Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Issue #687: cancan inserting "AND (NULL)" at the end of sql

Ensure that empty conditions does not trigger unmergeable conditions
  • Loading branch information...
commit f5b3fcd8db6e9ed01b627c6103752f0bb71f8cb6 1 parent 3b50fed
@jonsgreen jonsgreen authored
View
3  lib/cancan/rule.rb
@@ -55,7 +55,8 @@ def conditions_empty?
end
def unmergeable?
- @conditions.respond_to?(:keys) && (! @conditions.keys.first.kind_of? Symbol)
+ @conditions.respond_to?(:keys) && @conditions.present? &&
+ (!@conditions.keys.first.kind_of? Symbol)
end
def associations_hash(conditions = @conditions)
View
20 spec/cancan/model_adapters/active_record_adapter_spec.rb
@@ -20,10 +20,12 @@
t.boolean "secret"
t.integer "priority"
t.integer "category_id"
+ t.integer "user_id"
end
model do
belongs_to :category
has_many :comments
+ belongs_to :user
end
end
@@ -37,6 +39,15 @@
end
end
+ with_model :user do
+ table do |t|
+
+ end
+ model do
+ has_many :articles
+ end
+ end
+
before(:each) do
Article.delete_all
Comment.delete_all
@@ -233,6 +244,15 @@
@ability.model_adapter(Article, :read).joins.should == [{:project=>[:comments]}]
end
+ it "should merge :all conditions with other conditions" do
+ user = User.create!
+ article = Article.create!(:user => user)
+ ability = Ability.new(user)
+ ability.can :manage, :all
+ ability.can :manage, Article, :user_id => user.id
+ Article.accessible_by(ability).should == [article]
+ end
+
it "should restrict articles given a MetaWhere condition" do
@ability.can :read, Article, :priority.lt => 2
article1 = Article.create!(:priority => 1)
View
5 spec/cancan/rule_spec.rb
@@ -44,4 +44,9 @@
@rule.should be_unmergeable
end
+
+ it "should be mergeable if conditions is an empty hash" do
+ @conditions = {}
+ @rule.should_not be_unmergeable
+ end
end

1 comment on commit f5b3fcd

@korobkov

Please, bump the version with this fix included (now I've to use master from source rather than versioned gem)...

Please sign in to comment.
Something went wrong with that request. Please try again.