Permalink
Browse files

Merge pull request #570 from bsodmike/bsodmike-2.0

Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization
  • Loading branch information...
ryanb committed May 11, 2012
2 parents 167d383 + 0e8c7ca commit 4986de8b3e5ce5fbbb16f7218b2530866b3191bc
Showing with 9 additions and 1 deletion.
  1. +1 −1 lib/cancan/rule.rb
  2. +8 −0 spec/cancan/controller_resource_spec.rb
View
@@ -100,7 +100,7 @@ def matches_action?(action)
def matches_subject?(subject)
subject = subject_name(subject) if subject_object? subject
- @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) # || matches_subject_class?(subject)
+ @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) || @expanded_subjects.include?(subject) # || matches_subject_class?(subject)
end
def matches_attribute?(attribute)
@@ -384,6 +384,14 @@ class Project < ::Project; end
@controller.instance_variable_get(:@project).name.should == "foobar"
end
+ it "should properly authorize resource for namespaced controller" do
+ @ability.can(:index, "admin/dashboard")
+ @params.merge!(:controller => "admin/dashboard", :action => "index")
+ @controller.authorize!(:index, "admin/dashboard")
+ resource = CanCan::ControllerResource.new(@controller, :authorize => true).process
+ lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+ end
+
# it "raises ImplementationRemoved when adding :name option" do
# lambda {
# CanCan::ControllerResource.new(@controller, :name => :foo)

0 comments on commit 4986de8

Please sign in to comment.