Fixing auth on relations.

concerto · Jul 7, 2012 · 676acd0 · 676acd0
1 parent 7d0e6ac
commit 676acd0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -55,7 +55,7 @@ def auth!(options = {})
     end
     object = (options[:object] || instance_variable_get("@#{var_name}"))
 
-    if allow_empty && (object.is_a? Enumerable)
+    if allow_empty && ((object.is_a? Enumerable) || (object.is_a? ActiveRecord::Relation))
       object.delete_if {|o| cannot?(test_action, o)}
     else
       if cannot?(test_action, object)