Browse files

making accessible_by action default to :index and parent action defau…

…lt to :show so we don't check :read action directly - closes #302
  • Loading branch information...
1 parent 3639ca9 commit fdd5ad022dc0862bdae93e4a42cb317ee1911be1 @ryanb committed Mar 15, 2011
Showing with 6 additions and 6 deletions.
  1. +1 −1 lib/cancan/controller_resource.rb
  2. +2 −2 lib/cancan/model_additions.rb
  3. +3 −3 spec/cancan/controller_resource_spec.rb
View
2 lib/cancan/controller_resource.rb
@@ -105,7 +105,7 @@ def find_resource
end
def authorization_action
- parent? ? :read : @params[:action].to_sym
+ parent? ? :show : @params[:action].to_sym
end
def id_param
View
4 lib/cancan/model_additions.rb
@@ -4,7 +4,7 @@ module CanCan
module ModelAdditions
module ClassMethods
# Returns a scope which fetches only the records that the passed ability
- # can perform a given action on. The action defaults to :read. This
+ # can perform a given action on. The action defaults to :index. This
# is usually called from a controller and passed the +current_ability+.
#
# @articles = Article.accessible_by(current_ability)
@@ -19,7 +19,7 @@ module ClassMethods
# @articles = Article.accessible_by(current_ability, :update)
#
# Here only the articles which the user can update are returned.
- def accessible_by(ability, action = :read)
+ def accessible_by(ability, action = :index)
ability.model_adapter(self, action).database_records
end
end
View
6 spec/cancan/controller_resource_spec.rb
@@ -104,7 +104,7 @@
it "should authorize parent resource in collection action" do
@params[:action] = "index"
@controller.instance_variable_set(:@category, :some_category)
- stub(@controller).authorize!(:read, :some_category) { raise CanCan::AccessDenied }
+ stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied }
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
end
@@ -293,10 +293,10 @@
@controller.instance_variable_get(:@project).name.should == "foobar"
end
- it "should only authorize :read action on parent resource" do
+ it "should only authorize :show action on parent resource" do
project = Project.create!
@params.merge!(:action => "new", :project_id => project.id)
- stub(@controller).authorize!(:read, project) { raise CanCan::AccessDenied }
+ stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
end

0 comments on commit fdd5ad0

Please sign in to comment.