/CanCanCommunity/cancancan)
|
|
7
7
|
|
|
8
|
-
[Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | [RDocs](http://rdoc.info/projects/CanCanCommunity/
|
|
8
|
+
[Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | [RDocs](http://rdoc.info/projects/CanCanCommunity/cancancan) | [Screencast](http://railscasts.com/episodes/192-authorization-with-cancan)
|
|
9
9
|
|
|
10
10
|
CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the `Ability` class) and not duplicated across controllers, views, and database queries.
|
|
11
11
|
|
|
12
|
-
|
|
13
12
|
## Mission
|
|
14
13
|
|
|
15
14
|
This repo is a continuation of the dead [CanCan](https://github.com/ryanb/cancan) project. Our mission is to keep CanCan alive and moving forward, with maintenance fixes and new features. Pull Requests are welcome!
|
|
@@ -25,14 +24,6 @@ In **Rails 3 and 4**, add this to your Gemfile and run the `bundle install` comm
|
|
|
25
24
|
|
|
26
25
|
gem 'cancancan', '~> 1.10'
|
|
27
26
|
|
|
28
|
-
In **Rails 2**, add this to your environment.rb file.
|
|
29
|
-
|
|
30
|
-
config.gem "cancancan"
|
|
31
|
-
|
|
32
|
-
Alternatively, you can install it as a plugin.
|
|
33
|
-
|
|
34
|
-
rails plugin install git://github.com/CanCanCommunity/cancancan.git
|
|
35
|
-
|
|
36
27
|
## Getting Started
|
|
37
28
|
|
|
38
29
|
CanCanCan expects a `current_user` method to exist in the controller. First, set up some authentication (such as [Authlogic](https://github.com/binarylogic/authlogic) or [Devise](https://github.com/plataformatec/devise)). See [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/changing-defaults) if you need different behavior.
|
|
@@ -100,9 +91,9 @@ When using `strong_parameters` or Rails 4+, you have to sanitize inputs before s
|
|
|
100
91
|
|
|
101
92
|
By default, CanCan will try to sanitize the input on `:create` and `:update` routes by seeing if your controller will respond to the following methods (in order):
|
|
102
93
|
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
94
|
+
1. `create_params` or `update_params` (depending on the action you are performing)
|
|
95
|
+
2. `<model_name>_params` such as `article_params` (this is the default convention in rails for naming your param method)
|
|
96
|
+
3. `resource_params` (a generically named method you could specify in each controller)
|
|
106
97
|
|
|
107
98
|
Additionally, `load_and_authorize_resource` can now take a `param_method` option to specify a custom method in the controller to run to sanitize input.
|
|
108
99
|
|
|
@@ -163,7 +154,7 @@ class ApplicationController < ActionController::Base
|
|
|
163
154
|
end
|
|
164
155
|
```
|
|
165
156
|
|
|
166
|
-
This will raise an exception if authorization is not performed in an action. If you want to skip this add `skip_authorization_check` to a controller subclass. See [Ensure Authorization](https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization) for more information.
|
|
157
|
+
This will raise an exception if authorization is not performed in an action. If you want to skip this, add `skip_authorization_check` to a controller subclass. See [Ensure Authorization](https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization) for more information.
|
|
167
158
|
|
|
168
159
|
|
|
169
160
|
## Wiki Docs
|
|
@@ -183,7 +174,7 @@ If you have any issues with CanCan which you cannot find the solution to in the
|
|
|
183
174
|
|
|
184
175
|
## Development
|
|
185
176
|
|
|
186
|
-
Cancancan uses [appraisals](https://github.com/thoughtbot/appraisal) to test the code base against multiple versions of
|
|
177
|
+
Cancancan uses [appraisals](https://github.com/thoughtbot/appraisal) to test the code base against multiple versions of Rails, as well as the different model adapters.
|
|
187
178
|
|
|
188
179
|
When first developing, you may need to run `bundle install` and then `appraisal install`, to install the different sets.
|
|
189
180
|
|
data/cancancan.gemspec
CHANGED
|
@@ -26,6 +26,7 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
s.add_development_dependency 'rake', '~> 10.1.1'
|
|
27
27
|
s.add_development_dependency 'rspec', '~> 3.0.0'
|
|
28
28
|
s.add_development_dependency 'appraisal', '>= 1.0.0'
|
|
29
|
+
s.add_development_dependency 'pry', '~> 0.10.0'
|
|
29
30
|
|
|
30
31
|
s.rubyforge_project = s.name
|
|
31
32
|
end
|
|
@@ -46,17 +46,12 @@ module CanCan
|
|
|
46
46
|
@options.has_key?(:parent) ? @options[:parent] : @name && @name != name_from_controller.to_sym
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
def skip?(behavior)
|
|
50
|
-
options = @controller.class.cancan_skipper[behavior][@name]
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
elsif options[:except] && ![options[:except]].flatten.include?(@params[:action].to_sym)
|
|
56
|
-
true
|
|
57
|
-
elsif [options[:only]].flatten.include?(@params[:action].to_sym)
|
|
58
|
-
true
|
|
59
|
-
end
|
|
49
|
+
def skip?(behavior)
|
|
50
|
+
return false unless options = @controller.class.cancan_skipper[behavior][@name]
|
|
51
|
+
|
|
52
|
+
options == {} ||
|
|
53
|
+
options[:except] && !action_exists_in?(options[:except]) ||
|
|
54
|
+
action_exists_in?(options[:only])
|
|
60
55
|
end
|
|
61
56
|
|
|
62
57
|
protected
|
|
@@ -123,7 +118,11 @@ module CanCan
|
|
|
123
118
|
end
|
|
124
119
|
|
|
125
120
|
def authorization_action
|
|
126
|
-
parent? ?
|
|
121
|
+
parent? ? parent_authorization_action : @params[:action].to_sym
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def parent_authorization_action
|
|
125
|
+
@options[:parent_action] || :show
|
|
127
126
|
end
|
|
128
127
|
|
|
129
128
|
def id_param
|
|
@@ -259,7 +258,7 @@ module CanCan
|
|
|
259
258
|
end
|
|
260
259
|
|
|
261
260
|
def namespace
|
|
262
|
-
@params[:controller].split(
|
|
261
|
+
@params[:controller].split('/')[0..-2]
|
|
263
262
|
end
|
|
264
263
|
|
|
265
264
|
def namespaced_name
|
|
@@ -269,7 +268,7 @@ module CanCan
|
|
|
269
268
|
end
|
|
270
269
|
|
|
271
270
|
def name_from_controller
|
|
272
|
-
@params[:controller].
|
|
271
|
+
@params[:controller].split('/').last.singularize
|
|
273
272
|
end
|
|
274
273
|
|
|
275
274
|
def instance_name
|
|
@@ -290,6 +289,10 @@ module CanCan
|
|
|
290
289
|
|
|
291
290
|
private
|
|
292
291
|
|
|
292
|
+
def action_exists_in?(options)
|
|
293
|
+
Array(options).include?(@params[:action].to_sym)
|
|
294
|
+
end
|
|
295
|
+
|
|
293
296
|
def extract_key(value)
|
|
294
297
|
value.to_s.underscore.gsub('/', '_')
|
|
295
298
|
end
|
data/lib/cancan/version.rb
CHANGED
|
@@ -72,7 +72,7 @@ describe CanCan::ControllerResource do
|
|
|
72
72
|
class Model < ::Model; end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
params.merge!(:controller => "
|
|
75
|
+
params.merge!(:controller => "my_engine/models", :my_engine_model => {:name => "foobar"})
|
|
76
76
|
resource = CanCan::ControllerResource.new(controller)
|
|
77
77
|
resource.load_resource
|
|
78
78
|
expect(controller.instance_variable_get(:@model).name).to eq("foobar")
|
|
@@ -97,7 +97,7 @@ describe CanCan::ControllerResource do
|
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
it "builds a new resource for namespaced controller and namespaced model with hash if params[:id] is not specified" do
|
|
100
|
-
params.merge!(:controller => "
|
|
100
|
+
params.merge!(:controller => "admin/sub_models", 'sub_model' => {:name => "foobar"})
|
|
101
101
|
resource = CanCan::ControllerResource.new(controller, :class => Model)
|
|
102
102
|
resource.load_resource
|
|
103
103
|
expect(controller.instance_variable_get(:@sub_model).name).to eq("foobar")
|
|
@@ -231,6 +231,14 @@ describe CanCan::ControllerResource do
|
|
|
231
231
|
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
232
232
|
end
|
|
233
233
|
|
|
234
|
+
it "authorizes with :custom_action for parent collection action" do
|
|
235
|
+
controller.instance_variable_set(:@category, :some_category)
|
|
236
|
+
allow(controller).to receive(:authorize!).with(:custom_action, :some_category) { raise CanCan::AccessDenied }
|
|
237
|
+
|
|
238
|
+
resource = CanCan::ControllerResource.new(controller, :category, :parent => true, :parent_action => :custom_action )
|
|
239
|
+
expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
|
|
240
|
+
end
|
|
241
|
+
|
|
234
242
|
it "has the specified nested resource_class when using / for namespace" do
|
|
235
243
|
module Admin
|
|
236
244
|
class Dashboard; end
|
|
@@ -307,30 +315,6 @@ describe CanCan::ControllerResource do
|
|
|
307
315
|
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
308
316
|
end
|
|
309
317
|
|
|
310
|
-
it "attempts to load a resource with the same namespace as the controller when using :: for namespace" do
|
|
311
|
-
module MyEngine
|
|
312
|
-
class Model < ::Model; end
|
|
313
|
-
end
|
|
314
|
-
|
|
315
|
-
model = MyEngine::Model.new
|
|
316
|
-
allow(MyEngine::Model).to receive(:find).with("123") { model }
|
|
317
|
-
|
|
318
|
-
params.merge!(:controller => "MyEngine::ModelsController")
|
|
319
|
-
resource = CanCan::ControllerResource.new(controller)
|
|
320
|
-
resource.load_resource
|
|
321
|
-
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
322
|
-
end
|
|
323
|
-
|
|
324
|
-
it "loads resource for namespaced controller when using '::' for namespace" do
|
|
325
|
-
model = Model.new
|
|
326
|
-
allow(Model).to receive(:find).with("123") { model }
|
|
327
|
-
|
|
328
|
-
params.merge!(:controller => "Admin::ModelsController")
|
|
329
|
-
resource = CanCan::ControllerResource.new(controller)
|
|
330
|
-
resource.load_resource
|
|
331
|
-
expect(controller.instance_variable_get(:@model)).to eq(model)
|
|
332
|
-
end
|
|
333
|
-
|
|
334
318
|
it "performs authorization using controller action and loaded model" do
|
|
335
319
|
controller.instance_variable_set(:@model, :some_model)
|
|
336
320
|
allow(controller).to receive(:authorize!).with(:show, :some_model) { raise CanCan::AccessDenied }
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cancancan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bryan Rite
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-06-16 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -67,6 +67,20 @@ dependencies:
|
|
|
67
67
|
- - ">="
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
69
|
version: 1.0.0
|
|
70
|
+
- !ruby/object:Gem::Dependency
|
|
71
|
+
name: pry
|
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
|
73
|
+
requirements:
|
|
74
|
+
- - "~>"
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: 0.10.0
|
|
77
|
+
type: :development
|
|
78
|
+
prerelease: false
|
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
80
|
+
requirements:
|
|
81
|
+
- - "~>"
|
|
82
|
+
- !ruby/object:Gem::Version
|
|
83
|
+
version: 0.10.0
|
|
70
84
|
description: Continuation of the simple authorization solution for Rails which is
|
|
71
85
|
decoupled from user roles. All permissions are stored in a single location.
|
|
72
86
|
email: bryan@bryanrite.com
|
|
@@ -155,36 +169,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
155
169
|
version: 1.3.4
|
|
156
170
|
requirements: []
|
|
157
171
|
rubyforge_project: cancancan
|
|
158
|
-
rubygems_version: 2.4.
|
|
172
|
+
rubygems_version: 2.4.5
|
|
159
173
|
signing_key:
|
|
160
174
|
specification_version: 4
|
|
161
175
|
summary: Simple authorization solution for Rails.
|
|
162
176
|
test_files:
|
|
163
177
|
- Appraisals
|
|
164
|
-
- gemfiles/activerecord_3.0.gemfile
|
|
165
|
-
- gemfiles/activerecord_3.1.gemfile
|
|
166
|
-
- gemfiles/activerecord_3.2.gemfile
|
|
167
|
-
- gemfiles/activerecord_4.0.gemfile
|
|
168
|
-
- gemfiles/activerecord_4.1.gemfile
|
|
169
|
-
- gemfiles/activerecord_4.2.gemfile
|
|
170
|
-
- gemfiles/datamapper_1.x.gemfile
|
|
171
|
-
- gemfiles/mongoid_2.x.gemfile
|
|
172
|
-
- gemfiles/sequel_3.x.gemfile
|
|
173
|
-
- spec/README.rdoc
|
|
174
|
-
- spec/cancan/ability_spec.rb
|
|
175
|
-
- spec/cancan/controller_additions_spec.rb
|
|
176
|
-
- spec/cancan/controller_resource_spec.rb
|
|
177
|
-
- spec/cancan/exceptions_spec.rb
|
|
178
|
-
- spec/cancan/inherited_resource_spec.rb
|
|
179
|
-
- spec/cancan/matchers_spec.rb
|
|
180
|
-
- spec/cancan/model_adapters/active_record_4_adapter_spec.rb
|
|
181
|
-
- spec/cancan/model_adapters/active_record_adapter_spec.rb
|
|
182
|
-
- spec/cancan/model_adapters/data_mapper_adapter_spec.rb
|
|
183
|
-
- spec/cancan/model_adapters/default_adapter_spec.rb
|
|
184
|
-
- spec/cancan/model_adapters/mongoid_adapter_spec.rb
|
|
185
|
-
- spec/cancan/model_adapters/sequel_adapter_spec.rb
|
|
186
|
-
- spec/cancan/rule_spec.rb
|
|
187
|
-
- spec/matchers.rb
|
|
188
|
-
- spec/spec.opts
|
|
189
|
-
- spec/spec_helper.rb
|
|
190
|
-
- spec/support/ability.rb
|