Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
Commits on Aug 07, 2010
@ryanb fixing error on protected sanitize_sql - closes #111 f8631dc
@ryanb releasing version 1.3.1 with sanitize_sql fix cd74267
@ryanb properly pass along resource name without slice error - closes #112 333ddf1
@ryanb releasing version 1.3.2 which fixes slice error when passing custom r…
…esource name
Commits on Aug 17, 2010
@mlooney mlooney fix for bug 123 3d7742e
Commits on Aug 18, 2010
@ryanb fixing broken spec and minor improvements to tableized_conditions method e893e12
@ryanb use RSpec namespace for matcher - closes #119 caed4fc
Commits on Aug 20, 2010
@ryanb releasing version 1.3.3 a10a38c
Commits on Aug 30, 2010
@ryanb be more clear about blocks not working with accessible_by - closes #130 4fe44af
@ryanb don't stop at cannot definition when checking class - closes #131 5a353c1
Commits on Aug 31, 2010
@ryanb releasing version 1.3.4 04b523e
Commits on Sep 02, 2010
@ryanb skip block when only class is passed to ability check, also don't pas…
…s class to block for :all - closes #116
@ryanb don't pass action into can block with :manage option - closes #129 b1fb179
@ryanb support no arguments to 'can' definition which always calls block 66314a8
Commits on Sep 03, 2010
@ryanb use I18n for unauthorization messages - closes #103 a5f838a
@ryanb make it clear in readme that alias_action is an instance method - clo…
…ses #139
@ryanb passing a hash to can? will check permissions on association, this is…
… done automatically in authorize_resource - closes #121
@ryanb don't fail if association conditions aren't specified for nested asso…
…ciation check
@ryanb the new and create actions will now build the resource with attribute…
…s based on ability conditions hash - closes #114
@ryanb cleaning up some internal specs and names 721939b
@ryanb have params hash override initial attributes when building a new reso…
@ryanb adding check_authorization and skip_authorization controller class me…
…thods to ensure authorization is triggered (thanks justinko) - closes #135
@ryanb filling in some inline documentation for 1.4 bf9b8ad
Commits on Sep 07, 2010
@ryanb adding action and subject variables to I18n unauthorized message - cl…
…oses #142
@ryanb load the collection instance variable on index action - closes #137 9d91545
Commits on Sep 08, 2010
@ryanb fix pluralize error on index action when passing resource name - closes
#143 again
Commits on Sep 09, 2010
@ryanb adding support for loading through Inherited Resources - closes #23 4eee637
Commits on Sep 16, 2010
@jbarreneche jbarreneche Controllers which use 'inherit_resources' instead of Inheritance may …
…have inherited_resource's methods protected
@jbarreneche jbarreneche Use cancan_resource_class for before filters instead of hardcoded Con…
…trollerResource class
@funny-falcon funny-falcon resolve issue 149 f236b1b
@funny-falcon funny-falcon allow to check ability by common module e2c341b
@funny-falcon funny-falcon fix error a0f73fe
@funny-falcon funny-falcon add specs for module definitions ff9a917
@funny-falcon funny-falcon add specs to sql conditions by not Hash 7e0e722
@ryanb fetch cancan_resource_class through controller class from ControllerR…
Commits on Sep 20, 2010
@funny-falcon funny-falcon consistency addition for ability check on Module ebef3cc
Commits on Sep 21, 2010
@ryanb raise AccessDenied error when loading child while parent is nil, pass…
… :shallow => true to bypass
@ryanb support loading resource :through method along with instance variable…
… - closes #146
@ryanb adding to changelog 3391c5a
Commits on Sep 23, 2010
@ryanb use 'send' to access controller current_ability in case it's private 1f81b8d
Commits on Oct 04, 2010
@funny-falcon funny-falcon should not allow to can? when raw sql without block is present 12037d7
@ryanb don't stop at cannot definitions when there are no conditions - closes 8f49f28
Commits on Oct 05, 2010
@ryanb adding Gemfile, to get specs running just bundle and rake - closes #163 18b45d5
@ryanb adding a couple things to the changelog b0cec52
@ryanb looks like Bundler automatically requires cancan for the specs fa766e7
@ryanb updating readme and documentation 6c3e87e
@ryanb releasing version 1.4.0 67cd83d
Commits on Oct 08, 2010
@ryanb using supermodel in specs to remove some of the model stubs f901c36
Commits on Oct 13, 2010
@bowsersenior bowsersenior Add support for Mongoid documents along with basic specs. be74df0
@bowsersenior bowsersenior Add support for Mongoid::Criteria Symbol extensions ( => 10) a…
…long with specs.
Commits on Oct 14, 2010
@bowsersenior bowsersenior Fix accessible_by for Mongoid documents when no ability is defined.
The previous spec that checked for this was not right, since there were no documents in the collection, so every query would return an empty result.
Commits on Oct 15, 2010
@bowsersenior bowsersenior Fix bug with CanDefinition#tableized_conditions being used with Mongo…
…id documents and add more specs for accesible_by with Mongoid.
@bowsersenior bowsersenior Fix bug with Mongoid document where :manage :all caused accessible_by…
… to return nothing and add specs to test for :manage :all.
Commits on Nov 12, 2010
@mphalliday mphalliday This fixes an odd error I was seeing in development mode when cache_c…
…lasses = false (the default), specifically when loading an object throught the parent in load_and_authorize_resource.

Assume Photo model and User model where user has many photos:

@photo = # this returns a photo
@photo1 = Photo.find(1)

@photo.kind_of?(Photo) is not always true for some reason when class_cacheing is false.  Where as @photo1.kind_of?(Photo) always appears to be true.  Of interesting note, in the above example @photo != @photo1 if kind_of? is false.  Very odd.
Again, this only appears to be when loading and object through an association.
@ramontayag ramontayag checks if active record responds to 'joins', so this can work with in…
…ternuity's quick_scopes gem; added .swp files to git ignore
@nandalopes nandalopes Fix NoMethodError
Raises NoMethodError when using ":singleton => true, :shallow => true" and parent_resource is nil
@ryanb fixing specs due to joins method check in active record additions ebf77ed
@ryanb adding :through_association option to load_resource (thanks hunterae)…
… - closes #171
@ryanb renaming skip_authorization to skip_authorization_check - closes #169 787511a
@ryanb releasing version 1.4.1 872e4cf
Commits on Nov 16, 2010
@tylergannon tylergannon can? should only go to db if there are mongoid criteria in the condit…

Easier to just do a simple comparison on the object in memory
than to search the database.  Also this allows method calls
and other attributes that might not be found in the database.
@bowsersenior bowsersenior Update specs for MongoidAdditions to use rr mocks 5ebca1f
Commits on Nov 17, 2010
@bowsersenior bowsersenior Add comments clarifying `alias_method` in MongoidAdditions 84c590e
@bowsersenior bowsersenior Remove commented-out line from gemspec 2ee6908
Commits on Dec 21, 2010
@ryanb Merge branch 'master' of into …
@ryanb renaming CanDefinition to Rule 37c1491
@ryanb adding ability generator - closes #170 9b8e849
@ryanb allow query.conditions to be called multiple times without losing con…
@ryanb improve support for rspec scaffolding (thanks voxik) - closes #176 4339ac6
Commits on Dec 26, 2010
@bowsersenior bowsersenior Rename Mongoid collection used in spec and fix description for first …
@bowsersenior bowsersenior Fix bug with MongoidAdditions throwing a NameError when Mongoid is no…
…t defined by always checking if Mongoid is defined before referencing Mongoid-related constants

Also add spec for this bug
Commits on Dec 28, 2010
@ryanb switching gemspec version to 1.5.0.beta1 to avoid confusion 2d31cbd
Commits on Dec 29, 2010
@natemueller natemueller Add support and tests for datamapper.
This broke some of the mongoid tests and I don't know how to fix them.  Both packages
  define Symbol#in, and when you load them both things don't behave properly.  Hopefully
  someone more versed in mongoid can rewrite the spec to not depend on the Symbol extensions.
@ryanb adding .rvmrc file to switch to Ruby 1.8.7 for development 5183113
@ryanb moving model adapter specs into their own directory with MODEL_ADAPTE…
…R environment variable for choosing which one to run
@ryanb move mongoid/dm gems into Gemfile and load dynamically based on MODEL…
…_ADAPTER env variable
@ryanb adding some documentation for running specs with different model adap…
@ryanb adding model adapter files in proper location with loading behavior 4c5ba09
Commits on Dec 30, 2010
@ryanb adding initial active record adapter af9e77a
@ryanb fixing active record adapter behavior and improving specs for it cc30e83
@ryanb dynamically detect which model adapter to use given a class bbb02f7
@ryanb cleanup whitespace 8628aa0
@ryanb removing fake sanitize methods in specs because we're using Active Re…
…cord now
@ryanb switching data mapper to new adapter f5dce44
@ryanb switching mongoid over to new adapter f7a494d
@ryanb moving accessible_by out into ModelAdditions module ec616ae
@ryanb removing Mongoid::Components hack, tests are passing without it, add …
…tests if this is actually needed
@ryanb removing query.rb since it is no longer used f9f71d6
@ryanb adding spec_all task for running specs for all model adapters 70b5f9a
@ryanb adding spec_all rake task to spec readme 6ccb4dd
Commits on Jan 03, 2011
@bowsersenior bowsersenior Automatically add `accessible_by` to Mongoid Documents to match CanCa…
…n behavior for ActiveRecord and DataMapper.

Previously, CanCan::ModelAdditions had to be included in each and every Mongoid document separately. Also removed manual include of CanCan::ModelAdditions from Mongoid documents in Mongoid adapter specs.
Commits on Jan 04, 2011
@ryanb removing unused sanitization code in mongoid spec bd9480c
@ryanb moving with_model rspec configuration into Active Record model adapte…
…r spec
@ryanb allow model adapter to override condition hash matching in Rule, also…
… clean up Mongoid adapter and specs
Commits on Jan 05, 2011
@ryanb improving DataMapper adapter and specs 15ca8ad
@ryanb don't authorize uncountable instance in collection action - closes #193 bc9ecb2
Commits on Jan 06, 2011
@bowsersenior bowsersenior Use `Mongoid::Matchers#matches?` instead of a database query in `Mong…
@bowsersenior bowsersenior Add MongoidAdapter specs for unsaved instances 9a14c70
Commits on Jan 07, 2011
@ryanb use gemset in rvmrc (thanks bowsersenior) - closes #231 045a850
@ryanb Merge branch 'bowsersenior-master' 71ceb83
Commits on Jan 08, 2011
@ryanb adding skip load and authorize behavior - closes #164 5732711
@ryanb moving parts of the README into wiki pages e2910a7
@ryanb updating changelog 3885f46
@ryanb fixing github links in readme 39bffe9
Commits on Jan 09, 2011
@ryanb fixing link in readme e49190f
Commits on Jan 11, 2011
@ryanb updating readme for 1.5 120eafe
@ryanb releasing 1.5.0 04522c9
Commits on Jan 18, 2011
@ryanb changing flash[:error] to flash[:alert] in rdocs - closes #238 52b3358
@stellard stellard updated mongoid 344832d
@stellard stellard added cannot support and multiple can support 55c8a50
@ryanb readme improvements 2012311
@stellard stellard improved test assertion cff9229
Commits on Jan 19, 2011
@ryanb Merge branch 'master' of into stel…
@ryanb cleaning up mongoid adapter a little 5c4c179
Commits on Jan 20, 2011
@ryanb handle deeply nested conditions properly in active record adapter - c…
…loses #246
@ryanb releasing 1.5.1 929579f
Commits on Jan 28, 2011
@ryanb moving :alert into redirect_to call in documentation b2028c8
Commits on Feb 03, 2011
@amw amw Pass action name to accessible_by. f1ea21b
Commits on Feb 04, 2011
@spohlenz spohlenz Fix rule check on Hash-like subjects f23bbe0
Commits on Feb 14, 2011
@ryanb Merge branch 'pass_action_to_accessible_by' of…
…/cancan into amw-pass_action_to_accessible_by
@ryanb fixing tests for passing action name through to accessible_by call 3901cbe
Commits on Feb 17, 2011
@stefanoverna stefanoverna Fix for deeply nested resources when using inherited resources 8722fbc
Commits on Feb 22, 2011
@ryanb adding Lock It Down section to readme 79995e4
Commits on Mar 08, 2011
@tanordheim tanordheim Use collection instead of end_of_association_chain in the inherited_r…
…esources integration, as per suggested by aq1018
@ryanb fixing association conditions when MetaWhere is installed (thanks acm…
…etech) - closes #261
@ryanb adding initial MetaWhere support ff5aaf5
@ryanb making it easier to test all MetaWhere conditions 07088a0
@ryanb raise a NotImplemented exception if it's an unrecognized MetaWhere co…
@ryanb simplifying .rvmrc bcf2756
@ryanb Merge branch 'inherited_resources_collection_fix' of https://github.c…
…om/tanordheim/cancan into tanordheim-inherited_resources_collection_fix
@ryanb Merge branch 'master' of into …
@ryanb fixing spec for Inherited Resource parent loading 3a07d62
@ryanb adding :prepend option to load_and_authorize_resource - closes #290 951d70e
@ryanb add space in multiword model in I18n unauthorized message - closes #292 ba99997
Commits on Mar 09, 2011
@ryanb load collection resources in custom controller actions with no id par…
…am - closes #296
@ryanb adding :if and :unless options to check_authorization - closes #284 80f1ab2
@ryanb allow Active Record scope to be passed as Ability conditions - closes #… f9b181a
@ryanb raise an error when trying to make a rule with both hash conditions a…
…nd a block - closes #269
@ryanb Merge branch 'master' into meta_where a492691
@ryanb adding more MetaWhere comparison operators eb2826f
@ryanb adding any/all support for MetaWhere conditions 9bee4a8
Commits on Mar 11, 2011
@ryanb releasing 1.6.0 efa3ff1
Commits on Mar 16, 2011
@amw amw Fixes inherited_resources collection authorization
This reverts e3eab13

I don't know what was the idea of that, but it turned out REAL bad.

`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.

    1. def load_resource
    2.  unless skip?(:load)
    3.    if load_instance?
    4.      self.resource_instance ||= load_resource_instance
    5.    elsif load_collection?
    6.      self.collection_instance ||= load_collection
    7.    end
    8.  end
    9. end

`collection_instance` is set on line 5 instead of line 6.
@ryanb making accessible_by action default to :index and parent action defau…
…lt to :show so we don't check :read action directly - closes #302
@ryanb use instead of build_item for singleton resource so it doesn…
…'t mess up database - closes #304
@ryanb releasing 1.6.1 b0c1646
Commits on Mar 18, 2011
@ryanb fixing failing MetaWhere spec 3efa069
@ryanb fixing instance loading with :singleton option - closes #310 7688025
@ryanb releasing 1.6.2 5d97cfb
Commits on Mar 25, 2011
@ryanb return subject passed to authorize! - closes #314 1ac8099
@ryanb make sure ActiveRecord::Relation is defined before checking condition…
…s against it so Rails 2 is supported again - closes #312
@ryanb releasing 1.6.3 fb8e9bd
Commits on Mar 30, 2011
@ryanb fixing mongoid 'or' error - closes #322 e96cf5b
@ryanb releasing 1.6.4 7bcfd3d