1.3.0 (August 6, 2010)

associations - see issue #73

Supporting Single Table Inheritance for “can” comparisons - see issue #55
Adding :instance_name option to load/authorize_resource - see issue #44
Don’t pass nil to “new” to keep MongoMapper happy - see issue #63
Parent resources are now authorized with :read action.
Changing :resource option in load/authorize_resource back to :class with ability to pass false
Removing :nested option in favor of :through option with separate load/authorize call
Moving internal logic from ResourceAuthorization to ControllerResource class
Supporting multiple “can” and “cannot” calls with accessible_by (thanks funny-falcon) - see issue #71
Supporting deeply nested aliases - see issue #98

1.2.0 (July 16, 2010)

Load nested parent resources on collection actions such as “index” (thanks dohzya)
Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65
Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66
Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62
Support has_many association or arrays in can conditions hash
Adding joins clause to accessible_by when conditions are across associations

1.1.1 (April 17, 2010)

1.1.0 (April 17, 2010)

Supporting arrays, ranges, and nested hashes in ability conditions
Removing “unauthorized!” method in favor of “authorize!” in controllers
Adding action, subject and default_message abilities to AccessDenied exception - see issue #40
Adding caching to current_ability controller method, if you’re overriding this be sure to add caching too.
Adding “accessible_by” method to Active Record for fetching records matching a specific ability
Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53
Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45
Properly handle Admin::AbilitiesController in params - see issue #46
Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54
Support additional arguments to can? which get passed to the block - see issue #48

1.0.2 (Dec 30, 2009)

Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20
Append aliased actions (don’t overwrite them) - see issue #20
Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18

1.0.1 (Dec 14, 2009)

Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
Don’t fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14

1.0.0 (Dec 13, 2009)

Don’t set resource instance variable if it has been set already - see issue #13
Allowing :nested option to accept an array for deep nesting
Adding :nested option to load resource method - see issue #10
Pass :only and :except options to before filters for load/authorize resource methods.
Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.
BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.

0.2.1 (Nov 26, 2009)

0.2.0 (Nov 17, 2009)

fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3
support arrays being passed to “can” to specify multiple actions or classes - see issue #2
adding “cannot?” method to ability, controller, and view which is inverse of “can?” - see issue #1
BACKWARDS INCOMPATIBLE: use Ability#initialize instead of ‘prepare’ to set up abilities - see issue #4

0.1.0 (Nov 16, 2009)

Provide feedback

Saved searches