Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

274 lines (126 sloc) 9.451 kB

1.6.4 (March 29, 2011)

  • Fixed mongoid 'or' error - see issue #322

1.6.3 (March 25, 2011)

  • Make sure ActiveRecord::Relation is defined before checking conditions against it so Rails 2 is supported again - see issue #312

  • Return subject passed to authorize! - see issue #314

1.6.2 (March 18, 2011)

  • Fixed instance loading when :singleton option is used - see issue #310

1.6.1 (March 15, 2011)

  • Use Item.new instead of build_item for singleton resource so it doesn't effect database - see issue #304

  • Made accessible_by action default to :index and parent action default to :show instead of :read - see issue #302

  • Reverted Inherited Resources “collection” override since it doesn't seem to be working - see issue #305

1.6.0 (March 11, 2011)

  • Added MetaWhere support - see issue #194 and #261

  • Allow Active Record scopes in Ability conditions - see issue #257

  • Added :if and :unless options to check_authorization - see issue #284

  • Several Inherited Resources fixes (thanks aq1018, tanordheim and stefanoverna)

  • Pass action name to accessible_by call when loading a collection (thanks amw)

  • Added :prepend option to load_and_authorize_resource to load before other filters - see issue #290

  • Fixed spacing issue in I18n message for multi-word model names - see issue #292

  • Load resource collection for any action which doesn't have an “id” parameter - see issue #296

  • Raise an exception when trying to make a Ability condition with both a hash of conditions and a block - see issue #269

1.5.1 (January 20, 2011)

  • Fixing deeply nested conditions in Active Record adapter - see issue #246

  • Improving Mongoid support for multiple can and cannot definitions (thanks stellard) - see issue #239

1.5.0 (January 11, 2011)

  • Added an Ability generator - see issue #170

  • Added DataMapper support (thanks natemueller)

  • Added Mongoid support (thanks bowsersenior)

  • Added skip_load_and_authorize_resource methods to controller class - see issue #164

  • Added support for uncountable resources in index action - see issue #193

  • Cleaned up README and added spec/README

  • Internal: renamed CanDefinition to Rule

  • Internal: added a model adapter layer for easily supporting more ORMs

  • Internal: added .rvmrc to auto-switch to 1.8.7 with gemset - see issue #231

1.4.1 (November 12, 2010)

  • Renaming skip_authorization to skip_authorization_check - see issue #169

  • Adding :through_association option to load_resource (thanks hunterae) - see issue #171

  • The :shallow option now works with the :singleton option (thanks nandalopes) - see issue #187

  • Play nicely with quick_scopes gem (thanks ramontayag) - see issue #183

  • Fix odd behavior when “cache_classes = false” (thanks mphalliday) - see issue #174

1.4.0 (October 5, 2010)

  • Adding Gemfile; to get specs running just bundle and rake - see issue #163

  • Stop at 'cannot' definition when there are no conditions - see issue #161

  • The :through option will now call a method with that name if instance variable doesn't exist - see issue #146

  • Adding :shallow option to load_resource to bring back old behavior of fetching a child without a parent

  • Raise AccessDenied error when loading a child and parent resource isn't found

  • Abilities defined on a module will apply to anything that includes that module - see issue #150 and #152

  • Abilities can be defined with a string of SQL in addition to a block so accessible_by works with a block - see issue #150

  • Adding better support for InheritedResource - see issue #23

  • Loading the collection instance variable (for index action) using accessible_by - see issue #137

  • Adding action and subject variables to I18n unauthorized message - closes #142

  • Adding check_authorization and skip_authorization controller class methods to ensure authorization is performed (thanks justinko) - see issue #135

  • Setting initial attributes based on ability conditions in new/create actions - see issue #114

  • Check parent attributes for nested association in index action - see issue #121

  • Supporting nesting in can? method using hash - see issue #121

  • Adding I18n support for Access Denied messages (thanks EppO) - see issue #103

  • Passing no arguments to can definition will pass action, class, and object to block - see issue #129

  • Don't pass action to block in can definition when using :manage option - see issue #129

  • No longer calling block in can definition when checking on class - see issue #116

1.3.4 (August 31, 2010)

  • Don't stop at cannot with hash conditions when checking class (thanks tamoya) - see issue #131

1.3.3 (August 20, 2010)

  • Switching to Rspec namespace to remove deprecation warning in Rspec 2 - see issue #119

  • Pluralize nested associations for conditions in accessible_by (thanks mlooney) - see issue #123

1.3.2 (August 7, 2010)

  • Fixing slice error when passing in custom resource name - see issue #112

1.3.1 (August 6, 2010)

  • Fixing protected sanitize_sql error - see issue #111

1.3.0 (August 6, 2010)

  • Adding :find_by option to load_resource - see issue #19

  • Adding :singleton option to load_resource - see issue #93

  • Supporting multiple resources in :through option for polymorphic associations - see issue #73

  • Supporting Single Table Inheritance for “can” comparisons - see issue #55

  • Adding :instance_name option to load/authorize_resource - see issue #44

  • Don't pass nil to “new” to keep MongoMapper happy - see issue #63

  • Parent resources are now authorized with :read action.

  • Changing :resource option in load/authorize_resource back to :class with ability to pass false

  • Removing :nested option in favor of :through option with separate load/authorize call

  • Moving internal logic from ResourceAuthorization to ControllerResource class

  • Supporting multiple “can” and “cannot” calls with accessible_by (thanks funny-falcon) - see issue #71

  • Supporting deeply nested aliases - see issue #98

1.2.0 (July 16, 2010)

  • Load nested parent resources on collection actions such as “index” (thanks dohzya)

  • Adding :name option to load_and_authorize_resource if it does not match controller - see issue #65

  • Fixing issue when using accessible_by with nil can conditions (thanks jrallison) - see issue #66

  • Pluralize table name for belongs_to associations in can conditions hash (thanks logandk) - see issue #62

  • Support has_many association or arrays in can conditions hash

  • Adding joins clause to accessible_by when conditions are across associations

1.1.1 (April 17, 2010)

  • Fixing behavior in Rails 3 by properly initializing ResourceAuthorization

1.1.0 (April 17, 2010)

  • Supporting arrays, ranges, and nested hashes in ability conditions

  • Removing “unauthorized!” method in favor of “authorize!” in controllers

  • Adding action, subject and default_message abilities to AccessDenied exception - see issue #40

  • Adding caching to current_ability controller method, if you're overriding this be sure to add caching too.

  • Adding “accessible_by” method to Active Record for fetching records matching a specific ability

  • Adding conditions behavior to Ability#can and fetch with Ability#conditions - see issue #53

  • Renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - see issue #45

  • Properly handle Admin::AbilitiesController in params[:controller] - see issue #46

  • Adding be_able_to RSpec matcher (thanks dchelimsky), requires Ruby 1.8.7 or higher - see issue #54

  • Support additional arguments to can? which get passed to the block - see issue #48

1.0.2 (Dec 30, 2009)

  • Adding clear_aliased_actions to Ability which removes previously defined actions including defaults - see issue #20

  • Append aliased actions (don't overwrite them) - see issue #20

  • Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18

1.0.1 (Dec 14, 2009)

  • Adding :class option to load_resource so one can customize which class to use for the model - see issue #17

  • Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - see issue #14

1.0.0 (Dec 13, 2009)

  • Don't set resource instance variable if it has been set already - see issue #13

  • Allowing :nested option to accept an array for deep nesting

  • Adding :nested option to load resource method - see issue #10

  • Pass :only and :except options to before filters for load/authorize resource methods.

  • Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed.

  • BACKWARDS INCOMPATIBLE: turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments.

0.2.1 (Nov 26, 2009)

  • many internal refactorings - see issues #11 and #12

  • adding “cannot” method to define which abilities cannot be done - see issue #7

  • support custom objects (usually symbols) in can definition - see issue #8

0.2.0 (Nov 17, 2009)

  • fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3

  • support arrays being passed to “can” to specify multiple actions or classes - see issue #2

  • adding “cannot?” method to ability, controller, and view which is inverse of “can?” - see issue #1

  • BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - see issue #4

0.1.0 (Nov 16, 2009)

  • initial release

Jump to Line
Something went wrong with that request. Please try again.