Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 22, 2013
  1. Merge pull request #673 from juggler/rules_order

    authored
    Changes rules order in mongoid specs. Fixes #672
  2. Merge pull request #754 from Serabe/new_authorization_bug

    authored
    Solves problem when authorizing new action.
Commits on Oct 4, 2012
  1. Sergio Arbeo

    Solves problem when authorizing new action.

    Serabe authored
    Given two models Category and Projects. A Category has_many
    projects and Project belongs_to a category. Furthermore,
    projects are shallow nested resources in a category.
    
    Let's say that a user can edit certain category's projects
    (and only one category can be edited by each user [1]), this is
    expressed with the following line in Ability model:
    
    can :new, :projects, category_id: user.category_id
    
    Given the old implementation, we get that any user can 'new'
    (though not 'create') a project in any category:
    
    ```ruby
    def assign_attributes(resource)
      resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
      initial_attributes.each do |attr_name, value|
        resource.send("#{attr_name}=", value)
      end
      resource
    end
    ```
    
    In this case, category_id in project would get overwritten
    inside the initial_attributes loop and authorization would pass.
    I consider this a buggy behaviour.
    
    [1] User belongs_to a category, and a Category has many
    users. On the other hand, there might be users without
    any category.
    
    Conflicts:
    	spec/cancan/controller_resource_spec.rb
Commits on Sep 29, 2012
  1. Merge pull request #751 from mculp/2.0

    authored
    fixes #750 - load hooks return ActiveRecord::Model in Rails 4, use Concern
Commits on Sep 28, 2012
Commits on Jul 5, 2012
  1. Max Prokopiev
Commits on Jul 2, 2012
  1. Merge pull request #668 from bukalapak/2.0

    authored
    Fix namespace split
Commits on Jun 29, 2012
  1. Nugroho Herucahyono
Commits on Jun 27, 2012
Commits on Jun 26, 2012
  1. tests passing with Rails 3.2.6

    authored
Commits on Jun 25, 2012
  1. releasing 1.6.8

    authored
Commits on Jun 19, 2012
  1. preparing for 1.6.8

    authored
  2. updating changelog

    authored
  3. removing project status section from readme since contributors are no…

    authored
    …w kind enough to keep tabs on the issue tracker
  4. clearing leftover whitespace

    authored
  5. Merge pull request #653 from andhapp/fix-pull-request-640

    authored
    Init attributes in InheritedResources controller w/ specs
  6. Merge pull request #650 from andhapp/fix-pull-request-486

    authored
    Fixes Nested Resource Loading
  7. Merge pull request #618 from spatil/master

    authored
    Check for defined ActionController::Base instead ActionController
Commits on Jun 18, 2012
  1. Anuj Dutta

    Fix pull request 640. For some reason github didn't allow a clean mer…

    andhapp authored
    …ge althought there weren't any conflicts. Fix it so that it's easier to just merge via the UI.
  2. Mike Pack Anuj Dutta

    Refactor out attribute assignment

    mikepack authored andhapp committed
  3. Mike Pack Anuj Dutta

    Add specs for resource attributes.

    mikepack authored andhapp committed
    Remove inconsistent line breaks.
  4. mccraigmccraig of the clan mccraig Anuj Dutta

    initialise attributes after a resource is created by an InheritedReso…

    mccraigmccraig authored andhapp committed
    …urces controller
  5. Mark Sim Anuj Dutta

    Fixes Nested Resource Loading

    marksim authored andhapp committed
Commits on Jun 11, 2012
  1. Merge pull request #635 from ollym/2.0

    authored
    Named resources were not loading correctly in 2.0
  2. Merge pull request #645 from andhapp/issue-644

    authored
    Allow users to specify a mix of can and cannot rule for mongoid
Commits on Jun 10, 2012
  1. Anuj Dutta
Commits on Jun 4, 2012
  1. Oliver Morgan
Commits on May 31, 2012
  1. Oliver Morgan

    Classify causes plural model names to be incorrectly renamed

    ollym authored
    Some model names will be renamed incorrectly e.g. 'business'. It should
    be the responsibility of the user to make sure they use a name that
    directly corresponds to the model name. The only filtering performed
    should be camelize.
Commits on May 30, 2012
  1. Oliver Morgan
Commits on May 29, 2012
  1. Merge pull request #632 from andhapp/fix-issue-327

    authored
    Fix to handle MetaWhere and non-MetaWhere conditions correctly.
Commits on May 28, 2012
  1. Merge pull request #625 from rogercampos/merging

    authored
    Adding Ability#merge
Commits on May 26, 2012
  1. Anuj Dutta
Commits on May 14, 2012
  1. Merge pull request #619 from derekprior/namespace-fix

    authored
    Updated: port fix for namespaced params from 2.0 back to 1.6
  2. Chris Gunther Derek Prior

    port fix for namespaced params from 2.0 back to 1.6

    cgunther authored derekprior committed
Something went wrong with that request. Please try again.