Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 22, 2013
  1. Merge pull request #673 from juggler/rules_order

    Changes rules order in mongoid specs. Fixes #672
  2. Merge pull request #754 from Serabe/new_authorization_bug

    Solves problem when authorizing new action.
Commits on Oct 4, 2012
  1. @Serabe

    Solves problem when authorizing new action.

    Serabe committed
    Given two models Category and Projects. A Category has_many
    projects and Project belongs_to a category. Furthermore,
    projects are shallow nested resources in a category.
    Let's say that a user can edit certain category's projects
    (and only one category can be edited by each user [1]), this is
    expressed with the following line in Ability model:
    can :new, :projects, category_id: user.category_id
    Given the old implementation, we get that any user can 'new'
    (though not 'create') a project in any category:
    def assign_attributes(resource)
      resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
      initial_attributes.each do |attr_name, value|
        resource.send("#{attr_name}=", value)
    In this case, category_id in project would get overwritten
    inside the initial_attributes loop and authorization would pass.
    I consider this a buggy behaviour.
    [1] User belongs_to a category, and a Category has many
    users. On the other hand, there might be users without
    any category.
Commits on Sep 29, 2012
  1. Merge pull request #751 from mculp/2.0

    fixes #750 - load hooks return ActiveRecord::Model in Rails 4, use Concern
Commits on Sep 28, 2012
Commits on Jul 5, 2012
  1. @maxprokopiev
Commits on Jul 2, 2012
  1. Merge pull request #668 from bukalapak/2.0

    Fix namespace split
Commits on Jun 29, 2012
  1. @xinuc
Commits on Jun 27, 2012
Commits on Jun 26, 2012
  1. tests passing with Rails 3.2.6

Commits on Jun 25, 2012
  1. releasing 1.6.8

Commits on Jun 19, 2012
  1. preparing for 1.6.8

  2. updating changelog

  3. removing project status section from readme since contributors are no…

    …w kind enough to keep tabs on the issue tracker
  4. clearing leftover whitespace

  5. Merge pull request #653 from andhapp/fix-pull-request-640

    Init attributes in InheritedResources controller w/ specs
  6. Merge pull request #650 from andhapp/fix-pull-request-486

    Fixes Nested Resource Loading
  7. Merge pull request #618 from spatil/master

    Check for defined ActionController::Base instead ActionController
Commits on Jun 18, 2012
  1. @andhapp

    Fix pull request 640. For some reason github didn't allow a clean mer…

    andhapp committed
    …ge althought there weren't any conflicts. Fix it so that it's easier to just merge via the UI.
  2. @mikepack @andhapp
  3. @mikepack @andhapp

    Add specs for resource attributes.

    mikepack committed with andhapp
    Remove inconsistent line breaks.
  4. @mccraigmccraig @andhapp
  5. @marksim @andhapp

    Fixes Nested Resource Loading

    marksim committed with andhapp
Commits on Jun 11, 2012
  1. Merge pull request #635 from ollym/2.0

    Named resources were not loading correctly in 2.0
  2. Merge pull request #645 from andhapp/issue-644

    Allow users to specify a mix of can and cannot rule for mongoid
Commits on Jun 10, 2012
  1. @andhapp
Commits on Jun 4, 2012
  1. @ollym
Commits on May 31, 2012
  1. @ollym

    Classify causes plural model names to be incorrectly renamed

    ollym committed
    Some model names will be renamed incorrectly e.g. 'business'. It should
    be the responsibility of the user to make sure they use a name that
    directly corresponds to the model name. The only filtering performed
    should be camelize.
Commits on May 30, 2012
  1. @ollym
Commits on May 29, 2012
  1. Merge pull request #632 from andhapp/fix-issue-327

    Fix to handle MetaWhere and non-MetaWhere conditions correctly.
Commits on May 28, 2012
  1. Merge pull request #625 from rogercampos/merging

    Adding Ability#merge
Commits on May 26, 2012
  1. @andhapp
Commits on May 14, 2012
  1. Merge pull request #619 from derekprior/namespace-fix

    Updated: port fix for namespaced params from 2.0 back to 1.6
  2. @cgunther @derekprior
Something went wrong with that request. Please try again.