cancancan 3.3.0 → 3.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4498ac94e1994faa4da80dc957d8c9564433d991048774f9ac2f051e60de580
-  data.tar.gz: 74209123c4c49adcd1d2d81df1de61c5f8cc2f243fdcdb4d01d3e41731e4c266
+  metadata.gz: fc128fc4996aed8edaee7dcce7178ec47d06c63591bf03c7cb98dd3deec5c213
+  data.tar.gz: 4e3ee983874f8fbeb3f566c6e12aaba275990581e77938b73d0349ec1e867f6e
 SHA512:
-  metadata.gz: eb7774650d12a7073d09bb713f7eedfd7d376689f6d6bb842620b325a814720172f4fec900705bcc0dd3bd90818a88d2ab7e3904ea3a5d004533e13b4bed1c4c
-  data.tar.gz: a7a6fff07fbd7d52816dd960d00ae0baea7d50c5ed41d0abf32ac3a0c2b6bc3c557a4309944717b57aad785ad7dc394870c079b6a820b62798a373a9d9f8c2b0
+  metadata.gz: 4511dd58be6c2a2ce4bc28b382ece40ad367a1cf72f56d521fe2f38ca038eb6cb11a249a1d029346038cfec0e1828acadddf8ff9be14d6d59e5228b165811d49
+  data.tar.gz: 8d24834c3362f708a9979079eee089537975aefa25144a65eea006c137a75297f1341b6df24877c0c517b0e1c33e935a7c4d82bbedcca84e00100d0806812ff5

data/cancancan.gemspec

@@ -25,5 +25,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'bundler', '~> 2.0'
   s.add_development_dependency 'rake', '~> 10.1', '>= 10.1.1'
   s.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
-  s.add_development_dependency 'rubocop', '~> 0.63.1'
+  s.add_development_dependency 'rubocop', '~> 1.26'
 end

data/lib/cancan/class_matcher.rb

@@ -1,3 +1,5 @@
+require_relative 'sti_detector'
+
 # This class is responsible for matching classes and their subclasses as well as
 # upmatching classes to their ancestors.
 # This is used to generate sti connections
@@ -12,6 +14,8 @@ class SubjectClassMatcher
   def self.matching_class_check(subject, sub, has_subclasses)
     matches = matches_class_or_is_related(subject, sub)
     if has_subclasses
+      return matches unless StiDetector.sti_class?(sub)
+
       matches || subject.subclasses.include?(sub)
     else
       matches

data/lib/cancan/conditions_matcher.rb

@@ -33,16 +33,24 @@ module CanCan
     end
 
     def nested_subject_matches_conditions?(subject_hash)
-      parent, _child = subject_hash.first
-      matches_conditions_hash?(parent, @conditions[parent.class.name.downcase.to_sym] || {})
+      parent, child = subject_hash.first
+
+      matches_base_parent_conditions = matches_conditions_hash?(parent,
+                                                                @conditions[parent.class.name.downcase.to_sym] || {})
+
+      adapter = model_adapter(parent)
+
+      matches_base_parent_conditions &&
+        (!adapter.override_nested_subject_conditions_matching?(parent, child, @conditions) ||
+          adapter.nested_subject_matches_conditions?(parent, child, @conditions))
     end
 
     # Checks if the given subject matches the given conditions hash.
-    # This behavior can be overriden by a model adapter by defining two class methods:
+    # This behavior can be overridden by a model adapter by defining two class methods:
     # override_matching_for_conditions?(subject, conditions) and
     # matches_conditions_hash?(subject, conditions)
     def matches_conditions_hash?(subject, conditions = @conditions)
-      return true if conditions.empty?
+      return true if conditions.is_a?(Hash) && conditions.empty?
 
       adapter = model_adapter(subject)
 
@@ -50,10 +58,21 @@ module CanCan
         return adapter.matches_conditions_hash?(subject, conditions)
       end
 
-      matches_all_conditions?(adapter, conditions, subject)
+      matches_all_conditions?(adapter, subject, conditions)
+    end
+
+    def matches_all_conditions?(adapter, subject, conditions)
+      if conditions.is_a?(Hash)
+        matches_hash_conditions(adapter, subject, conditions)
+      elsif conditions.respond_to?(:include?)
+        conditions.include?(subject)
+      else
+        puts "does #{subject} match #{conditions}?"
+        subject == conditions
+      end
     end
 
-    def matches_all_conditions?(adapter, conditions, subject)
+    def matches_hash_conditions(adapter, subject, conditions)
       conditions.all? do |name, value|
         if adapter.override_condition_matching?(subject, name, value)
           adapter.matches_condition?(subject, name, value)

data/lib/cancan/config.rb

@@ -3,7 +3,11 @@
 module CanCan
   def self.valid_accessible_by_strategies
     strategies = [:left_join]
-    strategies << :subquery unless does_not_support_subquery_strategy?
+
+    unless does_not_support_subquery_strategy?
+      strategies.push(:joined_alias_exists_subquery, :joined_alias_each_rule_as_exists_subquery, :subquery)
+    end
+
     strategies
   end
 

data/lib/cancan/controller_resource.rb

@@ -54,7 +54,7 @@ module CanCan
 
     protected
 
-    # Returns the class used for this resource. This can be overriden by the :class option.
+    # Returns the class used for this resource. This can be overridden by the :class option.
     # If +false+ is passed in it will use the resource name as a symbol in which case it should
     # only be used for authorization, not loading since there's no class to load through.
     def resource_class

data/lib/cancan/matchers.rb

@@ -13,9 +13,11 @@ Kernel.const_get(rspec_module)::Matchers.define :be_able_to do |*args|
   match do |ability|
     actions = args.first
     if actions.is_a? Array
-      break false if actions.empty?
-
-      actions.all? { |action| ability.can?(action, *args[1..-1]) }
+      if actions.empty?
+        false
+      else
+        actions.all? { |action| ability.can?(action, *args[1..-1]) }
+      end
     else
       ability.can?(*args)
     end

data/lib/cancan/model_adapters/abstract_adapter.rb

@@ -3,6 +3,8 @@
 module CanCan
   module ModelAdapters
     class AbstractAdapter
+      attr_reader :model_class
+
       def self.inherited(subclass)
         @subclasses ||= []
         @subclasses.insert(0, subclass)
@@ -33,6 +35,18 @@ module CanCan
         raise NotImplemented, 'This model adapter does not support matching on a conditions hash.'
       end
 
+      # Used above override_conditions_hash_matching to determine if this model adapter will override the
+      # matching behavior for nested subject.
+      # If this returns true then nested_subject_matches_conditions? will be called.
+      def self.override_nested_subject_conditions_matching?(_parent, _child, _all_conditions)
+        false
+      end
+
+      # Override if override_nested_subject_conditions_matching? returns true
+      def self.nested_subject_matches_conditions?(_parent, _child, _all_conditions)
+        raise NotImplemented, 'This model adapter does not support matching on a nested subject.'
+      end
+
       # Used to determine if this model adapter will override the matching behavior for a specific condition.
       # If this returns true then matches_condition? will be called. See Rule#matches_conditions_hash
       def self.override_condition_matching?(_subject, _name, _value)

data/lib/cancan/model_adapters/active_record_5_adapter.rb

@@ -22,16 +22,12 @@ module CanCan
       private
 
       def build_joins_relation(relation, *where_conditions)
-        case CanCan.accessible_by_strategy
-        when :subquery
-          inner = @model_class.unscoped do
-            @model_class.left_joins(joins).where(*where_conditions)
-          end
-          @model_class.where(@model_class.primary_key => inner)
+        strategy_class.new(adapter: self, relation: relation, where_conditions: where_conditions).execute!
+      end
 
-        when :left_join
-          relation.left_joins(joins).distinct
-        end
+      def strategy_class
+        strategy_class_name = CanCan.accessible_by_strategy.to_s.camelize
+        CanCan::ModelAdapters::Strategies.const_get(strategy_class_name)
       end
 
       def sanitize_sql(conditions)

data/lib/cancan/model_adapters/active_record_adapter.rb

@@ -11,6 +11,8 @@ module CanCan
         Gem::Version.new(ActiveRecord.version).release < Gem::Version.new(version)
       end
 
+      attr_reader :compressed_rules
+
       def initialize(model_class, rules)
         super
         @compressed_rules = RulesCompressor.new(@rules.reverse).rules_collapsed.reverse
@@ -18,6 +20,31 @@ module CanCan
         ConditionsNormalizer.normalize(model_class, @compressed_rules)
       end
 
+      class << self
+        # When belongs_to parent_id is a condition for a model,
+        # we want to check the parent when testing ability for a hash {parent => model}
+        def override_nested_subject_conditions_matching?(parent, child, all_conditions)
+          parent_child_conditions(parent, child, all_conditions).present?
+        end
+
+        # parent_id condition can be an array of integer or one integer, we check the parent against this
+        def nested_subject_matches_conditions?(parent, child, all_conditions)
+          id_condition = parent_child_conditions(parent, child, all_conditions)
+          return id_condition.include?(parent.id) if id_condition.is_a? Array
+          return id_condition == parent.id if id_condition.is_a? Integer
+
+          false
+        end
+
+        def parent_child_conditions(parent, child, all_conditions)
+          child_class = child.is_a?(Class) ? child : child.class
+          foreign_key = child_class.reflect_on_all_associations(:belongs_to).find do |association|
+                          association.klass == parent.class
+                        end&.foreign_key&.to_sym
+          foreign_key.nil? ? nil : all_conditions[foreign_key]
+        end
+      end
+
       # Returns conditions intended to be used inside a database query. Normally you will not call this
       # method directly, but instead go through ModelAdditions#accessible_by.
       #

data/lib/cancan/model_adapters/conditions_extractor.rb

@@ -3,7 +3,7 @@
 # this class is responsible of converting the hash of conditions
 # in "where conditions" to generate the sql query
 # it consists of a names_cache that helps calculating the next name given to the association
-# it tries to reflect the bahavior of ActiveRecord when generating aliases for tables.
+# it tries to reflect the behavior of ActiveRecord when generating aliases for tables.
 module CanCan
   module ModelAdapters
     class ConditionsExtractor
@@ -50,18 +50,18 @@ module CanCan
       def generate_table_alias(model_class, relation_name, path_to_key)
         table_alias = model_class.reflect_on_association(relation_name).table_name.to_sym
 
-        if alredy_used?(table_alias, relation_name, path_to_key)
+        if already_used?(table_alias, relation_name, path_to_key)
           table_alias = "#{relation_name.to_s.pluralize}_#{model_class.table_name}".to_sym
 
           index = 1
-          while alredy_used?(table_alias, relation_name, path_to_key)
+          while already_used?(table_alias, relation_name, path_to_key)
             table_alias = "#{table_alias}_#{index += 1}".to_sym
           end
         end
         add_to_cache(table_alias, relation_name, path_to_key)
       end
 
-      def alredy_used?(table_alias, relation_name, path_to_key)
+      def already_used?(table_alias, relation_name, path_to_key)
         @names_cache[table_alias].try(:exclude?, "#{path_to_key}_#{relation_name}")
       end
 

data/lib/cancan/model_adapters/conditions_normalizer.rb

@@ -1,6 +1,6 @@
 # this class is responsible of normalizing the hash of conditions
 # by exploding has_many through associations
-# when a condition is defined with an has_many thorugh association this is exploded in all its parts
+# when a condition is defined with an has_many through association this is exploded in all its parts
 # TODO: it could identify STI and normalize it
 module CanCan
   module ModelAdapters

data/lib/cancan/model_adapters/sti_normalizer.rb

@@ -1,3 +1,5 @@
+require_relative '../sti_detector'
+
 # this class is responsible for detecting sti classes and creating new rules for the
 # relevant subclasses, using the inheritance_column as a merger
 module CanCan
@@ -20,9 +22,7 @@ module CanCan
         private
 
         def update_rule(subject, rule, rules_cache)
-          return false unless subject.respond_to?(:descends_from_active_record?)
-          return false if subject == :all || subject.descends_from_active_record?
-          return false unless subject < ActiveRecord::Base
+          return false unless StiDetector.sti_class?(subject)
 
           rules_cache.push(build_rule_for_subclass(rule, subject))
           true
@@ -31,7 +31,7 @@ module CanCan
         # create a new rule for the subclasses that links on the inheritance_column
         def build_rule_for_subclass(rule, subject)
           CanCan::Rule.new(rule.base_behavior, rule.actions, subject.superclass,
-                           rule.conditions.merge(subject.inheritance_column => subject.name), rule.block)
+                           rule.conditions.merge(subject.inheritance_column => subject.sti_name), rule.block)
         end
       end
     end

data/lib/cancan/model_adapters/strategies/base.rb

@@ -0,0 +1,40 @@
+module CanCan
+  module ModelAdapters
+    class Strategies
+      class Base
+        attr_reader :adapter, :relation, :where_conditions
+
+        delegate(
+          :compressed_rules,
+          :extract_multiple_conditions,
+          :joins,
+          :model_class,
+          :quoted_primary_key,
+          :quoted_aliased_table_name,
+          :quoted_table_name,
+          to: :adapter
+        )
+        delegate :connection, :quoted_primary_key, to: :model_class
+        delegate :quote_table_name, to: :connection
+
+        def initialize(adapter:, relation:, where_conditions:)
+          @adapter = adapter
+          @relation = relation
+          @where_conditions = where_conditions
+        end
+
+        def aliased_table_name
+          @aliased_table_name ||= "#{model_class.table_name}_alias"
+        end
+
+        def quoted_aliased_table_name
+          @quoted_aliased_table_name ||= quote_table_name(aliased_table_name)
+        end
+
+        def quoted_table_name
+          @quoted_table_name ||= quote_table_name(model_class.table_name)
+        end
+      end
+    end
+  end
+end

data/lib/cancan/model_adapters/strategies/joined_alias_each_rule_as_exists_subquery.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: false
+
+module CanCan
+  module ModelAdapters
+    class Strategies
+      class JoinedAliasEachRuleAsExistsSubquery < Base
+        def execute!
+          model_class
+            .joins(
+              "JOIN #{quoted_table_name} AS #{quoted_aliased_table_name} ON " \
+              "#{quoted_aliased_table_name}.#{quoted_primary_key} = #{quoted_table_name}.#{quoted_primary_key}"
+            )
+            .where(double_exists_sql)
+        end
+
+        def double_exists_sql
+          double_exists_sql = ''
+
+          compressed_rules.each_with_index do |rule, index|
+            double_exists_sql << ' OR ' if index.positive?
+            double_exists_sql << "EXISTS (#{sub_query_for_rule(rule).to_sql})"
+          end
+
+          double_exists_sql
+        end
+
+        def sub_query_for_rule(rule)
+          conditions_extractor = ConditionsExtractor.new(model_class)
+          rule_where_conditions = extract_multiple_conditions(conditions_extractor, [rule])
+          joins_hash, left_joins_hash = extract_joins_from_rule(rule)
+          sub_query_for_rules_and_join_hashes(rule_where_conditions, joins_hash, left_joins_hash)
+        end
+
+        def sub_query_for_rules_and_join_hashes(rule_where_conditions, joins_hash, left_joins_hash)
+          model_class
+            .select('1')
+            .joins(joins_hash)
+            .left_joins(left_joins_hash)
+            .where(
+              "#{quoted_table_name}.#{quoted_primary_key} = " \
+              "#{quoted_aliased_table_name}.#{quoted_primary_key}"
+            )
+            .where(rule_where_conditions)
+            .limit(1)
+        end
+
+        def extract_joins_from_rule(rule)
+          joins = {}
+          left_joins = {}
+
+          extra_joins_recursive([], rule.conditions, joins, left_joins)
+          [joins, left_joins]
+        end
+
+        def extra_joins_recursive(current_path, conditions, joins, left_joins)
+          conditions.each do |key, value|
+            if value.is_a?(Hash)
+              current_path << key
+              extra_joins_recursive(current_path, value, joins, left_joins)
+              current_path.pop
+            else
+              extra_joins_recursive_merge_joins(current_path, value, joins, left_joins)
+            end
+          end
+        end
+
+        def extra_joins_recursive_merge_joins(current_path, value, joins, left_joins)
+          hash_joins = current_path_to_hash(current_path)
+
+          if value.nil?
+            left_joins.deep_merge!(hash_joins)
+          else
+            joins.deep_merge!(hash_joins)
+          end
+        end
+
+        # Converts an array like [:child, :grand_child] into a hash like {child: {grand_child: {}}
+        def current_path_to_hash(current_path)
+          hash_joins = {}
+          current_hash_joins = hash_joins
+
+          current_path.each do |path_part|
+            new_hash = {}
+            current_hash_joins[path_part] = new_hash
+            current_hash_joins = new_hash
+          end
+
+          hash_joins
+        end
+      end
+    end
+  end
+end

data/lib/cancan/model_adapters/strategies/joined_alias_exists_subquery.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module CanCan
+  module ModelAdapters
+    class Strategies
+      class JoinedAliasExistsSubquery < Base
+        def execute!
+          model_class
+            .joins(
+              "JOIN #{quoted_table_name} AS #{quoted_aliased_table_name} ON " \
+              "#{quoted_aliased_table_name}.#{quoted_primary_key} = #{quoted_table_name}.#{quoted_primary_key}"
+            )
+            .where("EXISTS (#{joined_alias_exists_subquery_inner_query.to_sql})")
+        end
+
+        def joined_alias_exists_subquery_inner_query
+          model_class
+            .unscoped
+            .select('1')
+            .left_joins(joins)
+            .where(*where_conditions)
+            .where(
+              "#{quoted_table_name}.#{quoted_primary_key} = " \
+              "#{quoted_aliased_table_name}.#{quoted_primary_key}"
+            )
+            .limit(1)
+        end
+      end
+    end
+  end
+end

data/lib/cancan/model_adapters/strategies/left_join.rb

@@ -0,0 +1,11 @@
+module CanCan
+  module ModelAdapters
+    class Strategies
+      class LeftJoin < Base
+        def execute!
+          relation.left_joins(joins).distinct
+        end
+      end
+    end
+  end
+end

data/lib/cancan/model_adapters/strategies/subquery.rb

@@ -0,0 +1,18 @@
+module CanCan
+  module ModelAdapters
+    class Strategies
+      class Subquery < Base
+        def execute!
+          build_joins_relation_subquery(where_conditions)
+        end
+
+        def build_joins_relation_subquery(where_conditions)
+          inner = model_class.unscoped do
+            model_class.left_joins(joins).where(*where_conditions)
+          end
+          model_class.where(model_class.primary_key => inner)
+        end
+      end
+    end
+  end
+end

data/lib/cancan/rule.rb

@@ -70,7 +70,7 @@ module CanCan
     end
 
     def with_scope?
-      @conditions.is_a?(ActiveRecord::Relation)
+      defined?(ActiveRecord) && @conditions.is_a?(ActiveRecord::Relation)
     end
 
     def associations_hash(conditions = @conditions)

data/lib/cancan/sti_detector.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class StiDetector
+  def self.sti_class?(subject)
+    return false unless defined?(ActiveRecord::Base)
+    return false unless subject.respond_to?(:descends_from_active_record?)
+    return false if subject == :all || subject.descends_from_active_record?
+    return false unless subject < ActiveRecord::Base
+
+    true
+  end
+end

data/lib/cancan/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module CanCan
-  VERSION = '3.3.0'.freeze
+  VERSION = '3.4.0'.freeze
 end

data/lib/cancan.rb

@@ -21,4 +21,9 @@ if defined? ActiveRecord
   require 'cancan/model_adapters/active_record_adapter'
   require 'cancan/model_adapters/active_record_4_adapter'
   require 'cancan/model_adapters/active_record_5_adapter'
+  require 'cancan/model_adapters/strategies/base'
+  require 'cancan/model_adapters/strategies/joined_alias_each_rule_as_exists_subquery'
+  require 'cancan/model_adapters/strategies/joined_alias_exists_subquery'
+  require 'cancan/model_adapters/strategies/left_join'
+  require 'cancan/model_adapters/strategies/subquery'
 end

data/lib/generators/cancan/ability/templates/ability.rb

@@ -4,14 +4,12 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
-    # Define abilities for the passed in user here. For example:
+    # Define abilities for the user here. For example:
     #
-    #   user ||= User.new # guest user (not logged in)
-    #   if user.admin?
-    #     can :manage, :all
-    #   else
-    #     can :read, :all
-    #   end
+    #   return unless user.present?
+    #   can :read, :all
+    #   return unless user.admin?
+    #   can :manage, :all
     #
     # The first argument to `can` is the action you are giving the user
     # permission to do.
@@ -26,9 +24,9 @@ class Ability
     # objects.
     # For example, here the user can only update published articles.
     #
-    #   can :update, Article, :published => true
+    #   can :update, Article, published: true
     #
     # See the wiki for details:
-    # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
+    # https://github.com/CanCanCommunity/cancancan/blob/develop/docs/define_check_abilities.md
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancancan
 version: !ruby/object:Gem::Version
-  version: 3.3.0
+  version: 3.4.0
 platform: ruby
 authors:
 - Alessandro Rodi (Renuo AG)
@@ -11,28 +11,28 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-21 00:00:00.000000000 Z
+date: 2022-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -71,36 +71,36 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.2.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.2.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.63.1
+        version: '1.26'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.63.1
+        version: '1.26'
 description: Simple authorization solution for Rails. All permissions are stored in
   a single location.
 email: alessandro.rodi@renuo.ch
@@ -135,11 +135,17 @@ files:
 - lib/cancan/model_adapters/conditions_normalizer.rb
 - lib/cancan/model_adapters/default_adapter.rb
 - lib/cancan/model_adapters/sti_normalizer.rb
+- lib/cancan/model_adapters/strategies/base.rb
+- lib/cancan/model_adapters/strategies/joined_alias_each_rule_as_exists_subquery.rb
+- lib/cancan/model_adapters/strategies/joined_alias_exists_subquery.rb
+- lib/cancan/model_adapters/strategies/left_join.rb
+- lib/cancan/model_adapters/strategies/subquery.rb
 - lib/cancan/model_additions.rb
 - lib/cancan/parameter_validators.rb
 - lib/cancan/relevant.rb
 - lib/cancan/rule.rb
 - lib/cancan/rules_compressor.rb
+- lib/cancan/sti_detector.rb
 - lib/cancan/unauthorized_message_resolver.rb
 - lib/cancan/version.rb
 - lib/cancancan.rb
@@ -166,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Simple authorization solution for Rails.