Please sign in to comment.
Fixes inherited_resources collection authorization
This reverts e3eab13 I don't know what was the idea of that, but it turned out REAL bad. `collection` sets the collection instance variable. `resource_base` is used all over CanCan. It's also used inside `load_collection?` which is checked before `load_collection` is called. That means we actually set the collection instance variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`. 1. def load_resource 2. unless skip?(:load) 3. if load_instance? 4. self.resource_instance ||= load_resource_instance 5. elsif load_collection? 6. self.collection_instance ||= load_collection 7. end 8. end 9. end `collection_instance` is set on line 5 instead of line 6.
- Loading branch information...
Showing with 3 additions and 3 deletions.