cancancan 1.13.1 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 59a95c6a9629c67f5004699cdbb205108d814ad5
-  data.tar.gz: 4f9cd96fcf1d2a3519b07605619240403b6b33eb
+  metadata.gz: 597f9c67d00dc9af7805456aca9464c41b795f42
+  data.tar.gz: e52df51e0f69a1f98509e7d8ae7ab8e14affb418
 SHA512:
-  metadata.gz: da1ce9db915cc5305d31d88c0c8f437088ceeab1f2b744a3a258923d59b6da743dd86a643a39c4602afe313c13cb39f1361d220144086a05913c41f5398428ed
-  data.tar.gz: 09c524f8d9928aa7029a9814fae9d45dcd8bf27ecf52f756cbafd02a716bc599f0ab12b4a3fdb37a71aa7ab5893b734b313989f1450a5d3792b77c9abdf7890a
+  metadata.gz: df305f2d2c391e2ce49bf98f0cdbe6b0cc0d96140467bb3efa66032ce61fe0ada2984ab94bfc956fbd5a8e3d1251ae7f64e3fe5773a815d172abb62f5f71db18
+  data.tar.gz: 33dcb0f4db08c07cf7e62103588177c628ddf7f8e219495b2e74bec94c9e2608c9b38daf2009626ef51aa77e97f6cdfc4c12d08a946f2c41d2b99e7385a8e7ea

data/.travis.yml

@@ -5,8 +5,7 @@ rvm:
   - 2.0.0
   - 2.1.0
   - 2.2.0
-  - jruby
-  - rbx
+  - jruby-9.0.5.0
 gemfile:
   - gemfiles/activerecord_3.2.gemfile
   - gemfiles/activerecord_4.0.gemfile
@@ -18,8 +17,6 @@ services:
   - mongodb
 matrix:
   fast_finish: true
-  allow_failures:
-    - rvm: rbx
   exclude:
     - rvm: 2.2.0
       gemfile: gemfiles/activerecord_3.2.gemfile

data/CHANGELOG.rdoc

@@ -2,6 +2,8 @@ Develop
 
 Unreleased
 
+* Add support for rails 4 enum's (markpmitchell)
+
 1.13.1 (Oct 8th, 2015)
 
 * Fix #merge with empty Ability (jhawthorn)

data/README.md

@@ -1,9 +1,9 @@
 # CanCanCan
 
 [![Gem Version](https://badge.fury.io/rb/cancancan.svg)](http://badge.fury.io/rb/cancancan)
-[![Travis badge](https://travis-ci.org/CanCanCommunity/cancancan.png?branch=master)](https://travis-ci.org/CanCanCommunity/cancancan)
-[![Code Climate Badge](https://codeclimate.com/github/CanCanCommunity/cancancan.png)](https://codeclimate.com/github/CanCanCommunity/cancancan)
-[![Inch CI](http://inch-ci.org/github/CanCanCommunity/cancancan.png)](http://inch-ci.org/github/CanCanCommunity/cancancan)
+[![Travis badge](https://travis-ci.org/CanCanCommunity/cancancan.svg?branch=develop)](https://travis-ci.org/CanCanCommunity/cancancan)
+[![Code Climate Badge](https://codeclimate.com/github/CanCanCommunity/cancancan.svg)](https://codeclimate.com/github/CanCanCommunity/cancancan)
+[![Inch CI](http://inch-ci.org/github/CanCanCommunity/cancancan.svg)](http://inch-ci.org/github/CanCanCommunity/cancancan)
 
 [Wiki](https://github.com/CanCanCommunity/cancancan/wiki) | [RDocs](http://rdoc.info/projects/CanCanCommunity/cancancan) | [Screencast](http://railscasts.com/episodes/192-authorization-with-cancan) | [IRC: #cancancan (freenode)](http://webchat.freenode.net/?channels=cancancan)
 
@@ -193,9 +193,12 @@ This will raise an exception if authorization is not performed in an action. If
 * [Changing Defaults](https://github.com/CanCanCommunity/cancancan/wiki/Changing-Defaults)
 * [See more](https://github.com/CanCanCommunity/cancancan/wiki)
 
-## Questions or Problems?
+## Questions?
+If you have any question or doubt regarding CanCanCan which you cannot find the solution to in the [documentation](https://github.com/CanCanCommunity/cancancan/wiki) or our [mailing list](http://groups.google.com/group/cancancan), please [open a question on Stackoverflow](http://stackoverflow.com/questions/ask?tags=cancancan) with tag [cancancan](http://stackoverflow.com/questions/tagged/cancancan)
 
-If you have any issues with CanCan which you cannot find the solution to in the [documentation](https://github.com/CanCanCommunity/cancancan/wiki) or our mailing list: http://groups.google.com/group/cancancan, please add an [issue on GitHub](https://github.com/CanCanCommunity/cancancan/issues) or fork the project and send a pull request.
+## Bugs?
+
+If you find a bug please add an [issue on GitHub](https://github.com/CanCanCommunity/cancancan/issues) or fork the project and send a pull request.
 
 
 ## Development

data/lib/cancan/ability.rb

@@ -61,14 +61,11 @@ module CanCan
     #
     # Also see the RSpec Matchers to aid in testing.
     def can?(action, subject, *extra_args)
-      subject = extract_subjects(subject)
-
-      match = subject.map do |subject|
-        relevant_rules_for_match(action, subject).detect do |rule|
-          rule.matches_conditions?(action, subject, extra_args)
+      match = extract_subjects(subject).lazy.map do |a_subject|
+        relevant_rules_for_match(action, a_subject).detect do |rule|
+          rule.matches_conditions?(action, a_subject, extra_args)
         end
-      end.compact.first
-
+      end.reject(&:nil?).first
       match ? match.base_behavior : false
     end
     # Convenience method which works the same as "can?" but returns the opposite value.
@@ -322,7 +319,7 @@ module CanCan
 
     # It translates to an array the subject or the hash with multiple subjects given to can?.
     def extract_subjects(subject)
-      subject = if subject.kind_of?(Hash) && subject.key?(:any)
+      if subject.kind_of?(Hash) && subject.key?(:any)
         subject[:any]
       else
         [subject]
@@ -369,9 +366,24 @@ module CanCan
         rule.relevant? action, subject
       end
       relevant.reverse!.uniq!
+      optimize_order! relevant
       relevant
     end
 
+    # Optimizes the order of the rules, so that rules with the :all subject are evaluated first.
+    def optimize_order!(rules)
+      first_can_in_group = -1
+      rules.each_with_index do |rule, i|
+        (first_can_in_group = -1) and next unless rule.base_behavior
+        (first_can_in_group = i) and next if first_can_in_group == -1
+        if rule.subjects == [:all]
+          rules[i] = rules[first_can_in_group]
+          rules[first_can_in_group] = rule
+          first_can_in_group += 1
+        end
+      end
+    end
+
     def possible_relevant_rules(subject)
       if subject.is_a?(Hash)
         rules

data/lib/cancan/controller_resource.rb

@@ -262,9 +262,7 @@ module CanCan
     end
 
     def namespaced_name
-      [namespace, name.camelize].flatten.map(&:camelize).join('::').singularize.constantize
-    rescue NameError
-      name
+      ([namespace, name] * '/').singularize.camelize.safe_constantize || name
     end
 
     def name_from_controller

data/lib/cancan/model_adapters/active_record_4_adapter.rb

@@ -18,6 +18,23 @@ module CanCan
         relation
       end
 
+      def self.override_condition_matching?(subject, name, value)
+        # ActiveRecord introduced enums in version 4.1.
+        ActiveRecord::VERSION::MINOR >= 1 &&
+          subject.class.defined_enums.include?(name.to_s)
+      end
+
+      def self.matches_condition?(subject, name, value)
+        # Get the mapping from enum strings to values.
+        enum = subject.class.send(name.to_s.pluralize)
+        # Get the value of the attribute as an integer.
+        attribute = enum[subject.send(name)]
+        # Check to see if the value matches the condition.
+        value.is_a?(Enumerable) ? 
+          (value.include? attribute) :
+          attribute == value
+      end
+
       # Rails 4.2 deprecates `sanitize_sql_hash_for_conditions`
       def sanitize_sql(conditions)
         if ActiveRecord::VERSION::MINOR >= 2 && Hash === conditions

data/lib/cancan/model_adapters/mongoid_adapter.rb

@@ -35,15 +35,36 @@ module CanCan
 
           rules.inject(@model_class.all) do |records, rule|
             if process_can_rules && rule.base_behavior
-              records.or rule.conditions
+              records.or simplify_relations(@model_class, rule.conditions)
             elsif !rule.base_behavior
-              records.excludes rule.conditions
+              records.excludes simplify_relations(@model_class, rule.conditions)
             else
               records
             end
           end
         end
       end
+
+      private
+      # Look for criteria on relations and replace with simple id queries
+      # eg.
+      # {user: {:tags.all => []}} becomes {"user_id" => {"$in" => [__, ..]}}
+      # {user: {:session => {:tags.all => []}}} becomes {"user_id" => {"session_id" => {"$in" => [__, ..]} }}
+      def simplify_relations model_class, conditions
+        model_relations = model_class.relations.with_indifferent_access
+        Hash[
+          conditions.map {|k,v|
+            if relation = model_relations[k]
+              relation_class_name = relation[:class_name].blank? ? k.to_s.classify : relation[:class_name]
+              v = simplify_relations(relation_class_name.constantize, v)
+              relation_ids = relation_class_name.constantize.where(v).only(:id).map(&:id)
+              k = "#{k}_id"
+              v = { "$in" => relation_ids }
+            end
+            [k,v]
+          }
+        ]
+      end
     end
   end
 end

data/lib/cancan/rule.rb

@@ -112,15 +112,15 @@ module CanCan
 
       conditions.all? do |name, value|
         if adapter.override_condition_matching?(subject, name, value)
-          return adapter.matches_condition?(subject, name, value)
+          adapter.matches_condition?(subject, name, value)
+        else
+          condition_match?(subject.send(name), value)
         end
-
-        condition_match?(subject.send(name), value)
       end
     end
 
     def nested_subject_matches_conditions?(subject_hash)
-      parent, child = subject_hash.first
+      parent, _child = subject_hash.first
       matches_conditions_hash?(parent, @conditions[parent.class.name.downcase.to_sym] || {})
     end
 
@@ -140,6 +140,7 @@ module CanCan
       case value
       when Hash       then hash_condition_match?(attribute, value)
       when String     then attribute == value
+      when Range      then value.cover?(attribute)
       when Enumerable then value.include?(attribute)
       else attribute == value
       end

data/lib/cancan/version.rb

@@ -1,3 +1,3 @@
 module CanCan
-  VERSION = "1.13.1"
+  VERSION = "1.14.0"
 end

data/spec/README.rdoc

@@ -16,7 +16,7 @@ You can then run all test sets:
 
 Or individual ones:
 
-  appraisal rails_3.0 rake
+  appraisal activerecord_3.2 rake
 
 A list of the tests is in the +Appraisal+ file.
 

data/spec/cancan/ability_spec.rb

@@ -52,6 +52,22 @@ describe CanCan::Ability do
     expect(@ability.can?(:read, 6)).to be(true)
   end
 
+  it "performs can(_, :all) before other checks when can(_, :all) is defined before" do
+    @ability.can :manage, :all
+    @ability.can :edit, String do |_string|
+      fail 'Performed a check for :edit before the check for :all'
+    end
+    expect { @ability.can? :edit, 'a' }.to_not raise_exception
+  end
+
+  it "performs can(_, :all) before other checks when can(_, :all) is defined after" do
+    @ability.can :edit, String do |_string|
+      fail 'Performed a check for :edit before the check for :all'
+    end
+    @ability.can :manage, :all
+    expect { @ability.can? :edit, 'a' }.to_not raise_exception
+  end
+
   it "does not pass class with object if :all objects are accepted" do
     @ability.can :preview, :all do |object|
       expect(object).to eq(123)
@@ -294,6 +310,13 @@ describe CanCan::Ability do
     expect(@ability.can?(:read, 4..40)).to be(false)
   end
 
+  it "allows a range of time in conditions hash" do
+    @ability.can :read, Range, :begin => 1.day.from_now..3.days.from_now
+    expect(@ability.can?(:read, 1.day.from_now..10.days.from_now)).to be(true)
+    expect(@ability.can?(:read, 2.days.from_now..20.days.from_now)).to be(true)
+    expect(@ability.can?(:read, 4.days.from_now..40.days.from_now)).to be(false)
+  end
+
   it "allows nested hashes in conditions hash" do
     @ability.can :read, Range, :begin => { :to_i => 5 }
     expect(@ability.can?(:read, 5..7)).to be(true)

data/spec/cancan/controller_resource_spec.rb

@@ -501,6 +501,17 @@ describe CanCan::ControllerResource do
     end
   end
 
+  context 'when @name passed as symbol' do
+    it 'returns namespaced #resource_class' do
+      module Admin; end
+      class Admin::Dashboard; end;
+      params.merge!(:controller => "admin/dashboard")
+      resource = CanCan::ControllerResource.new(controller, :dashboard)
+
+      expect(resource.send(:resource_class)).to eq Admin::Dashboard
+    end
+  end
+
   it "calls the santitizer when the parameter hash matches our object" do
     params.merge!(:action => 'create', :model => { :name => 'test' })
     allow(controller).to receive(:create_params).and_return({})

data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb

@@ -37,6 +37,75 @@ if defined? CanCan::ModelAdapters::ActiveRecord4Adapter
 
         expect(Parent.accessible_by(@ability).order(:created_at => :asc).includes(:children).first.children).to eq [child2, child1]
       end
+
+      if ActiveRecord::VERSION::MINOR >= 1
+        it "allows filters on enums" do
+          ActiveRecord::Schema.define do
+            create_table(:shapes) do |t|
+              t.integer :color, default: 0, null: false
+            end
+          end
+
+          class Shape < ActiveRecord::Base
+            enum color: [:red, :green, :blue]
+          end
+
+          red = Shape.create!(color: :red)
+          green = Shape.create!(color: :green)
+          blue = Shape.create!(color: :blue)
+
+          # A condition with a single value.
+          @ability.can :read, Shape, color: Shape.colors[:green]
+
+          expect(@ability.cannot? :read, red).to be true
+          expect(@ability.can? :read, green).to be true
+          expect(@ability.cannot? :read, blue).to be true
+
+          accessible = Shape.accessible_by(@ability)
+          expect(accessible).to contain_exactly(green)
+
+          # A condition with multiple values.
+          @ability.can :update, Shape, color: [Shape.colors[:red],
+                                               Shape.colors[:blue]]
+
+          expect(@ability.can? :update, red).to be true
+          expect(@ability.cannot? :update, green).to be true
+          expect(@ability.can? :update, blue).to be true
+
+          accessible = Shape.accessible_by(@ability, :update)
+          expect(accessible).to contain_exactly(red, blue)
+        end
+
+        it "allows dual filter on enums" do
+          ActiveRecord::Schema.define do
+            create_table(:discs) do |t|
+              t.integer :color, default: 0, null: false
+              t.integer :shape, default: 3, null: false
+            end
+          end
+
+          class Disc < ActiveRecord::Base
+            enum color: [:red, :green, :blue]
+            enum shape: { triangle: 3, rectangle: 4 }
+          end
+
+          red_triangle = Disc.create!(color: Disc.colors[:red], shape: Disc.shapes[:triangle])
+          green_triangle = Disc.create!(color: Disc.colors[:green], shape: Disc.shapes[:triangle])
+          green_rectangle = Disc.create!(color: Disc.colors[:green], shape: Disc.shapes[:rectangle])
+          blue_rectangle = Disc.create!(color: Disc.colors[:blue], shape: Disc.shapes[:rectangle])
+
+          # A condition with a dual filter.
+          @ability.can :read, Disc, color: Disc.colors[:green], shape: Disc.shapes[:rectangle]
+
+          expect(@ability.cannot? :read, red_triangle).to be true
+          expect(@ability.cannot? :read, green_triangle).to be true
+          expect(@ability.can? :read, green_rectangle).to be true
+          expect(@ability.cannot? :read, blue_rectangle).to be true
+
+          accessible = Disc.accessible_by(@ability)
+          expect(accessible).to contain_exactly(green_rectangle)
+        end
+      end
     end
 
     if Gem::Specification.find_all_by_name('pg').any?

data/spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -380,5 +380,26 @@ if defined? CanCan::ModelAdapters::ActiveRecordAdapter
         expect(Namespace::TableX.accessible_by(ability)).to eq([table_x])
       end
     end
+
+    context 'when conditions are non iterable ranges' do
+      before :each do
+        ActiveRecord::Schema.define do
+          create_table( :courses ) do |t|
+            t.datetime :start_at
+          end
+        end
+
+        class Course < ActiveRecord::Base
+        end
+      end
+
+      it 'fetches only the valid records' do
+        @ability.can :read, Course, :start_at => 1.day.ago..1.day.from_now
+        Course.create!(:start_at => 10.days.ago)
+        valid_course = Course.create!(:start_at => Time.now)
+
+        expect(Course.accessible_by(@ability)).to eq([valid_course])
+      end
+    end
   end
 end

data/spec/cancan/model_adapters/mongoid_adapter_spec.rb

@@ -12,6 +12,13 @@ if defined? CanCan::ModelAdapters::MongoidAdapter
     include Mongoid::Document
 
     referenced_in :mongoid_category
+    references_many :mongoid_sub_projects
+  end
+
+  class MongoidSubProject
+    include Mongoid::Document
+
+    referenced_in :mongoid_project
   end
 
   Mongoid.configure do |config|
@@ -222,6 +229,19 @@ if defined? CanCan::ModelAdapters::MongoidAdapter
           MongoidProject.accessible_by(@ability)
         }.to raise_error(CanCan::Error)
       end
+
+      it "can handle nested queries for accessible_by" do
+        @ability.can :read, MongoidSubProject, {:mongoid_project => {:mongoid_category => { :name => 'Authorization'}}}
+        cat1 = MongoidCategory.create name: 'Authentication'
+        cat2 = MongoidCategory.create name: 'Authorization'
+        proj1 = cat1.mongoid_projects.create name: 'Proj1'
+        proj2 = cat2.mongoid_projects.create name: 'Proj2'
+        sub1 = proj1.mongoid_sub_projects.create name: 'Sub1'
+        sub2 = proj2.mongoid_sub_projects.create name: 'Sub2'
+        expect(MongoidSubProject.accessible_by(@ability)).to match_array([sub1])
+      end
+
+
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancancan
 version: !ruby/object:Gem::Version
-  version: 1.13.1
+  version: 1.14.0
 platform: ruby
 authors:
 - Bryan Rite
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-08 00:00:00.000000000 Z
+date: 2016-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.3
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Simple authorization solution for Rails.