CanCanCommunity · phallguy · Aug 28, 2014 · Jan 27, 2015 · Jan 27, 2015 · coorasse
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,5 +1,12 @@
 Develop
 
+1.10.1 (January 27th, 2015)
+
+* Complete cancancan#172 - Include extra args in AccessDenied exception.
+
+1.10.0 (August 28, 2014)
+
+* Complete cancancan#115 - Specify authorization action for parent resources.
 
 1.10.1 (January 13th, 2015)
 

diff --git a/lib/cancan/ability.rb b/lib/cancan/ability.rb
@@ -216,7 +216,7 @@ def authorize!(action, subject, *args)
       end
       if cannot?(action, subject, *args)
         message ||= unauthorized_message(action, subject)
-        raise AccessDenied.new(message, action, subject)
+        raise AccessDenied.new(message, action, subject, args)
       end
       subject
     end

diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb
@@ -118,7 +118,11 @@ def adapter
     end
 
     def authorization_action
-      parent? ? :show : @params[:action].to_sym
+      parent? ? parent_authorization_action : @params[:action].to_sym
+    end
+
+    def parent_authorization_action
+      @options[:parent_action] || :show
     end
 
     def id_param

diff --git a/lib/cancan/exceptions.rb b/lib/cancan/exceptions.rb
@@ -33,13 +33,14 @@ class AuthorizationNotPerformed < Error; end
   # See ControllerAdditions#authorized! for more information on rescuing from this exception
   # and customizing the message using I18n.
   class AccessDenied < Error
-    attr_reader :action, :subject
+    attr_reader :action, :subject, :extra_args
     attr_writer :default_message
 
-    def initialize(message = nil, action = nil, subject = nil)
+    def initialize(message = nil, action = nil, subject = nil, extra_args = nil)
       @message = message
       @action = action
       @subject = subject
+      @extra_args = extra_args
       @default_message = I18n.t(:"unauthorized.default", :default => "You are not authorized to access this page.")
     end
 

diff --git a/spec/cancan/ability_spec.rb b/spec/cancan/ability_spec.rb
@@ -376,6 +376,7 @@ class Container < Hash; end
       expect(e.message).to eq("Access denied!")
       expect(e.action).to eq(:read)
       expect(e.subject).to eq(:foo)
+      expect(e.extra_args.first).to eq(1)
     else
       fail "Expected CanCan::AccessDenied exception to be raised"
     end

diff --git a/spec/cancan/controller_resource_spec.rb b/spec/cancan/controller_resource_spec.rb
@@ -231,6 +231,14 @@ class HiddenModel < ::Model; end
       expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
     end
 
+    it "authorizes with :custom_action for parent collection action" do
+      controller.instance_variable_set(:@category, :some_category)
+      allow(controller).to receive(:authorize!).with(:custom_action, :some_category) { raise CanCan::AccessDenied }
+
+      resource = CanCan::ControllerResource.new(controller, :category, :parent => true, :parent_action => :custom_action )
+      expect { resource.authorize_resource }.to raise_error(CanCan::AccessDenied)
+    end
+
     it "has the specified nested resource_class when using / for namespace" do
       module Admin
         class Dashboard; end