Permalink
Commits on Feb 22, 2013
  1. Merge pull request #673 from juggler/rules_order

    Changes rules order in mongoid specs. Fixes #672
    committed Feb 22, 2013
  2. Merge pull request #754 from Serabe/new_authorization_bug

    Solves problem when authorizing new action.
    committed Feb 22, 2013
Commits on Oct 4, 2012
  1. Solves problem when authorizing new action.

    Given two models Category and Projects. A Category has_many
    projects and Project belongs_to a category. Furthermore,
    projects are shallow nested resources in a category.
    
    Let's say that a user can edit certain category's projects
    (and only one category can be edited by each user [1]), this is
    expressed with the following line in Ability model:
    
    can :new, :projects, category_id: user.category_id
    
    Given the old implementation, we get that any user can 'new'
    (though not 'create') a project in any category:
    
    ```ruby
    def assign_attributes(resource)
      resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
      initial_attributes.each do |attr_name, value|
        resource.send("#{attr_name}=", value)
      end
      resource
    end
    ```
    
    In this case, category_id in project would get overwritten
    inside the initial_attributes loop and authorization would pass.
    I consider this a buggy behaviour.
    
    [1] User belongs_to a category, and a Category has many
    users. On the other hand, there might be users without
    any category.
    
    Conflicts:
    	spec/cancan/controller_resource_spec.rb
    Serabe committed Oct 4, 2012
Commits on Sep 29, 2012
  1. Merge pull request #751 from mculp/2.0

    fixes #750 - load hooks return ActiveRecord::Model in Rails 4, use Concern
    committed Sep 29, 2012
Commits on Sep 28, 2012
Commits on Jul 5, 2012
Commits on Jul 2, 2012
  1. Merge pull request #668 from bukalapak/2.0

    Fix namespace split
    committed Jul 2, 2012
Commits on Jun 29, 2012
Commits on Jun 27, 2012
Commits on Jun 26, 2012
  1. tests passing with Rails 3.2.6

    committed Jun 26, 2012
Commits on Jun 25, 2012
  1. releasing 1.6.8

    committed Jun 25, 2012
Commits on Jun 19, 2012
  1. preparing for 1.6.8

    committed Jun 19, 2012
  2. updating changelog

    committed Jun 19, 2012
  3. removing project status section from readme since contributors are no…

    …w kind enough to keep tabs on the issue tracker
    committed Jun 19, 2012
  4. clearing leftover whitespace

    committed Jun 19, 2012
  5. Merge pull request #653 from andhapp/fix-pull-request-640

    Init attributes in InheritedResources controller w/ specs
    committed Jun 19, 2012
  6. Merge pull request #650 from andhapp/fix-pull-request-486

    Fixes Nested Resource Loading
    committed Jun 19, 2012
  7. Merge pull request #618 from spatil/master

    Check for defined ActionController::Base instead ActionController
    committed Jun 19, 2012
Commits on Jun 18, 2012
  1. Fix pull request 640. For some reason github didn't allow a clean mer…

    …ge althought there weren't any conflicts. Fix it so that it's easier to just merge via the UI.
    andhapp committed Jun 18, 2012
  2. Add specs for resource attributes.

    Remove inconsistent line breaks.
    mikepack committed with andhapp Jun 5, 2012
  3. Fixes Nested Resource Loading

    marksim committed with andhapp Oct 5, 2011
Commits on Jun 11, 2012
  1. Merge pull request #635 from ollym/2.0

    Named resources were not loading correctly in 2.0
    committed Jun 11, 2012
  2. Merge pull request #645 from andhapp/issue-644

    Allow users to specify a mix of can and cannot rule for mongoid
    committed Jun 11, 2012
Commits on Jun 10, 2012
Commits on Jun 4, 2012
Commits on May 31, 2012
  1. Classify causes plural model names to be incorrectly renamed

    Some model names will be renamed incorrectly e.g. 'business'. It should
    be the responsibility of the user to make sure they use a name that
    directly corresponds to the model name. The only filtering performed
    should be camelize.
    ollym committed May 31, 2012
Commits on May 30, 2012
Commits on May 29, 2012
  1. Merge pull request #632 from andhapp/fix-issue-327

    Fix to handle MetaWhere and non-MetaWhere conditions correctly.
    committed May 29, 2012
Commits on May 28, 2012
  1. Merge pull request #625 from rogercampos/merging

    Adding Ability#merge
    committed May 28, 2012
Commits on May 26, 2012
Commits on May 14, 2012
  1. Merge pull request #619 from derekprior/namespace-fix

    Updated: port fix for namespaced params from 2.0 back to 1.6
    committed May 14, 2012