Permalink
Browse files

allow access to classes when using hash conditions since you'll gener…

…ally want to narrow it down with a database query
  • Loading branch information...
1 parent 8903fee commit f46696348e4cb2bd8318b464de0cf1ecbe9902df @ryanb committed Apr 16, 2010
Showing with 8 additions and 5 deletions.
  1. +1 −1 CHANGELOG.rdoc
  2. +3 −2 README.rdoc
  3. +3 −1 lib/cancan/ability.rb
  4. +1 −1 spec/cancan/ability_spec.rb
View
@@ -1,6 +1,6 @@
1.1.0 (not released)
-* Removing "unauthorized!" method in favor of "authorize!"
+* Removing "unauthorized!" method in favor of "authorize!" in controllers
* Adding action, subject and default_message abilities to AccessDenied exception - see issue #40
View
@@ -2,9 +2,10 @@
RDocs[http://rdoc.info/projects/ryanb/cancan] | Wiki[http://wiki.github.com/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan] | Metrics[http://getcaliper.com/caliper/project?repo=git%3A%2F%2Fgithub.com%2Fryanb%2Fcancan.git]
-This is a simple authorization solution for Ruby on Rails to restrict what a given user is allowed to access in the application. This is completely decoupled from any role based implementation allowing you to define user roles the way you want. All permissions are stored in a single location and not duplicated across the controller, view, and database.
+This is a simple authorization solution for Ruby on Rails to restrict what a given user is allowed to access. This is completely decoupled from any role based implementation allowing you to define user roles the way you want. All permissions are stored in a single location and not duplicated across the controller, view, and database.
+
+This assumes you already have authentication (such as Authlogic[http://github.com/binarylogic/authlogic] or Devise[http://github.com/plataformatec/devise]). Either of these will define a +current_user+ model in the controller which CanCan requires.
-This assumes you already have authentication (such as Authlogic[http://github.com/binarylogic/authlogic] or Devise[http://github.com/plataformatec/devise]) which provides a +current_user+ model.
== Installation
View
@@ -241,7 +241,9 @@ def can_perform_action?(action, subject, defined_actions, defined_subjects, defi
block_args += extra_args
defined_block.call(*block_args)
elsif defined_conditions
- if subject.class != Class
+ if subject.class == Class
+ true
+ else
defined_conditions.all? do |name, value|
subject.send(name) == value
end
@@ -145,7 +145,7 @@
@ability.can :read, Array, :first => 1, :last => 3
@ability.can?(:read, [1, 2, 3]).should be_true
@ability.can?(:read, [1, 2, 3, 4]).should be_false
- @ability.can?(:read, Array).should be_false
+ @ability.can?(:read, Array).should be_true
end
it "should return conditions for a given ability" do

0 comments on commit f466963

Please sign in to comment.