corntrace-cancan 1.6.5

data/CHANGELOG.rdoc

@@ -0,0 +1,291 @@
+1.6.5 (May 18, 2011)
+
+* pass action and subject through AccessDenied exception when :through isn't found - issue #366
+
+* many Mongoid adapter improvements (thanks rahearn, cardagin) - issues #363, #352, #343
+
+* allow :through option to work with private controller methods - issue #360
+
+* ensure Mongoid::Document is defined before loading Mongoid adapter - issue #359
+
+* many DataMapper adapter improvements (thanks emmanuel) - issue #355
+
+* handle checking nil attributes through associations (thanks thatothermitch) - issue #330
+
+* improve scope merging - issue #328
+
+
+
+1.6.4 (March 29, 2011)
+
+* Fixed mongoid 'or' error - see issue #322
+
+
+1.6.3 (March 25, 2011)
+
+* Make sure ActiveRecord::Relation is defined before checking conditions against it so Rails 2 is supported again - see issue #312
+
+* Return subject passed to authorize! - see issue #314
+
+
+1.6.2 (March 18, 2011)
+
+* Fixed instance loading when :singleton option is used - see issue #310
+
+
+1.6.1 (March 15, 2011)
+
+* Use Item.new instead of build_item for singleton resource so it doesn't effect database - see issue #304
+
+* Made accessible_by action default to :index and parent action default to :show instead of :read - see issue #302
+
+* Reverted Inherited Resources "collection" override since it doesn't seem to be working - see issue #305
+
+
+1.6.0 (March 11, 2011)
+
+* Added MetaWhere support - see issue #194 and #261
+
+* Allow Active Record scopes in Ability conditions - see issue #257
+
+* Added :if and :unless options to check_authorization - see issue #284
+
+* Several Inherited Resources fixes (thanks aq1018, tanordheim and stefanoverna)
+
+* Pass action name to accessible_by call when loading a collection (thanks amw)
+
+* Added :prepend option to load_and_authorize_resource to load before other filters - see issue #290
+
+* Fixed spacing issue in I18n message for multi-word model names - see issue #292
+
+* Load resource collection for any action which doesn't have an "id" parameter - see issue #296
+
+* Raise an exception when trying to make a Ability condition with both a hash of conditions and a block - see issue #269
+
+
+1.5.1 (January 20, 2011)
+
+* Fixing deeply nested conditions in Active Record adapter - see issue #246
+
+* Improving Mongoid support for multiple can and cannot definitions (thanks stellard) - see issue #239
+
+
+1.5.0 (January 11, 2011)
+
+* Added an Ability generator - see issue #170
+
+* Added DataMapper support (thanks natemueller)
+
+* Added Mongoid support (thanks bowsersenior)
+
+* Added skip_load_and_authorize_resource methods to controller class - see issue #164
+
+* Added support for uncountable resources in index action - see issue #193
+
+* Cleaned up README and added spec/README
+
+* Internal: renamed CanDefinition to Rule
+
+* Internal: added a model adapter layer for easily supporting more ORMs
+
+* Internal: added .rvmrc to auto-switch to 1.8.7 with gemset - see issue #231
+
+
+1.4.1 (November 12, 2010)
+
+* Renaming skip_authorization to skip_authorization_check - see issue #169
+
+* Adding :through_association option to load_resource (thanks hunterae) - see issue #171
+
+* The :shallow option now works with the :singleton option (thanks nandalopes) - see issue #187
+
+* Play nicely with quick_scopes gem (thanks ramontayag) - see issue #183
+
+* Fix odd behavior when "cache_classes = false" (thanks mphalliday) - see issue #174
+
+
+1.4.0 (October 5, 2010)
+
+* Adding Gemfile; to get specs running just +bundle+ and +rake+ - see issue #163
+
+* Stop at 'cannot' definition when there are no conditions - see issue #161
+
+* The :through option will now call a method with that name if instance variable doesn't exist - see issue #146
+
+* Adding :shallow option to load_resource to bring back old behavior of fetching a child without a parent
+
+* Raise AccessDenied error when loading a child and parent resource isn't found
+
+* Abilities defined on a module will apply to anything that includes that module - see issue #150 and #152
+
+* Abilities can be defined with a string of SQL in addition to a block so accessible_by works with a block - see issue #150
+
+* Adding better support for InheritedResource - see issue #23
+
+* Loading the collection instance variable (for index action) using accessible_by - see issue #137
+
+* Adding action and subject variables to I18n unauthorized message - closes #142
+
+* Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135
+
+* Setting initial attributes based on ability conditions in new/create actions - see issue #114
+
+* Check parent attributes for nested association in index action - see issue #121
+
+* Supporting nesting in can? method using hash - see issue #121
+
+* Adding I18n support for Access Denied messages (thanks EppO) - see issue #103
+
+* Passing no arguments to +can+ definition will pass action, class, and object to block - see issue #129
+
+* Don't pass action to block in +can+ definition when using :+manage+ option - see issue #129
+
+* No longer calling block in +can+ definition when checking on class - see issue #116
+
+
+1.3.4 (August 31, 2010)
+
+* Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131
+
+
+1.3.3 (August 20, 2010)
+
+* Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119
+
+* Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123
+
+
+1.3.2 (August 7, 2010)
+
+* Fixing slice error when passing in custom resource name - see issue #112
+
+
+1.3.1 (August 6, 2010)
+
+* Fixing protected sanitize_sql error - see issue #111
+
+
+1.3.0 (August 6, 2010)
+
+* Adding :find_by option to load_resource - see issue #19
+
+* Adding :singleton option to load_resource - see issue #93
+
+* Supporting multiple resources in :through option for polymorphic associations - see issue #73
+
+* Supporting Single Table Inheritance for "can" comparisons - see issue #55
+
+* Adding :instance_name option to load/authorize_resource - see issue #44
+
+* Don't pass nil to "new" to keep MongoMapper happy - see issue #63
+
+* Parent resources are now authorized with :read action.
+
+* Changing :resource option in load/authorize_resource back to :class with ability to pass false
+
+* Removing :nested option in favor of :through option with separate load/authorize call
+
+* Moving internal logic from ResourceAuthorization to ControllerResource class
+
+* Supporting multiple "can" and "cannot" calls with accessible_by (thanks funny-falcon) - see issue #71
+
+* Supporting deeply nested aliases - see issue #98
+
+
+1.2.0 (July 16, 2010)
+
+* Load nested parent resources on collection actions such as "index" (thanks dohzya)
+
+* Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65
+
+* Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66
+
+* Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62
+
+* Support has_many association or arrays in can conditions hash
+
+* Adding joins clause to accessible_by when conditions are across associations
+
+
+1.1.1 (April 17, 2010)
+
+* Fixing behavior in Rails 3 by properly initializing ResourceAuthorization
+
+
+1.1.0 (April 17, 2010)
+
+* Supporting arrays, ranges, and nested hashes in ability conditions
+
+* Removing "unauthorized!" method in favor of "authorize!" in controllers
+
+* Adding action, subject and default_message abilities to AccessDenied exception - see issue #40
+
+* Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.
+
+* Adding "accessible_by" method to Active Record for fetching records matching a specific ability
+
+* Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53
+
+* Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45
+
+* Properly handle Admin::AbilitiesController in params[:controller] - see issue #46
+
+* Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54
+
+* Support additional arguments to can? which get passed to the block - see issue #48
+
+
+1.0.2 (Dec 30, 2009)
+
+* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
+
+* Append aliased actions (don't overwrite them) - see issue #20
+
+* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
+
+
+1.0.1 (Dec 14, 2009)
+
+* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
+
+* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
+
+
+1.0.0 (Dec 13, 2009)
+
+* Don't set resource instance variable if it has been set already - see issue #13
+
+* Allowing :nested option to accept an array for deep nesting
+
+* Adding :nested option to load resource method - see issue #10
+
+* Pass :only and :except options to before filters for load/authorize resource methods.
+
+* Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.
+
+* BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.
+
+
+0.2.1 (Nov 26, 2009)
+
+* many internal refactorings - see issues #11 and #12
+
+* adding "cannot" method to define which abilities cannot be done - see issue #7
+
+* support custom objects (usually symbols) in can definition - see issue #8
+
+
+0.2.0 (Nov 17, 2009)
+
+* fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3
+
+* support arrays being passed to "can" to specify multiple actions or classes - see issue #2
+
+* adding "cannot?" method to ability, controller, and view which is inverse of "can?" - see issue #1
+
+* BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4
+
+
+0.1.0 (Nov 16, 2009)
+
+* initial release

data/Gemfile

@@ -0,0 +1,20 @@
+source "http://rubygems.org"
+
+case ENV["MODEL_ADAPTER"]
+when nil, "active_record"
+  gem "sqlite3"
+  gem "activerecord", :require => "active_record"
+  gem "with_model"
+  gem "meta_where"
+when "data_mapper"
+  gem "dm-core", "~> 1.0.2"
+  gem "dm-sqlite-adapter", "~> 1.0.2"
+  gem "dm-migrations", "~> 1.0.2"
+when "mongoid"
+  gem "bson_ext", "~> 1.1"
+  gem "mongoid", "~> 2.0.0.beta.20"
+else
+  raise "Unknown model adapter: #{ENV["MODEL_ADAPTER"]}"
+end
+
+gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Ryan Bates
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,111 @@
+= CanCan
+
+Wiki[https://github.com/ryanb/cancan/wiki] | RDocs[http://rdoc.info/projects/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan]
+
+CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the +Ability+ class) and not duplicated across controllers, views, and database queries.
+
+
+== Installation
+
+In <b>Rails 3</b>, add this to your Gemfile and run the +bundle+ command.
+
+  gem "cancan"
+
+In <b>Rails 2</b>, add this to your environment.rb file.
+
+  config.gem "cancan"
+
+Alternatively, you can install it as a plugin.
+
+  rails plugin install git://github.com/ryanb/cancan.git
+
+
+== Getting Started
+
+CanCan expects a +current_user+ method to exist in the controller. First, set up some authentication (such as Authlogic[https://github.com/binarylogic/authlogic] or Devise[https://github.com/plataformatec/devise]). See {Changing Defaults}[https://github.com/ryanb/cancan/wiki/changing-defaults] if you need different behavior.
+
+
+=== 1. Define Abilities
+
+User permissions are defined in an +Ability+ class. CanCan 1.5 includes a Rails 3 generator for creating this class.
+
+  rails g cancan:ability
+
+See {Defining Abilities}[https://github.com/ryanb/cancan/wiki/defining-abilities] for details.
+
+
+=== 2. Check Abilities & Authorization
+
+The current user's permissions can then be checked using the <tt>can?</tt> and <tt>cannot?</tt> methods in the view and controller.
+
+  <% if can? :update, @article %>
+    <%= link_to "Edit", edit_article_path(@article) %>
+  <% end %>
+
+See {Checking Abilities}[https://github.com/ryanb/cancan/wiki/checking-abilities] for more information
+
+The <tt>authorize!</tt> method in the controller will raise an exception if the user is not able to perform the given action.
+
+  def show
+    @article = Article.find(params[:id])
+    authorize! :read, @article
+  end
+
+Setting this for every action can be tedious, therefore the +load_and_authorize_resource+ method is provided to automatically authorize all actions in a RESTful style resource controller. It will use a before filter to load the resource into an instance variable and authorize it for every action.
+
+  class ArticlesController < ApplicationController
+    load_and_authorize_resource
+
+    def show
+      # @article is already loaded and authorized
+    end
+  end
+
+See {Authorizing Controller Actions}[https://github.com/ryanb/cancan/wiki/authorizing-controller-actions] for more information.
+
+
+=== 3. Handle Unauthorized Access
+
+If the user authorization fails, a <tt>CanCan::AccessDenied</tt> exception will be raised. You can catch this and modify its behavior in the +ApplicationController+.
+
+  class ApplicationController < ActionController::Base
+    rescue_from CanCan::AccessDenied do |exception|
+      redirect_to root_url, :alert => exception.message
+    end
+  end
+
+See {Exception Handling}[https://github.com/ryanb/cancan/wiki/exception-handling] for more information.
+
+
+=== 4. Lock It Down
+
+If you want to ensure authorization happens on every action in your application, add +check_authorization+ to your ApplicationController.
+
+  class ApplicationController < ActionController::Base
+    check_authorization
+  end
+
+This will raise an exception if authorization is not performed in an action. If you want to skip this add +skip_authorization_check+ to a controller subclass. See {Ensure Authorization}[https://github.com/ryanb/cancan/wiki/Ensure-Authorization] for more information.
+
+
+== Wiki Docs
+
+* {Upgrading to 1.6}[https://github.com/ryanb/cancan/wiki/Upgrading-to-1.6]
+* {Defining Abilities}[https://github.com/ryanb/cancan/wiki/Defining-Abilities]
+* {Checking Abilities}[https://github.com/ryanb/cancan/wiki/Checking-Abilities]
+* {Authorizing Controller Actions}[https://github.com/ryanb/cancan/wiki/Authorizing-Controller-Actions]
+* {Exception Handling}[https://github.com/ryanb/cancan/wiki/Exception-Handling]
+* {Changing Defaults}[https://github.com/ryanb/cancan/wiki/Changing-Defaults]
+* {See more}[https://github.com/ryanb/cancan/wiki]
+
+
+== Questions or Problems?
+
+If you have any issues with CanCan which you cannot find the solution to in the documentation[https://github.com/ryanb/cancan/wiki], please add an {issue on GitHub}[https://github.com/ryanb/cancan/issues] or fork the project and send a pull request.
+
+To get the specs running you should call +bundle+ and then +rake+. See the {spec/README}[https://github.com/ryanb/cancan/blob/master/spec/README.rdoc] for more information.
+
+
+== Special Thanks
+
+CanCan was inspired by declarative_authorization[https://github.com/stffn/declarative_authorization/] and aegis[https://github.com/makandra/aegis]. Also many thanks to the CanCan contributors[https://github.com/ryanb/cancan/contributors]. See the CHANGELOG[https://github.com/ryanb/cancan/blob/master/CHANGELOG.rdoc] for the full list.

data/Rakefile

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'rake'
+require 'rspec/core/rake_task'
+
+desc "Run RSpec"
+RSpec::Core::RakeTask.new do |t|
+  t.verbose = false
+end
+
+desc "Run specs for all adapters"
+task :spec_all do
+  %w[active_record data_mapper mongoid].each do |model_adapter|
+    puts "MODEL_ADAPTER = #{model_adapter}"
+    system "rake spec MODEL_ADAPTER=#{model_adapter}"
+  end
+end
+
+task :default => :spec