culturecode-cancan 2.0.0.alpha

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 85c3b5234f97994266c9661322b038c4066a3d00
+  data.tar.gz: ea1aa23b7e7fda659185b8625813421b575423c5
+SHA512:
+  metadata.gz: 949b18562f6cfccad03759174b6c1e1f25e123b10ea2617372e536d7c15df2795a63f43c99dff4998801f3fd719555567297b38775d9648f39ab7983c678165a
+  data.tar.gz: 4dc3323edfb17d9fcf66b62cd01bf9f179a4c6c3772e06f56062db901e620c81f9b5b76cdaa06b452ebbc8a533238b5380b67bbaa1a052cd89e0bd377cf902c8

data/CHANGELOG.rdoc

@@ -0,0 +1,381 @@
+1.6.8 (June 25, 2012)
+
+* improved support for namespaced controllers and models
+
+* pass :if and :unless options for load and authorize resource (thanks mauriciozaffari)
+
+* Travis CI badge (thanks plentz)
+
+* adding Ability#merge for combining multiple abilities (thanks rogercampos)
+
+* support for multiple MetaWhere rules (thanks andhapp)
+
+* various fixes for DataMapper, Mongoid, and Inherited Resource integration
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.7...1.6.8]
+
+
+1.6.7 (October 4, 2011)
+
+* fixing nested resource problem caused by namespace addition - issue #482
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.6...1.6.7]
+
+
+1.6.6 (September 28, 2011)
+
+* correct "return cant jump across threads" error when using check_authorization (thanks codeprimate) - issues #463, #469
+
+* fixing tests in development by specifying with_model version  (thanks kirkconnell) - issue #476
+
+* added travis.yml file for TravisCI support (thanks bai) - issue #427
+
+* better support for namespaced models (thanks whilefalse) - issues #424
+
+* adding :id_param option to load_and_authorize_resource (thanks skhisma) - issue #425
+
+* make default unauthorized message translatable text (thanks nhocki) - issue #409
+
+* improving DataMapper behavior (thanks psanford, maxsum-corin) - issue #410, #373
+
+* allow :find_by option to be full find method name - issue #335
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.5...1.6.6]
+
+
+1.6.5 (May 18, 2011)
+
+* pass action and subject through AccessDenied exception when :through isn't found - issue #366
+
+* many Mongoid adapter improvements (thanks rahearn, cardagin) - issues #363, #352, #343
+
+* allow :through option to work with private controller methods - issue #360
+
+* ensure Mongoid::Document is defined before loading Mongoid adapter - issue #359
+
+* many DataMapper adapter improvements (thanks emmanuel) - issue #355
+
+* handle checking nil attributes through associations (thanks thatothermitch) - issue #330
+
+* improve scope merging - issue #328
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.4...1.6.5]
+
+
+1.6.4 (March 29, 2011)
+
+* Fixed mongoid 'or' error - see issue #322
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.3...1.6.4]
+
+
+1.6.3 (March 25, 2011)
+
+* Make sure ActiveRecord::Relation is defined before checking conditions against it so Rails 2 is supported again - see issue #312
+
+* Return subject passed to authorize! - see issue #314
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.2...1.6.3]
+
+
+1.6.2 (March 18, 2011)
+
+* Fixed instance loading when :singleton option is used - see issue #310
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.1...1.6.2]
+
+
+1.6.1 (March 15, 2011)
+
+* Use Item.new instead of build_item for singleton resource so it doesn't effect database - see issue #304
+
+* Made accessible_by action default to :index and parent action default to :show instead of :read - see issue #302
+
+* Reverted Inherited Resources "collection" override since it doesn't seem to be working - see issue #305
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.6.0...1.6.1]
+
+
+1.6.0 (March 11, 2011)
+
+* Added MetaWhere support - see issue #194 and #261
+
+* Allow Active Record scopes in Ability conditions - see issue #257
+
+* Added :if and :unless options to check_authorization - see issue #284
+
+* Several Inherited Resources fixes (thanks aq1018, tanordheim and stefanoverna)
+
+* Pass action name to accessible_by call when loading a collection (thanks amw)
+
+* Added :prepend option to load_and_authorize_resource to load before other filters - see issue #290
+
+* Fixed spacing issue in I18n message for multi-word model names - see issue #292
+
+* Load resource collection for any action which doesn't have an "id" parameter - see issue #296
+
+* Raise an exception when trying to make a Ability condition with both a hash of conditions and a block - see issue #269
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.5.1...1.6.0]
+
+
+1.5.1 (January 20, 2011)
+
+* Fixing deeply nested conditions in Active Record adapter - see issue #246
+
+* Improving Mongoid support for multiple can and cannot definitions (thanks stellard) - see issue #239
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.5.0...1.5.1]
+
+
+1.5.0 (January 11, 2011)
+
+* Added an Ability generator - see issue #170
+
+* Added DataMapper support (thanks natemueller)
+
+* Added Mongoid support (thanks bowsersenior)
+
+* Added skip_load_and_authorize_resource methods to controller class - see issue #164
+
+* Added support for uncountable resources in index action - see issue #193
+
+* Cleaned up README and added spec/README
+
+* Internal: renamed CanDefinition to Rule
+
+* Internal: added a model adapter layer for easily supporting more ORMs
+
+* Internal: added .rvmrc to auto-switch to 1.8.7 with gemset - see issue #231
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.4.1...1.5.0]
+
+
+1.4.1 (November 12, 2010)
+
+* Renaming skip_authorization to skip_authorization_check - see issue #169
+
+* Adding :through_association option to load_resource (thanks hunterae) - see issue #171
+
+* The :shallow option now works with the :singleton option (thanks nandalopes) - see issue #187
+
+* Play nicely with quick_scopes gem (thanks ramontayag) - see issue #183
+
+* Fix odd behavior when "cache_classes = false" (thanks mphalliday) - see issue #174
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.4.0...1.4.1]
+
+
+1.4.0 (October 5, 2010)
+
+* Adding Gemfile; to get specs running just +bundle+ and +rake+ - see issue #163
+
+* Stop at 'cannot' definition when there are no conditions - see issue #161
+
+* The :through option will now call a method with that name if instance variable doesn't exist - see issue #146
+
+* Adding :shallow option to load_resource to bring back old behavior of fetching a child without a parent
+
+* Raise AccessDenied error when loading a child and parent resource isn't found
+
+* Abilities defined on a module will apply to anything that includes that module - see issue #150 and #152
+
+* Abilities can be defined with a string of SQL in addition to a block so accessible_by works with a block - see issue #150
+
+* Adding better support for InheritedResource - see issue #23
+
+* Loading the collection instance variable (for index action) using accessible_by - see issue #137
+
+* Adding action and subject variables to I18n unauthorized message - closes #142
+
+* Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135
+
+* Setting initial attributes based on ability conditions in new/create actions - see issue #114
+
+* Check parent attributes for nested association in index action - see issue #121
+
+* Supporting nesting in can? method using hash - see issue #121
+
+* Adding I18n support for Access Denied messages (thanks EppO) - see issue #103
+
+* Passing no arguments to +can+ definition will pass action, class, and object to block - see issue #129
+
+* Don't pass action to block in +can+ definition when using :+manage+ option - see issue #129
+
+* No longer calling block in +can+ definition when checking on class - see issue #116
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.4...1.4.0]
+
+
+1.3.4 (August 31, 2010)
+
+* Don't stop at +cannot+ with hash conditions when checking class (thanks tamoya) - see issue #131
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.3...1.3.4]
+
+
+1.3.3 (August 20, 2010)
+
+* Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119
+
+* Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.2...1.3.3]
+
+
+1.3.2 (August 7, 2010)
+
+* Fixing slice error when passing in custom resource name - see issue #112
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.1...1.3.2]
+
+
+1.3.1 (August 6, 2010)
+
+* Fixing protected sanitize_sql error - see issue #111
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.3.0...1.3.1]
+
+
+1.3.0 (August 6, 2010)
+
+* Adding :find_by option to load_resource - see issue #19
+
+* Adding :singleton option to load_resource - see issue #93
+
+* Supporting multiple resources in :through option for polymorphic associations - see issue #73
+
+* Supporting Single Table Inheritance for "can" comparisons - see issue #55
+
+* Adding :instance_name option to load/authorize_resource - see issue #44
+
+* Don't pass nil to "new" to keep MongoMapper happy - see issue #63
+
+* Parent resources are now authorized with :read action.
+
+* Changing :resource option in load/authorize_resource back to :class with ability to pass false
+
+* Removing :nested option in favor of :through option with separate load/authorize call
+
+* Moving internal logic from ResourceAuthorization to ControllerResource class
+
+* Supporting multiple "can" and "cannot" calls with accessible_by (thanks funny-falcon) - see issue #71
+
+* Supporting deeply nested aliases - see issue #98
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.2.0...1.3.0]
+
+
+1.2.0 (July 16, 2010)
+
+* Load nested parent resources on collection actions such as "index" (thanks dohzya)
+
+* Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65
+
+* Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66
+
+* Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62
+
+* Support has_many association or arrays in can conditions hash
+
+* Adding joins clause to accessible_by when conditions are across associations
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.1.1...1.2.0]
+
+
+1.1.1 (April 17, 2010)
+
+* Fixing behavior in Rails 3 by properly initializing ResourceAuthorization
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.1...1.1.1]
+
+
+1.1.0 (April 17, 2010)
+
+* Supporting arrays, ranges, and nested hashes in ability conditions
+
+* Removing "unauthorized!" method in favor of "authorize!" in controllers
+
+* Adding action, subject and default_message abilities to AccessDenied exception - see issue #40
+
+* Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.
+
+* Adding "accessible_by" method to Active Record for fetching records matching a specific ability
+
+* Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53
+
+* Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45
+
+* Properly handle Admin::AbilitiesController in params[:controller] - see issue #46
+
+* Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54
+
+* Support additional arguments to can? which get passed to the block - see issue #48
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.2...1.1]
+
+
+1.0.2 (Dec 30, 2009)
+
+* Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
+
+* Append aliased actions (don't overwrite them) - see issue #20
+
+* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.1...1.0.2]
+
+
+1.0.1 (Dec 14, 2009)
+
+* Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
+
+* Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/1.0.0...1.0.1]
+
+
+1.0.0 (Dec 13, 2009)
+
+* Don't set resource instance variable if it has been set already - see issue #13
+
+* Allowing :nested option to accept an array for deep nesting
+
+* Adding :nested option to load resource method - see issue #10
+
+* Pass :only and :except options to before filters for load/authorize resource methods.
+
+* Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.
+
+* BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.2.1...1.0.0]
+
+
+0.2.1 (Nov 26, 2009)
+
+* many internal refactorings - see issues #11 and #12
+
+* adding "cannot" method to define which abilities cannot be done - see issue #7
+
+* support custom objects (usually symbols) in can definition - see issue #8
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.2.0...0.2.1]
+
+
+0.2.0 (Nov 17, 2009)
+
+* fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3
+
+* support arrays being passed to "can" to specify multiple actions or classes - see issue #2
+
+* adding "cannot?" method to ability, controller, and view which is inverse of "can?" - see issue #1
+
+* BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4
+
+* {see the full list of changes}[https://github.com/ryanb/cancan/compare/0.1.0...0.2.0]
+
+
+0.1.0 (Nov 16, 2009)
+
+* initial release

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Ryan Bates
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,108 @@
+= CanCan {<img src="https://secure.travis-ci.org/ryanb/cancan.png" />}[http://travis-ci.org/ryanb/cancan]
+
+This is the branch for CanCan 2.0 which is in very early development. For a stable release please check out the {master branch}[https://github.com/ryanb/cancan]
+
+Here are some instructions for setting up CanCan 2.0. Try this out and provide feedback in the {issue tracker}[https://github.com/ryanb/cancan/issues].
+
+
+== Setup
+
+CanCan expects your controllers to have a +current_user+ method. Add some authentication for this (such as Devise[https://github.com/plataformatec/devise], Authlogic[https://github.com/binarylogic/authlogic] or {nifty:authentication}[https://github.com/ryanb/nifty-generators]). See {Changing Defaults}[https://github.com/ryanb/cancan/wiki/Changing-Defaults] to customize this behavior.
+
+To install CanCan, add it to your Gemfile and run the `bundle` command.
+
+  gem "cancan", :git => "git://github.com/ryanb/cancan.git", :branch => "2.0"
+
+Next generate an Ability class, this is where your permissions will be defined.
+
+  rails g cancan:ability
+
+Add authorization by calling {enable_authorization}[https://github.com/ryanb/cancan/wiki/enable_authorization] in your ApplicationController.
+
+  class ApplicationController < ActionController::Base
+    enable_authorization
+  end
+
+This will add an authorization check locking down every controller action. If you try visiting a page, a <tt>CanCan::Unauthorized</tt> exception will be raised since you have not granted the user ability to access it.
+
+
+== Defining Abilities
+
+You grant access to controller actions through the +Ability+ class which was generated above. The +current_user+ is passed in allowing you to define permissions based on user attributes. For example:
+
+  if user
+    can :access, :all
+  else
+    can :access, :home
+    can :create, [:users, :sessions]
+  end
+
+Here if there is a user he will be able to perform any action on any controller. If someone is not logged in he can only access the home, users, and sessions controllers.
+
+The first argument to +can+ is the action the user can perform. The second argument is the controller name they can perform that action on. You can pass <tt>:access</tt> and <tt>:all</tt> to represent any action and controller respectively.
+
+As shown above, pass an array to either of these will grant permission on each item in the array. It isn't necessary to pass the +new+ action here because CanCan includes some default aliases. See the {Aliases}[https://github.com/ryanb/cancan/wiki/Aliases] page for details.
+
+You can check permissions in any controller or view using the <tt>can?</tt> method.
+
+  <% if can? :create, :comments %>
+    <%= link_to "New Comment", new_comment_path %>
+  <% end %>
+
+Here the link will only show up the user can create comments.
+
+
+== Resource Conditions
+
+What if you need to change authorization based on a model's attributes? You can do so by passing a hash of conditions as the last argument to +can+. For example, if you want to only allow one to access projects which he owns you can set the <tt>:user_id</tt>.
+
+  can :access, :projects, :user_id => user.id
+
+A block can also be used for complex condition checks just like in CanCan 1, but here it is not necessary.
+
+If you try visiting any of the project pages at this point you will see a <tt>CanCan::InsufficientAuthorizationCheck</tt> exception is raised. This is because the default authorization has no way to check permissions on the <tt>@project</tt> instance. You can check permissions on an object manually using the <tt>authorize!</tt> method.
+
+  def edit
+    @project = Project.find(params[:id])
+    authorize! :edit, @project
+  end
+
+However this can get tedious. Instead CanCan provides a +load_and_authorize_resource+ method to load the <tt>@project</tt> instance in every controller action and authorize it.
+
+  class ProjectsController < ApplicationController
+    load_and_authorize_resource
+    def edit
+      # @project already loaded here and authorized
+    end
+  end
+
+The +index+ (and other collection actions) will load the <tt>@projects</tt> instance which automatically limits the projects the user is allowed to access. This is a scope so you can make further calls to +where+ to limit what is returned from the database.
+
+  def index
+    @projects = @projects.where(:hidden => false)
+  end
+
+You can check permissions on instances using the <tt>can?</tt> method.
+
+  <%= link_to "Edit Project", edit_project_path if can? :update, @project %>
+
+Here it will only show the edit link if the +user_id+ matches.
+
+
+== Resource Attributes
+
+In CanCan 2.0 it is possible to define permissions on specific resource attributes. For example, if you want to allow a user to only update the name and priority of a project, pass that as the third argument to +can+.
+
+  can :update, :projects, [:name, :priority]
+
+If you use this in combination with +load_and_authorize_resource+ it will ensure that only those two attributes exist in <tt>params[:project]</tt> when updating the project. If you do this everywhere it will not be necessary to use +attr_accessible+ in your models.
+
+You can combine this with a hash of conditions. For example, here the user can update all attributes except the price when the product is discontinued.
+
+  can :update, :products
+  cannot :update, :products, :price, :discontinued => true
+
+You can check permissions on specific attributes to determine what to show in the form.
+
+  <%= f.text_field :name if can? :update, @project, :name %>
+