From 5bebac2488906f3739717108efadedaa091ccaf5 Mon Sep 17 00:00:00 2001 From: "M.Shibuya" Date: Sun, 14 Jul 2019 17:58:58 +0900 Subject: [PATCH] Drop support for CanCanCan legacy `can :dashboard` style dashboard ability This reverts commit da0584aaa87737427a5d6b9aba332d30c3b4ed45. --- .../cancancan/authorization_adapter.rb | 27 +++++-------------- .../authorization/cancancan_spec.rb | 23 ---------------- 2 files changed, 6 insertions(+), 44 deletions(-) diff --git a/lib/rails_admin/extensions/cancancan/authorization_adapter.rb b/lib/rails_admin/extensions/cancancan/authorization_adapter.rb index a2f11d7a86..6d239f0caf 100644 --- a/lib/rails_admin/extensions/cancancan/authorization_adapter.rb +++ b/lib/rails_admin/extensions/cancancan/authorization_adapter.rb @@ -26,12 +26,8 @@ def initialize(controller, ability = ::Ability) # instance if it is available. def authorize(action, abstract_model = nil, model_object = nil) return unless action - subject = model_object || abstract_model && abstract_model.model - if authorized_for_dashboard_in_legacy_way?(action) - subject - else - @controller.current_ability.authorize!(*resolve_with_compatibility(action, subject)) - end + action, subject = resolve_action_and_subject(action, abstract_model, model_object) + @controller.current_ability.authorize!(action, subject) end # This method is called primarily from the view to determine whether the given user @@ -40,9 +36,8 @@ def authorize(action, abstract_model = nil, model_object = nil) # return a boolean whereas +authorize+ will raise an exception when not authorized. def authorized?(action, abstract_model = nil, model_object = nil) return unless action - subject = model_object || abstract_model && abstract_model.model - authorized_for_dashboard_in_legacy_way?(action, true) || - @controller.current_ability.can?(*resolve_with_compatibility(action, subject)) + action, subject = resolve_action_and_subject(action, abstract_model, model_object) + @controller.current_ability.can?(action, subject) end # This is called when needing to scope a database query. It is called within the list @@ -61,18 +56,8 @@ def attributes_for(action, abstract_model) private - def authorized_for_dashboard_in_legacy_way?(action, silent = false) - return false unless action == :dashboard - legacy_ability = @controller.current_ability.permissions[:can][:dashboard] - if legacy_ability && (legacy_ability.empty? || legacy_ability.all?(&:empty?)) - ActiveSupport::Deprecation.warn('RailsAdmin CanCanCan Ability with `can :dashboard` is old and support will be removed in the next major release, use `can :read, :dashboard` instead. See https://github.com/sferik/rails_admin/issues/2901') unless silent - true - else - false - end - end - - def resolve_with_compatibility(action, subject) + def resolve_action_and_subject(action, abstract_model, model_object) + subject = model_object || abstract_model && abstract_model.model if subject [action, subject] else diff --git a/spec/integration/authorization/cancancan_spec.rb b/spec/integration/authorization/cancancan_spec.rb index 762e695768..afe415e0d2 100644 --- a/spec/integration/authorization/cancancan_spec.rb +++ b/spec/integration/authorization/cancancan_spec.rb @@ -340,27 +340,4 @@ def initialize(user) end end end - - describe 'with existing dashboard ability which uses no subject' do - class LegacyDashboardAbility - include CanCan::Ability - def initialize(_) - can :access, :rails_admin - can :dashboard - end - end - - before do - RailsAdmin.config { |c| c.authorize_with :cancancan, LegacyDashboardAbility } - @user = FactoryBot.create :user - login_as @user - end - - it 'shows dashboard with instruction on how to migrate to new ability notation' do - allow(ActiveSupport::Deprecation).to receive(:warn) - expect(ActiveSupport::Deprecation).to receive(:warn).with(/can :read, :dashboard/) - visit dashboard_path - is_expected.to have_content('Dashboard') - end - end if CanCan::VERSION < '3' end