Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

support custom objects (usually symbols) in can definition - closes #8

  • Loading branch information...
commit e60365505c56cfd4b4400d8c6a6ff463cb9f1874 1 parent 5bd1a85
@ryanb authored
View
2  CHANGELOG.rdoc
@@ -1,3 +1,5 @@
+* support custom objects (usually symbols) in can definition - see issue #8
+
0.2.0 (Nov 17, 2009)
* fix behavior of load_and_authorize_resource for namespaced controllers - see issue #3
View
8 lib/cancan/ability.rb
@@ -45,7 +45,7 @@ def can?(original_action, target) # TODO this could use some refactoring
can_actions = [can_action].flatten
can_targets = [can_target].flatten
possible_actions_for(original_action).each do |action|
- if (can_actions.include?(:manage) || can_actions.include?(action)) && (can_targets.include?(:all) || can_targets.include?(target) || can_targets.any? { |c| target.kind_of?(c) })
+ if (can_actions.include?(:manage) || can_actions.include?(action)) && (can_targets.include?(:all) || can_targets.include?(target) || can_targets.any? { |c| c.kind_of?(Class) && target.kind_of?(c) })
if can_block.nil?
return true
else
@@ -106,6 +106,12 @@ def cannot?(*args)
# action != :destroy
# end
#
+ # You can pass custom objects into this "can" method, this is usually done through a symbol
+ # and is useful if a class isn't available to define permissions on.
+ #
+ # can :read, :stats
+ # can? :read, :stats # => true
+ #
def can(action, target, &block)
@can_history ||= []
@can_history << [action, target, block]
View
7 spec/cancan/ability_spec.rb
@@ -99,4 +99,11 @@
@ability.can?(:update, []).should be_true
@ability.can?(:update, 123).should be_false
end
+
+ it "should support custom objects in the can definition" do
+ @ability.can :read, :stats
+ @ability.can?(:read, :stats).should be_true
+ @ability.can?(:update, :stats).should be_false
+ @ability.can?(:read, :nonstats).should be_false
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.