Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixing Segmentation fault on aliasing

  • Loading branch information...
commit 925274d29a3aa552cd39d9eca12a1ba34f768df5 1 parent 5f1be25
@fl00r fl00r authored
Showing with 10 additions and 0 deletions.
  1. +6 −0 lib/cancan/ability.rb
  2. +4 −0 spec/cancan/ability_spec.rb
View
6 lib/cancan/ability.rb
@@ -172,10 +172,16 @@ def cannot(action = nil, subject = nil, conditions = nil, &block)
# This way one can use params[:action] in the controller to determine the permission.
def alias_action(*args)
target = args.pop[:to]
+ validate_target(target)
aliased_actions[target] ||= []
aliased_actions[target] += args
end
+ # User shouldn't specify targets with names of real actions or it will cause Seg fault
+ def validate_target(target)
+ raise Error, "You can't specify target (#{target}) as alias because it is real action name" if aliased_actions.values.flatten.include? target
+ end
+
# Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
def aliased_actions
@aliased_actions ||= default_alias_actions
View
4 spec/cancan/ability_spec.rb
@@ -87,6 +87,10 @@
@ability.can?(:increment, 123).should be_true
end
+ it "should raise an Error if alias target is an exist action" do
+ lambda{ @ability.alias_action :show, :to => :show }.should raise_error(CanCan::Error, "You can't specify target (show) as alias because it is real action name")
+ end
+
it "should always call block with arguments when passing no arguments to can" do
@ability.can do |action, object_class, object|
action.should == :foo
Please sign in to comment.
Something went wrong with that request. Please try again.