Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

fix logic error for single `cannot` condition - it should return no r…

…ecords
  • Loading branch information...
commit 5fd793090abc147867ecbdb2d916eff7e56d732b 1 parent ac19422
Yura Sokolov authored
Showing with 23 additions and 10 deletions.
  1. +1 −2  lib/cancan/ability.rb
  2. +22 −8 spec/cancan/ability_spec.rb
View
3  lib/cancan/ability.rb
@@ -234,12 +234,11 @@ def sql_conditions(action, subject, options = {})
true_cond = subject.send(:sanitize_sql, ['?=?', true, true])
false_cond = subject.send(:sanitize_sql, ['?=?', true, false])
- conds.reverse.inject(nil) do |sql, action|
+ conds.reverse.inject(false_cond) do |sql, action|
behavior, condition = action
if condition && condition != {}
condition = subject.send(:sanitize_sql, condition)
case sql
- when nil then behavior ? condition : "not (#{condition})"
when true_cond
behavior ? true_cond : "not (#{condition})"
when false_cond
View
30 spec/cancan/ability_spec.rb
@@ -239,20 +239,34 @@
@ability.sql_conditions(:read, SqlSanitizer).should == { :blocked => false, :user_id => 1 }
end
- it "should return `not (sql)` for single `cannot` definition" do
- @ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
-
- @ability.sql_conditions(:read, SqlSanitizer).should == 'not (blocked=true AND user_id=1)'
- end
-
- it "should return `sql` for single `can` definition in front of default cannot condition" do
+ it "should return `sql` for single `can` definition in front of default `cannot` condition" do
@ability.cannot :read, SqlSanitizer
@ability.can :read, SqlSanitizer, :blocked => false, :user_id => 1
@ability.sql_conditions(:read, SqlSanitizer).should == 'blocked=false AND user_id=1'
end
- it "should return `not (sql)` for single `cannot` definition in front of default can condition" do
+ it "should return `true condition` for single `can` definition in front of default `can` condition" do
+ @ability.can :read, SqlSanitizer
+ @ability.can :read, SqlSanitizer, :blocked => false, :user_id => 1
+
+ @ability.sql_conditions(:read, SqlSanitizer).should == 'true=true'
+ end
+
+ it "should return `false condition` for single `cannot` definition" do
+ @ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
+
+ @ability.sql_conditions(:read, SqlSanitizer).should == 'true=false'
+ end
+
+ it "should return `false condition` for single `cannot` definition in front of default `cannot` condition" do
+ @ability.cannot :read, SqlSanitizer
+ @ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
+
+ @ability.sql_conditions(:read, SqlSanitizer).should == 'true=false'
+ end
+
+ it "should return `not (sql)` for single `cannot` definition in front of default `can` condition" do
@ability.can :read, SqlSanitizer
@ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
Please sign in to comment.
Something went wrong with that request. Please try again.