Skip to content
Browse files

Support for Rails 3.1 role based mass assignment

  • Loading branch information...
1 parent 4f1893f commit 7b55ea04c2b978cd85df9c88406a15ad7797402e @rvanlieshout rvanlieshout committed with andhapp Jun 19, 2012
View
4 Gemfile
@@ -6,6 +6,10 @@ when nil, "active_record"
gem "activerecord", '~> 3.0.9', :require => "active_record"
gem "with_model", "~> 0.2.5"
gem "meta_where"
+when "active_record_31"
+ gem "sqlite3"
+ gem "activerecord", '~> 3.1.6', :require => "active_record"
+ gem "with_model", "~> 0.2.5"
when "data_mapper"
gem "dm-core", "~> 1.0.2"
gem "dm-sqlite-adapter", "~> 1.0.2"
View
2 cancan.gemspec
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
s.require_path = "lib"
s.add_development_dependency 'rspec', '~> 2.6.0'
- s.add_development_dependency 'rails', '~> 3.0.9'
+ s.add_development_dependency 'rails', '> 3.0.9'
s.add_development_dependency 'rr', '~> 0.10.11' # 1.0.0 has respond_to? issues: http://github.com/btakita/rr/issues/issue/43
s.add_development_dependency 'supermodel', '~> 0.1.4'
View
2 lib/cancan/controller_additions.rb
@@ -113,7 +113,7 @@ def load_and_authorize_resource(*args)
# Passing +true+ will use prepend_before_filter instead of a normal before_filter.
#
# [:+assignment+]
- # Passing to ActiveRecord for support Mass-Assignment Role
+ # Passing to ActiveRecord for support Mass-Assignment Role
#
def load_resource(*args)
cancan_resource_class.add_before_filter(self, :load_resource, *args)
View
9 lib/cancan/controller_resource.rb
@@ -82,8 +82,13 @@ def load_collection
end
def build_resource
- resource = resource_base.new(@params[name] || {}, :as => @options[:assignment])
- assign_attributes(resource)
+ # use Rails 3.1's assign_attribute when resource_params[:assignment] is present
+ if @options && @options[:assignment].present? && (resource = resource_base.new).respond_to?(:assign_attributes)
+ resource.assign_attributes(resource_params || {}, :as => @options[:assignment])
+ else
+ resource = resource_base.new(resource_params || {})
+ end
+ #assign_attributes(resource)
end
def assign_attributes(resource)
View
47 spec/cancan/controller_resource_spec.rb
@@ -465,4 +465,51 @@ class Section
lambda { resource.load_and_authorize_resource }.should_not raise_error
@controller.instance_variable_get(:@project).should be_nil
end
+
+ if ENV["MODEL_ADAPTER"] == "active_record_31"
+ context "using an ActiveRecord model with :as" do
+ ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:") unless ActiveRecord::Base.connected?
+
+ with_model :project do
+ table do |t|
+ t.string "name"
+ t.boolean "secret", :default => false
+ end
+ model do
+ attr_accessible :name
+ attr_accessible :name, :secret, :as => :admin
+ end
+ end
+
+ it "should be able to mass assign name" do
+ @params.merge!(:action => "create", :project => { :name => "foobar" })
+ resource = CanCan::ControllerResource.new(@controller)
+ resource.load_resource
+
+ project = @controller.instance_variable_get(:@project)
+ project.name.should eql("foobar")
+ project.secret.should be_false
+ end
+
+ it "should not be able to mass assign secret" do
+ @params.merge!(:action => "create", :project => { :name => "foobar", :secret => "1" })
+ resource = CanCan::ControllerResource.new(@controller)
+ resource.load_resource
+
+ project = @controller.instance_variable_get(:@project)
+ project.name.should eql("foobar")
+ project.secret.should be_false
+ end
+
+ it "should be able to mass assign secret when using assignment" do
+ @params.merge!(:action => "create", :project => { :name => "foobar", :secret => "1" })
+ resource = CanCan::ControllerResource.new(@controller, :assignment => :admin)
+ resource.load_resource
+
+ project = @controller.instance_variable_get(:@project)
+ project.name.should eql("foobar")
+ project.secret.should be_true
+ end
+ end
+ end
end
View
2 spec/cancan/model_adapters/active_record_adapter_spec.rb
@@ -1,7 +1,7 @@
if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
require "spec_helper"
- ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+ ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:") unless ActiveRecord::Base.connected?
describe CanCan::ModelAdapters::ActiveRecordAdapter do
with_model :category do
View
2 spec/spec_helper.rb
@@ -17,7 +17,7 @@
Project.delete_all
Category.delete_all
end
- config.extend WithModel if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
+ config.extend WithModel if ENV["MODEL_ADAPTER"].nil? || /active_record/ =~ ENV["MODEL_ADAPTER"]
end
class Ability

0 comments on commit 7b55ea0

Please sign in to comment.
Something went wrong with that request. Please try again.