cancannible 0.0.1 → 0.0.2

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YTJjNWE0NzMzZTcyNDAxMDRhOTMxZmE4ODRkYWZkMWU1ZDcwNjczMw==
+    YWE0OWZkMjhlMWQ3ODMzNTVmZWNiMTk2ZWM5YmU2YjMyY2I1NTAwMA==
   data.tar.gz: !binary |-
-    NGY4MDliNGJlMGMwZjBkYTc5MjYyYzcyNWI0MWZiNWJmMmU1ZjU3Mw==
+    YjQ0NDZhNzQ5MzdhMDJiMDQ4NzRjMjI1MDE5ZGY1N2ViZjU2NThlMA==
 SHA512:
   metadata.gz: !binary |-
-    MTliYzQ2MGYzZWQyODhiMTk0ZTgzODhjNDQ1MDEwMzdmZDNjOWY0ZjRiY2Q0
-    NDNjZGUwYmE4OTQ3Zjc2MjZkMDc1N2JjOTYyOWE2ZGY4OWZhNGE5NTkyYjg4
-    ODFjZTYyODc0Yjg5ZGM4YWRmMjI1ZmU4ZmFmZGU5NmExMzhjZTE=
+    Zjc2OGYzMGI1ODA5ZmY4ZmQ3ZGRhNTU5MDM2MmRiOWJmNDNmNzI4MzZjYTY0
+    ZDNiNDM3ODVmZTExYzM5NDQ1ZmQyNDZmZjc0NDFiYWIxZTM2YjcwMTdiMGU0
+    YTliZGI0YjFhNDdjY2RmZWNhZjNhY2YyNDU5YTQ3MDQ3NDRhNjY=
   data.tar.gz: !binary |-
-    NmM5ODQ3NmUwNDIzYjJkYTZjZTZlYzhiNDEzMTAxYWQzMmE0ODU1OGJiNTFm
-    OWRjMzUyZWUzMmQxYTI1ZmQ2MGIzMjZjOWRkNTI0N2VlZjkyN2NjNjljM2Ez
-    ZmY5M2RkMzgyYTk1OWE5OGFkYzUwNTE1ZjRlNmQyNzVkYjkxNWE=
+    MjFhMzBmNzQ5YTcyMzBmOTViMTYwMjEwNDI2YjllNjUxZjEzYjkxNmZjOTVi
+    YmVkOWZjMWUyODBiMDQ3MmY4YWExMDJiNmUzZTkzZTBlY2MwZWFjMzFmOWM0
+    MjNiMTBmMGFjNGI3OTllNTkxMjM3NTBmZDViOWYwNmVlZGMwZWE=

data/README.md

@@ -34,6 +34,7 @@ Or install it yourself as:
 
     $ gem install cancannible
 
+
 ## Configuration
 
 A generator is provided to create:
@@ -44,13 +45,56 @@ After installing the gem, run the generator:
 
     $ rails generate cancannible:install
 
+
+## Enable Cancannible support in a model
+
+Include Cancannible::Grantee in each model that it will be valid to assign permissions to.
+
+For example, if we have a User model associated with a Group, and both can have permissions assigned:
+
+    class User < ActiveRecord::Base
+      belongs_to :group
+      include Cancannible::Grantee
+    end
+
+    class Group < ActiveRecord::Base
+      has_many :users
+      include Cancannible::Grantee
+    end
+
+
+## Enabling Permissions inheritance
+
+By default, permissions are not inherited from association.
+User the `inherit_permissions_from` class method to declare how permissions can be inherited.
+
+For example:
+
+    class User < ActiveRecord::Base
+      belongs_to :group
+      include Cancannible::Grantee
+      inherit_permissions_from :group
+    end
+
+Or:
+
+    class User < ActiveRecord::Base
+      belongs_to :group
+      has_many :roles_users, class_name: 'RolesUsers'
+      has_many :roles, through: :roles_users
+      include Cancannible::Grantee
+      inherit_permissions_from :group, :roles
+    end
+
+
 ## The Cancannible initialization file
 
 See the initialization file template for specific instructions. Use the initialization file to configure:
 * abilities caching
 * general-purpose access refinements
 
-## Configuring cached abilities storage
+
+### Configuring cached abilities storage
 
 Cancannible does not implement any specific storage mechanism - that is up to you to provide if you wish.
 

data/lib/cancannible.rb

@@ -4,5 +4,6 @@ require 'cancan'
 
 require "cancannible/version"
 require "cancannible/config"
-require "cancannible/ability_preload_adapter"
-require "cancannible/base"
+require "cancannible/preload_adapter"
+require "cancannible/preloader"
+require "cancannible/grantee"

data/lib/cancannible/config.rb

@@ -20,7 +20,9 @@ module Cancannible
   reset!
 
   def self.refine_access(refinement={})
-    self.refinements << refinement
+    stage = (refinement.delete(:stage) || 1) - 1
+    self.refinements[stage] ||= []
+    self.refinements[stage] << refinement
   end
 
 end

data/lib/cancannible/grantee.rb

@@ -0,0 +1,125 @@
+module Cancannible::Grantee
+  extend ActiveSupport::Concern
+
+  included do
+    class_attribute :inheritable_permissions
+    self.inheritable_permissions = [] # default
+
+    has_many :permissions, as: :permissible, dependent: :destroy do
+      # generally use instance.can method, not permissions<< directly
+      def <<(arg)
+        ability, resource = arg
+        resource = nil if resource.blank?
+        asserted = arg[2].nil? ? true : arg[2]
+
+        case resource
+        when Class, Symbol
+          resource_type = resource.to_s
+          resource_id = nil
+        when nil
+          resource_type = resource_id = nil
+        else
+          resource_type = resource.class.to_s
+          resource_id = resource.try(:id)
+        end
+
+        permission = find_by_asserted_and_ability_and_resource_id_and_resource_type(
+          asserted, ability, resource_id, resource_type)
+        unless permission
+          permission = find_or_initialize_by_asserted_and_ability_and_resource_id_and_resource_type(
+            !asserted, ability, resource_id, resource_type)
+          permission.asserted = asserted
+          permission.save!
+        end
+
+        # if Rails.version =~ /3\.0/ # the rails 3.0 way
+        #   proxy_owner.instance_variable_set :@permissions, nil # invalidate the owner's permissions collection
+        #   proxy_owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
+        # else
+          proxy_association.owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
+        # end
+        permission
+      end
+    end
+
+  end
+
+  module ClassMethods
+
+    # Command: configures the set of associations (array of symbols) from which permissions should be inherited
+    def inherit_permissions_from(*relations)
+      self.inheritable_permissions = relations
+    end
+
+  end
+
+  # Returns the Ability set for the owner.
+  # Set +refresh+ to true to force a reload of permissions.
+  def abilities(refresh = false)
+    @abilities = if refresh
+      nil
+    elsif Cancannible.get_cached_abilities.respond_to?(:call)
+      Cancannible.get_cached_abilities.call(self)
+    end
+    return @abilities if @abilities
+
+    @abilities ||= if ability_class = ('Ability'.constantize rescue nil)
+      unless ability_class.included_modules.include?(Cancannible::PreloadAdapter)
+        ability_class.send :include, Cancannible::PreloadAdapter
+      end
+      ability_class.new(self)
+    end
+
+    Cancannible.store_cached_abilities.call(self,@abilities) if Cancannible.store_cached_abilities.respond_to?(:call)
+    @abilities
+  end
+
+  # Returns the collection of inherited permission records
+  def inherited_permissions
+    inherited_perms = []
+    self.class.inheritable_permissions.each do |relation|
+      Array(self.send(relation)).each do |record|
+        inherited_perms.concat(record.permissions.reload)
+      end
+    end
+    inherited_perms
+  end
+
+  # Returns true it the +ability+ is permitted on +resource+ - persisted or dynamic (delegated to CanCan)
+  def can?(ability, resource)
+    abilities.can?(ability, resource)
+  end
+
+  # Returns true it the +ability+ is prohibited on +resource+ - persisted or dynamic (delegated to CanCan)
+  def cannot?(ability, resource)
+    abilities.cannot?(ability, resource)
+  end
+
+  # Command: grant the permission to do +ability+ on +resource+
+  def can(ability, resource)
+    permissions << [ability, resource]
+  end
+
+  # Command: prohibit the permission to do +ability+ on +resource+
+  def cannot(ability, resource)
+    permissions << [ability, resource, false]
+  end
+
+end
+
+
+module Cancannible
+  # This module is automatically included into all controllers.
+  # It overrides some CanCan ControllerAdditions
+  module ControllerAdditions
+    def current_ability
+      current_user.try(:abilities)
+    end
+  end
+end
+
+if defined? ActionController::Base
+  ActionController::Base.class_eval do
+    include Cancannible::ControllerAdditions
+  end
+end

data/lib/cancannible/{ability_preload_adapter.rb → preload_adapter.rb}

@@ -1,4 +1,4 @@
-module Cancannible::AbilityPreloadAdapter
+module Cancannible::PreloadAdapter
   extend ActiveSupport::Concern
 
   included do
@@ -6,7 +6,7 @@ module Cancannible::AbilityPreloadAdapter
     # Tap Ability.new to first preload permissions via Cancannible
     alias_method :cancan_initialize, :initialize
     def initialize(user)
-      user.preload_abilities(self) if user.respond_to? :preload_abilities
+      Cancannible::Preloader.preload_abilities!(user,self)
       cancan_initialize(user)
     end
 

data/lib/cancannible/preloader.rb

@@ -0,0 +1,115 @@
+class Cancannible::Preloader
+
+  def self.preload_abilities!(grantee,cancan_ability_object)
+    new(grantee,cancan_ability_object).preload!
+  end
+
+  attr_accessor :grantee
+  attr_accessor :cancan_ability_object
+
+  def initialize(grantee,cancan_ability_object)
+    self.grantee = grantee
+    self.cancan_ability_object = cancan_ability_object
+  end
+
+  def preload!
+    return unless grantee.respond_to?(:inherited_permissions)
+    # load inherited permissions to CanCan Abilities
+    preload_abilities_from_permissions(grantee.inherited_permissions)
+    # load user-based permissions from database to CanCan Abilities
+    preload_abilities_from_permissions(grantee.permissions.reload)
+    # return the ability object
+    cancan_ability_object
+  end
+
+  def preload_abilities_from_permissions(perms)
+    perms.each do |permission|
+      ability = permission.ability.to_sym
+      action = permission.asserted ? :can : :cannot
+
+      resource_type,model_resource = resolve_resource_type(permission.resource_type)
+
+      if !resource_type || resource_type.is_a?(Symbol)
+        # nil or symbolic resource types: apply generic unrestricted permission to the resource_type
+        cancan_ability_object.send( action,  ability, resource_type )
+        next
+      else
+        # model-based resource types: skip if we cannot get a model instance
+        next unless model_resource
+      end
+
+      if permission.resource_id.nil?
+
+        if action == :cannot
+          # apply generic unrestricted permission to the class
+          cancan_ability_object.send( action, ability, resource_type )
+        else
+
+          refinements = resolve_resource_refinements(ability,model_resource)
+
+          if refinements.empty?
+            # apply generic unrestricted permission to the class
+            cancan_ability_object.send( action, ability, resource_type )
+          else
+            secondary_refinements = resolve_resource_refinements(ability,model_resource,2).presence || [{}]
+            refinements.each do |refinement|
+              secondary_refinements.each do |secondary_refinement|
+                cancan_ability_object.send( action,  ability, resource_type, refinement.merge(secondary_refinement))
+              end
+            end
+          end
+
+        end
+
+      elsif resource_type.find_by_id(permission.resource_id)
+        cancan_ability_object.send( action,  ability, resource_type, id: permission.resource_id)
+      end
+
+    end
+  end
+
+  def resolve_resource_type(given_resource_type)
+    model_resource = nil
+    resource_type = given_resource_type
+    resource_type = resource_type==resource_type.downcase ? resource_type.to_sym : resource_type.constantize rescue nil
+    model_resource = resource_type.respond_to?(:new) ? resource_type.new : resource_type rescue nil
+    [resource_type,model_resource]
+  end
+
+  def resolve_resource_refinements(ability,model_resource,stage=1)
+    Array(Cancannible.refinements[stage-1]).each_with_object([]) do |refinement,memo|
+      refinement_attributes = refinement.dup
+
+      allow_nil = !!(refinement_attributes.delete(:allow_nil))
+
+      refinement_if_condition = refinement_attributes.delete(:if)
+      next if refinement_if_condition.respond_to?(:call) && !refinement_if_condition.call(grantee,model_resource)
+
+      refinement_scope = Array(refinement_attributes.delete(:scope))
+      next if refinement_scope.present? &&  !refinement_scope.include?(ability)
+
+      refinement_except = Array(refinement_attributes.delete(:except))
+      next if refinement_except.present? &&  refinement_except.include?(ability)
+
+      refinement_attribute_names = refinement_attributes.keys.map{|k| "#{k}" }
+      next unless (refinement_attribute_names - model_resource.attribute_names).empty?
+
+      restriction = {}
+      refinement_attributes.each do |key,value|
+        if value.is_a?(Symbol)
+          if grantee.respond_to?(value)
+            restriction[key] = if allow_nil
+              Array(grantee.send(value)) + [nil]
+            else
+              grantee.send(value)
+            end
+          end
+        else
+          restriction[key] = value
+        end
+      end
+      memo.push(restriction) if restriction.present?
+    end
+  end
+
+end

data/lib/cancannible/version.rb

@@ -1,3 +1,3 @@
 module Cancannible
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/lib/generators/cancannible/templates/cancannible_initializer.rb

@@ -94,4 +94,10 @@ Cancannible.setup do |config|
   # and `model_resource` is an example record (unsaved) of the kind of resource that the rule is being applied to.
 
 
+  # Multi-stage refinement syntax example:
+  #   config.refine_access customer_id: :accessible_customer_ids, stage: 2
+  #
+  # By default, access refinements are "stage 1" i.e. applied directly to the permissions being loaded.
+  # By specifying stage 2, this refinement is applied on top of all stage 1 refinements (if possible / applicable)
+
 end

data/spec/support/models.rb

@@ -11,15 +11,15 @@ class Permission < ActiveRecord::Base
 end
 
 class Member < ActiveRecord::Base
-  include Cancannible
+  include Cancannible::Grantee
 end
 
 class User < ActiveRecord::Base
   has_many :roles_users, class_name: 'RolesUsers'
-  has_many :roles, :through => :roles_users
+  has_many :roles, through: :roles_users
   belongs_to :group
 
-  include Cancannible
+  include Cancannible::Grantee
   inherit_permissions_from :roles, :group
 end
 
@@ -30,15 +30,15 @@ end
 
 class Role < ActiveRecord::Base
   has_many :roles_users, :class_name => 'RolesUsers'
-  has_many :users, :through => :roles_users
+  has_many :users, through: :roles_users
 
-  include Cancannible
+  include Cancannible::Grantee
 end
 
 class Group < ActiveRecord::Base
   has_many :users
 
-  include Cancannible
+  include Cancannible::Grantee
 end
 
 class Widget < ActiveRecord::Base

data/spec/unit/custom_refinements_spec.rb

@@ -217,6 +217,34 @@ describe Cancannible do
       end
     end
 
+    context "with stage 2 restriction" do
+      let(:resource_class) { Widget }
+      before do
+        Cancannible.setup do |config|
+          config.refine_access category_id: :category_ids
+          config.refine_access name: 'Test', stage: 2
+        end
+        allow(grantee).to receive(:category_ids).and_return([1,3])
+        grantee.can(ability,resource_class)
+      end
+      let!(:resource) { resource_class.create(category_id: category_id, name: name) }
+      subject { grantee.can?(ability,resource) }
+      context "with resource within scope" do
+        let(:name) { 'Test' }
+        let(:category_id) { 3 }
+        it { should be_truthy }
+      end
+      context "with resource not in scope (excluded by attribute association)" do
+        let(:name) { 'Test' }
+        let(:category_id) { 2 }
+        it { should be_falsey }
+      end
+      context "with resource not in scope (excluded by stage 2 refinement)" do
+        let(:name) { 'Not Test' }
+        let(:category_id) { 3 }
+        it { should be_falsey }
+      end
+    end
 
   end
 

data/spec/unit/{base_spec.rb → grantee_spec.rb}

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe Cancannible do
+describe Cancannible::Grantee do
   let(:grantee_class) { Member }
 
   context "without permissions inheritance" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cancannible
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Paul Gallagher
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-29 00:00:00.000000000 Z
+date: 2014-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -154,9 +154,10 @@ files:
 - Rakefile
 - cancannible.gemspec
 - lib/cancannible.rb
-- lib/cancannible/ability_preload_adapter.rb
-- lib/cancannible/base.rb
 - lib/cancannible/config.rb
+- lib/cancannible/grantee.rb
+- lib/cancannible/preload_adapter.rb
+- lib/cancannible/preloader.rb
 - lib/cancannible/version.rb
 - lib/generators/cancannible/install_generator.rb
 - lib/generators/cancannible/templates/cancannible_initializer.rb
@@ -166,10 +167,10 @@ files:
 - spec/support/ability.rb
 - spec/support/migrations_helper.rb
 - spec/support/models.rb
-- spec/unit/base_spec.rb
 - spec/unit/cached_abilities_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/custom_refinements_spec.rb
+- spec/unit/grantee_spec.rb
 - spec/unit/inherited_permissions_spec.rb
 homepage: https://github.com/evendis/cancannible
 licenses:
@@ -200,8 +201,8 @@ test_files:
 - spec/support/ability.rb
 - spec/support/migrations_helper.rb
 - spec/support/models.rb
-- spec/unit/base_spec.rb
 - spec/unit/cached_abilities_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/custom_refinements_spec.rb
+- spec/unit/grantee_spec.rb
 - spec/unit/inherited_permissions_spec.rb

data/lib/cancannible/base.rb

@@ -1,213 +0,0 @@
-module Cancannible
-  extend ActiveSupport::Concern
-
-  included do
-    class_attribute :inheritable_permissions
-    self.inheritable_permissions = [] # default
-
-    has_many :permissions, as: :permissible, dependent: :destroy do
-      # generally use instance.can method, not permissions<< directly
-      def <<(arg)
-        ability, resource = arg
-        resource = nil if resource.blank?
-        asserted = arg[2].nil? ? true : arg[2]
-
-        case resource
-        when Class, Symbol
-          resource_type = resource.to_s
-          resource_id = nil
-        when nil
-          resource_type = resource_id = nil
-        else
-          resource_type = resource.class.to_s
-          resource_id = resource.try(:id)
-        end
-
-        permission = find_by_asserted_and_ability_and_resource_id_and_resource_type(
-          asserted, ability, resource_id, resource_type)
-        unless permission
-          permission = find_or_initialize_by_asserted_and_ability_and_resource_id_and_resource_type(
-            !asserted, ability, resource_id, resource_type)
-          permission.asserted = asserted
-          permission.save!
-        end
-
-        # if Rails.version =~ /3\.0/ # the rails 3.0 way
-        #   proxy_owner.instance_variable_set :@permissions, nil # invalidate the owner's permissions collection
-        #   proxy_owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
-        # else
-          proxy_association.owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
-        # end
-        permission
-      end
-    end
-
-  end
-
-  module ClassMethods
-    def inherit_permissions_from(*relations)
-      self.inheritable_permissions = relations
-    end
-  end
-
-  # Returns the Ability set for the owner.
-  # Set +refresh+ to true to force a reload of permissions.
-  def abilities(refresh = false)
-    @abilities = if refresh
-      nil
-    elsif get_cached_abilities.respond_to?(:call)
-      get_cached_abilities.call(self)
-    end
-    return @abilities if @abilities
-
-    @abilities ||= if ability_class = ('Ability'.constantize rescue nil)
-      unless ability_class.included_modules.include?(Cancannible::AbilityPreloadAdapter)
-        ability_class.send :include, Cancannible::AbilityPreloadAdapter
-      end
-      ability_class.new(self)
-    end
-
-    store_cached_abilities.call(self,@abilities) if store_cached_abilities.respond_to?(:call)
-    @abilities
-  end
-
-  def preload_abilities(cancan_ability_object)
-    # load inherited permissions to CanCan Abilities
-    preload_abilities_from_permissions(cancan_ability_object, inherited_permissions)
-    # load user-based permissions from database to CanCan Abilities
-    preload_abilities_from_permissions(cancan_ability_object, self.permissions.reload)
-    cancan_ability_object
-  end
-
-  def inherited_permissions
-    inherited_perms = []
-    self.class.inheritable_permissions.each do |relation|
-      Array(self.send(relation)).each do |record|
-        inherited_perms.concat(record.permissions.reload)
-      end
-    end
-    inherited_perms
-  end
-
-  # test for a permission - persisted or dynamic (delegated to CanCan)
-  def can?(ability, resource)
-    abilities.can?(ability, resource)
-  end
-
-  # test for a prohibition - persisted or dynamic (delegated to CanCan)
-  def cannot?(ability, resource)
-    abilities.cannot?(ability, resource)
-  end
-
-  # define a persisted permission
-  def can(ability, resource)
-    permissions << [ability, resource]
-  end
-
-  # define a persisted prohibition
-  def cannot(ability, resource)
-    permissions << [ability, resource, false]
-  end
-
-  private
-
-  def preload_abilities_from_permissions(cancan_ability_object,perms)
-    perms.each do |permission|
-      ability = permission.ability.to_sym
-      action = permission.asserted ? :can : :cannot
-
-      if resource_type = permission.resource_type
-        begin
-          resource_type = resource_type==resource_type.downcase ? resource_type.to_sym : resource_type.constantize
-          model_resource = resource_type.respond_to?(:new) ? resource_type.new : resource_type
-        rescue
-          model_resource = nil
-        end
-      end
-
-      if !resource_type || resource_type.is_a?(Symbol)
-        # nil or symbolic resource types:
-        # apply generic unrestricted permission to the resource_type
-        cancan_ability_object.send( action,  ability, resource_type )
-        next
-      else
-        # model-based resource types:
-        # skip if we cannot get a model instance
-        next unless model_resource
-      end
-
-      if permission.resource_id.nil?
-
-        if action == :cannot
-          # apply generic unrestricted permission to the class
-          cancan_ability_object.send( action, ability, resource_type )
-        else
-
-          refinements = Cancannible.refinements.each_with_object([]) do |refinement,memo|
-            refinement_attributes = refinement.dup
-
-            allow_nil = !!(refinement_attributes.delete(:allow_nil))
-
-            refinement_if_condition = refinement_attributes.delete(:if)
-            next if refinement_if_condition.respond_to?(:call) && !refinement_if_condition.call(self,model_resource)
-
-            refinement_scope = Array(refinement_attributes.delete(:scope))
-            next if refinement_scope.present? &&  !refinement_scope.include?(ability)
-
-            refinement_except = Array(refinement_attributes.delete(:except))
-            next if refinement_except.present? &&  refinement_except.include?(ability)
-
-            refinement_attribute_names = refinement_attributes.keys.map{|k| "#{k}" }
-            next unless (refinement_attribute_names - model_resource.attribute_names).empty?
-
-            restriction = {}
-            refinement_attributes.each do |key,value|
-              if value.is_a?(Symbol)
-                if self.respond_to?(value)
-                  restriction[key] = if allow_nil
-                    Array(self.send(value)) + [nil]
-                  else
-                    self.send(value)
-                  end
-                end
-              else
-                restriction[key] = value
-              end
-            end
-            memo.push(restriction) if restriction.present?
-          end
-
-          if refinements.empty?
-            # apply generic unrestricted permission to the class
-            cancan_ability_object.send( action, ability, resource_type )
-          else
-            refinements.each do |refinement|
-              cancan_ability_object.send( action,  ability, resource_type, refinement)
-            end
-          end
-
-        end
-
-      elsif resource_type.find_by_id(permission.resource_id)
-        cancan_ability_object.send( action,  ability, resource_type, id: permission.resource_id)
-      end
-    end
-  end
-end
-
-
-module Cancannible
-  # This module is automatically included into all controllers.
-  # It overrides some CanCan ControllerAdditions
-  module ControllerAdditions
-    def current_ability
-      current_user.try(:abilities)
-    end
-  end
-end
-
-if defined? ActionController::Base
-  ActionController::Base.class_eval do
-    include Cancannible::ControllerAdditions
-  end
-end