cancancan 2.2.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd789707449c90277a31d5808e55c36140b88b3aa3c2b9035640d777220b2d27
-  data.tar.gz: 64fbbaa5657ae8b334e7096f33eb12b975a224ea7c516c0091d3d7ac94c0acbd
+  metadata.gz: f63f1d6ab266068caab6e7baf2b628ae72a7e03a134116eda91473861b9df359
+  data.tar.gz: fbf6337f058ece9a2f01c990a55398489e0ea56888f0a5ce3b9f8d5e203c31ae
 SHA512:
-  metadata.gz: 70ba8098042c7114a7cf419a892c12794089da88046873fb6abf1c45dac3854731adb860ff95d2556f7e9ffad4543b5f53dc05579defd5ff8273bcf51476e0ce
-  data.tar.gz: 5d390ebd7fa75ffbff3783502d6bf329d5949787b70ccd26559d40be4471c61efb8f4ea4adc2d53b6bac81f9e32e619d3569c268ff8a6277f16cab72ea162bf5
+  metadata.gz: 24fcc98ce0592b263add65cf0bc75a7020d75777fea7c6902216f97bbc9c13a36b4d379194a142cd8a5e5a24dc1ae82c82a61d6d99143c30a9afe11133048528
+  data.tar.gz: 8873b440698a941314f67a748db86c2abe33e89417ae54d9f35769c29f904edc9eff5736d0bf55d53badc494b9bca9e0ac1761c1920067238628d23dc8e0c643

data/lib/cancan.rb

@@ -8,8 +8,10 @@ require 'cancan/exceptions'
 
 require 'cancan/model_adapters/abstract_adapter'
 require 'cancan/model_adapters/default_adapter'
+require 'cancan/rules_compressor'
 
 if defined? ActiveRecord
+  require 'cancan/model_adapters/conditions_extractor'
   require 'cancan/model_adapters/active_record_adapter'
   require 'cancan/model_adapters/active_record_4_adapter'
   require 'cancan/model_adapters/active_record_5_adapter'

data/lib/cancan/controller_additions.rb

@@ -384,6 +384,8 @@ module CanCan
   end
 end
 
-ActiveSupport.on_load(:action_controller) do
-  include CanCan::ControllerAdditions
+if defined? ActiveSupport
+  ActiveSupport.on_load(:action_controller) do
+    include CanCan::ControllerAdditions
+  end
 end

data/lib/cancan/exceptions.rb

@@ -11,6 +11,9 @@ module CanCan
   # Raised when using check_authorization without calling authorized!
   class AuthorizationNotPerformed < Error; end
 
+  # Raised when using a wrong association name
+  class WrongAssociationName < Error; end
+
   # This error is raised when a user isn't allowed to access a given controller action.
   # This usually happens within a call to ControllerAdditions#authorize! but can be
   # raised manually.

data/lib/cancan/model_adapters/active_record_adapter.rb

@@ -1,4 +1,6 @@
 require_relative 'can_can/model_adapters/active_record_adapter/joins.rb'
+require_relative 'conditions_extractor.rb'
+require 'cancan/rules_compressor'
 module CanCan
   module ModelAdapters
     module ActiveRecordAdapter
@@ -20,47 +22,19 @@ module CanCan
       #   query(:manage, User).conditions # => "not (self_managed = 't') AND ((manager_id = 1) OR (id = 1))"
       #
       def conditions
-        if @rules.size == 1 && @rules.first.base_behavior
+        compressed_rules = RulesCompressor.new(@rules.reverse).rules_collapsed.reverse
+        conditions_extractor = ConditionsExtractor.new(@model_class)
+        if compressed_rules.size == 1 && compressed_rules.first.base_behavior
           # Return the conditions directly if there's just one definition
-          tableized_conditions(@rules.first.conditions).dup
+          conditions_extractor.tableize_conditions(compressed_rules.first.conditions).dup
         else
-          extract_multiple_conditions
+          extract_multiple_conditions(conditions_extractor, compressed_rules)
         end
       end
 
-      def extract_multiple_conditions
-        @rules.reverse.inject(false_sql) do |sql, rule|
-          merge_conditions(sql, tableized_conditions(rule.conditions).dup, rule.base_behavior)
-        end
-      end
-
-      def tableized_conditions(conditions, model_class = @model_class)
-        return conditions unless conditions.is_a? Hash
-        conditions.each_with_object({}) do |(name, value), result_hash|
-          calculate_result_hash(model_class, name, result_hash, value)
-        end
-      end
-
-      def calculate_result_hash(model_class, name, result_hash, value)
-        if value.is_a? Hash
-          association_class = model_class.reflect_on_association(name).klass.name.constantize
-          nested_resulted = calculate_nested(model_class, name, result_hash, value.dup)
-          result_hash.merge!(tableized_conditions(nested_resulted, association_class))
-        else
-          result_hash[name] = value
-        end
-        result_hash
-      end
-
-      def calculate_nested(model_class, name, result_hash, value)
-        value.each_with_object({}) do |(k, v), nested|
-          if v.is_a? Hash
-            value.delete(k)
-            nested[k] = v
-          else
-            result_hash[model_class.reflect_on_association(name).table_name.to_sym] = value
-          end
-          nested
+      def extract_multiple_conditions(conditions_extractor, rules)
+        rules.reverse.inject(false_sql) do |sql, rule|
+          merge_conditions(sql, conditions_extractor.tableize_conditions(rule.conditions).dup, rule.base_behavior)
         end
       end
 

data/lib/cancan/model_adapters/can_can/model_adapters/active_record_adapter/joins.rb

@@ -6,7 +6,7 @@ module CanCan
         # See ModelAdditions#accessible_by
         def joins
           joins_hash = {}
-          @rules.each do |rule|
+          @rules.reverse.each do |rule|
             merge_joins(joins_hash, rule.associations_hash)
           end
           clean_joins(joins_hash) unless joins_hash.empty?

data/lib/cancan/model_adapters/conditions_extractor.rb

@@ -0,0 +1,75 @@
+# this class is responsible of converting the hash of conditions
+# in "where conditions" to generate the sql query
+# it consists of a names_cache that helps calculating the next name given to the association
+# it tries to reflect the bahavior of ActiveRecord when generating aliases for tables.
+module CanCan
+  module ModelAdapters
+    class ConditionsExtractor
+      def initialize(model_class)
+        @names_cache = { model_class.table_name => [] }.with_indifferent_access
+        @root_model_class = model_class
+      end
+
+      def tableize_conditions(conditions, model_class = @root_model_class, path_to_key = 0)
+        return conditions unless conditions.is_a? Hash
+        conditions.each_with_object({}) do |(key, value), result_hash|
+          if value.is_a? Hash
+            result_hash.merge!(calculate_result_hash(key, model_class, path_to_key, result_hash, value))
+          else
+            result_hash[key] = value
+          end
+          result_hash
+        end
+      end
+
+      private
+
+      def calculate_result_hash(key, model_class, path_to_key, result_hash, value)
+        reflection = model_class.reflect_on_association(key)
+        unless reflection
+          raise WrongAssociationName, "association #{key} not defined in model #{model_class.name}"
+        end
+        nested_resulted = calculate_nested(model_class, result_hash, key, value.dup, path_to_key)
+        association_class = reflection.klass.name.constantize
+        tableize_conditions(nested_resulted, association_class, "#{path_to_key}_#{key}")
+      end
+
+      def calculate_nested(model_class, result_hash, relation_name, value, path_to_key)
+        value.each_with_object({}) do |(k, v), nested|
+          if v.is_a? Hash
+            value.delete(k)
+            nested[k] = v
+          else
+            table_alias = generate_table_alias(model_class, relation_name, path_to_key)
+            result_hash[table_alias] = value
+          end
+          nested
+        end
+      end
+
+      def generate_table_alias(model_class, relation_name, path_to_key)
+        table_alias = model_class.reflect_on_association(relation_name).table_name.to_sym
+
+        if alredy_used?(table_alias, relation_name, path_to_key)
+          table_alias = "#{relation_name.to_s.pluralize}_#{model_class.table_name}".to_sym
+
+          index = 1
+          while alredy_used?(table_alias, relation_name, path_to_key)
+            table_alias = "#{table_alias}_#{index += 1}".to_sym
+          end
+        end
+        add_to_cache(table_alias, relation_name, path_to_key)
+      end
+
+      def alredy_used?(table_alias, relation_name, path_to_key)
+        @names_cache[table_alias].try(:exclude?, "#{path_to_key}_#{relation_name}")
+      end
+
+      def add_to_cache(table_alias, relation_name, path_to_key)
+        @names_cache[table_alias] ||= []
+        @names_cache[table_alias] << "#{path_to_key}_#{relation_name}"
+        table_alias
+      end
+    end
+  end
+end

data/lib/cancan/rule.rb

@@ -24,6 +24,18 @@ module CanCan
       @block = block
     end
 
+    def can_rule?
+      base_behavior
+    end
+
+    def cannot_catch_all?
+      !can_rule? && catch_all?
+    end
+
+    def catch_all?
+      [nil, false, [], {}, '', ' '].include? @conditions
+    end
+
     # Matches both the subject and action, not necessarily the conditions
     def relevant?(action, subject)
       subject = subject.values.first if subject.class == Hash

data/lib/cancan/rules_compressor.rb

@@ -0,0 +1,20 @@
+require_relative 'conditions_matcher.rb'
+module CanCan
+  class RulesCompressor
+    attr_reader :initial_rules, :rules_collapsed
+
+    def initialize(rules)
+      @initial_rules = rules
+      @rules_collapsed = compress(@initial_rules)
+    end
+
+    def compress(array)
+      idx = array.rindex(&:catch_all?)
+      return array unless idx
+      value = array[idx]
+      array[idx..-1]
+        .drop_while { |n| n.base_behavior == value.base_behavior }
+        .tap { |a| a.unshift(value) unless value.cannot_catch_all? }
+    end
+  end
+end

data/lib/cancan/version.rb

@@ -1,3 +1,3 @@
 module CanCan
-  VERSION = '2.2.0'.freeze
+  VERSION = '2.3.0'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancancan
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Alessandro Rodi (Renuo AG)
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-15 00:00:00.000000000 Z
+date: 2018-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -129,9 +129,11 @@ files:
 - lib/cancan/model_adapters/active_record_5_adapter.rb
 - lib/cancan/model_adapters/active_record_adapter.rb
 - lib/cancan/model_adapters/can_can/model_adapters/active_record_adapter/joins.rb
+- lib/cancan/model_adapters/conditions_extractor.rb
 - lib/cancan/model_adapters/default_adapter.rb
 - lib/cancan/model_additions.rb
 - lib/cancan/rule.rb
+- lib/cancan/rules_compressor.rb
 - lib/cancan/version.rb
 - lib/cancancan.rb
 - lib/generators/cancan/ability/USAGE