Skip to content


Subversion checkout URL

You can clone with
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: ryanb/cancan
base: 1.3.0
head fork: ryanb/cancan
compare: 2.0
This comparison is big! We’re only showing the most recent 250 commits
Commits on Nov 16, 2010
@bowsersenior bowsersenior Update specs for MongoidAdditions to use rr mocks 5ebca1f
Commits on Nov 17, 2010
@bowsersenior bowsersenior Add comments clarifying `alias_method` in MongoidAdditions 84c590e
@bowsersenior bowsersenior Remove commented-out line from gemspec 2ee6908
Commits on Dec 21, 2010
@ryanb Merge branch 'master' of into …
@ryanb renaming CanDefinition to Rule 37c1491
@ryanb adding ability generator - closes #170 9b8e849
@ryanb allow query.conditions to be called multiple times without losing con…
@ryanb improve support for rspec scaffolding (thanks voxik) - closes #176 4339ac6
Commits on Dec 26, 2010
@bowsersenior bowsersenior Rename Mongoid collection used in spec and fix description for first …
@bowsersenior bowsersenior Fix bug with MongoidAdditions throwing a NameError when Mongoid is no…
…t defined by always checking if Mongoid is defined before referencing Mongoid-related constants

Also add spec for this bug
Commits on Dec 28, 2010
@ryanb switching gemspec version to 1.5.0.beta1 to avoid confusion 2d31cbd
Commits on Dec 29, 2010
@natemueller natemueller Add support and tests for datamapper.
This broke some of the mongoid tests and I don't know how to fix them.  Both packages
  define Symbol#in, and when you load them both things don't behave properly.  Hopefully
  someone more versed in mongoid can rewrite the spec to not depend on the Symbol extensions.
@ryanb adding .rvmrc file to switch to Ruby 1.8.7 for development 5183113
@ryanb moving model adapter specs into their own directory with MODEL_ADAPTE…
…R environment variable for choosing which one to run
@ryanb move mongoid/dm gems into Gemfile and load dynamically based on MODEL…
…_ADAPTER env variable
@ryanb adding some documentation for running specs with different model adap…
@ryanb adding model adapter files in proper location with loading behavior 4c5ba09
Commits on Dec 30, 2010
@ryanb adding initial active record adapter af9e77a
@ryanb fixing active record adapter behavior and improving specs for it cc30e83
@ryanb dynamically detect which model adapter to use given a class bbb02f7
@ryanb cleanup whitespace 8628aa0
@ryanb removing fake sanitize methods in specs because we're using Active Re…
…cord now
@ryanb switching data mapper to new adapter f5dce44
@ryanb switching mongoid over to new adapter f7a494d
@ryanb moving accessible_by out into ModelAdditions module ec616ae
@ryanb removing Mongoid::Components hack, tests are passing without it, add …
…tests if this is actually needed
@ryanb removing query.rb since it is no longer used f9f71d6
@ryanb adding spec_all task for running specs for all model adapters 70b5f9a
@ryanb adding spec_all rake task to spec readme 6ccb4dd
Commits on Jan 03, 2011
@bowsersenior bowsersenior Automatically add `accessible_by` to Mongoid Documents to match CanCa…
…n behavior for ActiveRecord and DataMapper.

Previously, CanCan::ModelAdditions had to be included in each and every Mongoid document separately. Also removed manual include of CanCan::ModelAdditions from Mongoid documents in Mongoid adapter specs.
Commits on Jan 04, 2011
@ryanb removing unused sanitization code in mongoid spec bd9480c
@ryanb moving with_model rspec configuration into Active Record model adapte…
…r spec
@ryanb allow model adapter to override condition hash matching in Rule, also…
… clean up Mongoid adapter and specs
Commits on Jan 05, 2011
@ryanb improving DataMapper adapter and specs 15ca8ad
@ryanb don't authorize uncountable instance in collection action - closes #193 bc9ecb2
Commits on Jan 06, 2011
@bowsersenior bowsersenior Use `Mongoid::Matchers#matches?` instead of a database query in `Mong…
@bowsersenior bowsersenior Add MongoidAdapter specs for unsaved instances 9a14c70
Commits on Jan 07, 2011
@ryanb use gemset in rvmrc (thanks bowsersenior) - closes #231 045a850
@ryanb Merge branch 'bowsersenior-master' 71ceb83
Commits on Jan 08, 2011
@ryanb adding skip load and authorize behavior - closes #164 5732711
@ryanb moving parts of the README into wiki pages e2910a7
@ryanb updating changelog 3885f46
@ryanb fixing github links in readme 39bffe9
Commits on Jan 09, 2011
@ryanb fixing link in readme e49190f
Commits on Jan 11, 2011
@ryanb updating readme for 1.5 120eafe
@ryanb releasing 1.5.0 04522c9
Commits on Jan 18, 2011
@ryanb changing flash[:error] to flash[:alert] in rdocs - closes #238 52b3358
@stellard stellard updated mongoid 344832d
@stellard stellard added cannot support and multiple can support 55c8a50
@ryanb readme improvements 2012311
@stellard stellard improved test assertion cff9229
Commits on Jan 19, 2011
@ryanb Merge branch 'master' of into stel…
@ryanb cleaning up mongoid adapter a little 5c4c179
Commits on Jan 20, 2011
@ryanb handle deeply nested conditions properly in active record adapter - c…
…loses #246
@ryanb releasing 1.5.1 929579f
Commits on Jan 28, 2011
@ryanb moving :alert into redirect_to call in documentation b2028c8
Commits on Feb 03, 2011
@amw amw Pass action name to accessible_by. f1ea21b
Commits on Feb 04, 2011
@spohlenz spohlenz Fix rule check on Hash-like subjects f23bbe0
Commits on Feb 14, 2011
@ryanb Merge branch 'pass_action_to_accessible_by' of…
…/cancan into amw-pass_action_to_accessible_by
@ryanb fixing tests for passing action name through to accessible_by call 3901cbe
Commits on Feb 17, 2011
@stefanoverna stefanoverna Fix for deeply nested resources when using inherited resources 8722fbc
Commits on Feb 22, 2011
@ryanb adding Lock It Down section to readme 79995e4
Commits on Mar 08, 2011
@tanordheim tanordheim Use collection instead of end_of_association_chain in the inherited_r…
…esources integration, as per suggested by aq1018
@ryanb fixing association conditions when MetaWhere is installed (thanks acm…
…etech) - closes #261
@ryanb adding initial MetaWhere support ff5aaf5
@ryanb making it easier to test all MetaWhere conditions 07088a0
@ryanb raise a NotImplemented exception if it's an unrecognized MetaWhere co…
@ryanb simplifying .rvmrc bcf2756
@ryanb Merge branch 'inherited_resources_collection_fix' of https://github.c…
…om/tanordheim/cancan into tanordheim-inherited_resources_collection_fix
@ryanb Merge branch 'master' of into …
@ryanb fixing spec for Inherited Resource parent loading 3a07d62
@ryanb adding :prepend option to load_and_authorize_resource - closes #290 951d70e
@ryanb add space in multiword model in I18n unauthorized message - closes #292 ba99997
Commits on Mar 09, 2011
@ryanb load collection resources in custom controller actions with no id par…
…am - closes #296
@ryanb adding :if and :unless options to check_authorization - closes #284 80f1ab2
@ryanb allow Active Record scope to be passed as Ability conditions - closes #… f9b181a
@ryanb raise an error when trying to make a rule with both hash conditions a…
…nd a block - closes #269
@ryanb Merge branch 'master' into meta_where a492691
@ryanb adding more MetaWhere comparison operators eb2826f
@ryanb adding any/all support for MetaWhere conditions 9bee4a8
Commits on Mar 11, 2011
@ryanb releasing 1.6.0 efa3ff1
Commits on Mar 16, 2011
@amw amw Fixes inherited_resources collection authorization
This reverts e3eab13

I don't know what was the idea of that, but it turned out REAL bad.

`collection` sets the collection instance variable. `resource_base` is used all
over CanCan. It's also used inside `load_collection?` which is checked before
`load_collection` is called. That means we actually set the collection instance
variable through inherited_resources (without any authorization whatsoever) before trying to load it through CanCan using `accessible_by`.

    1. def load_resource
    2.  unless skip?(:load)
    3.    if load_instance?
    4.      self.resource_instance ||= load_resource_instance
    5.    elsif load_collection?
    6.      self.collection_instance ||= load_collection
    7.    end
    8.  end
    9. end

`collection_instance` is set on line 5 instead of line 6.
@ryanb making accessible_by action default to :index and parent action defau…
…lt to :show so we don't check :read action directly - closes #302
@ryanb use instead of build_item for singleton resource so it doesn…
…'t mess up database - closes #304
@ryanb releasing 1.6.1 b0c1646
Commits on Mar 18, 2011
@ryanb fixing failing MetaWhere spec 3efa069
@ryanb fixing instance loading with :singleton option - closes #310 7688025
@ryanb releasing 1.6.2 5d97cfb
Commits on Mar 24, 2011
@ryanb modifying Ability to use symbol for subject instead of class, also ad…
…ding subject aliases
@ryanb getting all specs passing again 3a825ed
@ryanb adding enable_authorization method and deprecating some other control…
…ler methods
@ryanb allow strings along with symbols in Ability definition and checking a03d352
Commits on Mar 25, 2011
@ryanb adding attributes as 3rd argument to can and can? calls 85efbdb
@ryanb adding fully_authorized? method to Ability to check if conditions are…
… considered in authorize! call
@ryanb require attributes to be checked on create/update action in order to …
…be fully authorized
@ryanb refactoring fully authorized check and catching bug 242e912
@ryanb check authorization is sufficient in an after_filter when doing enabl…
@ryanb return subject passed to authorize! - closes #314 1ac8099
@ryanb make sure ActiveRecord::Relation is defined before checking condition…
…s against it so Rails 2 is supported again - closes #312
@ryanb releasing 1.6.3 fb8e9bd
@ryanb merging with master bcac159
@ryanb renaming AccessDenied exception to Unauthorized cf2896f
@ryanb passing block to enable_authorization will be executed when CanCan::U…
…nauthorized exception is raised
@ryanb removing skipping feature in ControllerResource for now 5d68cae
@ryanb mark index action as fully authorized when fetching records through a…
@ryanb don't authorize based on resource name in authorize_resource since th…
…is is already handled by enable_authorization
Commits on Mar 26, 2011
@ryanb authorize params passed in create and update action baa1dac
@ryanb fixing marking fully_authorized on an object instance e5b7621
@ryanb updating some documentation for CanCan 2.0 c6f9abb
Commits on Mar 30, 2011
@ryanb fixing mongoid 'or' error - closes #322 e96cf5b
@ryanb releasing 1.6.4 7bcfd3d
Commits on Apr 01, 2011
@flop flop Failling test for nested resources with a scope for conditions 81f00f9
@flop flop When using an existing scope, it should be merged properly to the cla…
…ss. May fix ryanb/cancan#328 :)
@thatothermitch thatothermitch Fixed bug where conditions on an optionally associated object would t…
…hrow exceptions if the associated object was not present at the rule match time.
@ryanb Merge branch 'optional-associations' of…
…/cancan into socialcast-optional-associations
Commits on Apr 15, 2011
@rahearn rahearn Adds ability to use Scope query with Mongoid
Same limitations apply as with active record
* can not be OR'd with other rules for same ability/controller
Commits on Apr 21, 2011
@ryanb allow SQL conditions to be used with a block 63865cc
Commits on Apr 25, 2011
@ryanb Merged pull request #343 from rahearn/mongoid-scope.
Adds ability to use Scope query with Mongoid
Commits on Apr 27, 2011
John Feminella Augments Mongoid adapter by handling case where attribute is an array 17c52a7
@ryanb Merged pull request #352 from cardagin/topic/mongoid-adapter-enhancem…

Augments Mongoid adapter by handling case where attribute is an array
Commits on Apr 29, 2011
@emmanuel emmanuel Use dkubb's suggestion for evaluating conditions against a Resource. 6d39b0a
@emmanuel emmanuel Fix pending spec for DataMapper adapter. d6851de
@emmanuel emmanuel Return empty set early if no can rules are present.
Thanks dkubb!
Commits on May 02, 2011
@ryanb Merge pull request #355 from emmanuel/issue/245.
DataMapper adapter improvements
Commits on May 10, 2011
@rahearn rahearn Fixes bug in mongoid_adapter with empty conditions hash
* adds mongoid query that matches every record when
rule.conditions.empty? is true
Commits on May 12, 2011
@rahearn rahearn Processes can rules only if no empty conditions rules are present
1) remove all empty conditions hashes from the rules, they are included
 in the records through `@model_class.all`
2) only process can rules if the new and old rules lists are the same
  length (meaning there were no empty conditions hashes)
3) always process cannot rules
Commits on May 16, 2011
@ryanb updating version in gemspec to alpha 5a64d94
Commits on May 17, 2011
@ryanb ensure Mongoid::Document is defined before loading Mongoid adapter - …
…closes #359
@ryanb allow :through option to work with private controller methods - closes dde88c9
@ryanb adding current_ability to helper methods - closes #361 4e4c5a9
@ryanb Merge pull request #363 from rahearn/mongoid-conditions-empty
Fixes bug in mongoid_adapter with empty conditions hash
Commits on May 18, 2011
@ryanb pass action and subject through AccessDenied exception when :through …
…isn't found - closes #366
@ryanb releasing 1.6.5 6a01427
Commits on May 19, 2011
@ryanb merging master into 2.0 e24d5d1
@ryanb changing the interface for ControllerResource load/authorize so they …
…can be intertwined
@ryanb set resource attributes in update action and authorize after set - cl…
…oses #141
Commits on May 20, 2011
@ryanb allow :find_by option to be full find method name - closes #335 c031f82
Commits on May 21, 2011
@ryanb delegating ControllerResource find to model adapter, uses 'get' for D…
…ataMapper - closes #373
Commits on Jun 13, 2011
@ryanb load member through method instead of instance variable to improve de…
…cent_exposure support
Commits on Jun 30, 2011
@nhocki nhocki Make CanCan Default Message a translatable text. Default to the one y…
…ou had.
@nhocki nhocki Adding tests for i18n translation for default messages 71f60bc
Commits on Jul 01, 2011
@nhocki nhocki Change the i18n default name to :"unauthorized.default" 1c3e617
@ryanb Merge pull request #409 from nhocki/patch-1
Make CanCan Default Message a translatable text.
@psanford psanford Load datamapper class methods via append_extensions.
This relaxes the previous requirement that cancan has to be loaded
before any models are. append_extensions will apply to all
previously loaded models as well as ones loaded after.
@ryanb Merge pull request #410 from psanford/improve_datamapper_loading
Load datamapper class methods via append_extensions.
Commits on Jul 19, 2011
@schlick schlick Compatibility fix for using cancan with rspec-instafail and rspec1 3b33b36
Commits on Jul 20, 2011
Steven Anderson Added support for engines and namespaced models. 6c497b8
Steven Anderson Added the needed camelize to recent patch for engines and namespaced …
@skhisma skhisma :id_param option to load_resource allows specification of the param n…
…ame to find members
Commits on Jul 21, 2011
beawesomeinstead The first try to make cancan pass on Travis CI 1ab4e2d
@manuelmeurer manuelmeurer Fixed typos. e561532
beawesomeinstead Run rake instead of rake test d24ef45
beawesomeinstead These lines are defaults, should be fine this way 0fc67e4
Commits on Jul 23, 2011
@ryanb Merge pull request #426 from manuelmeurer/patch-1
Fixed documentation for skip_load_resource and skip_authorize_resource.
@ryanb Merge pull request #421 from amc-projects/master
Compatibility fix for rspec-instafail and rspec1
Commits on Jul 24, 2011
@ryanb Merge pull request #427 from bai/master
Add .travis.yml for building cancan on a lovely Travis CI service
@ryanb removing 1.9.2 from .travis.yml 2be3f98
@ryanb updating Rails gem dev dependency 916f97f
Commits on Sep 21, 2011
@kirkconnell kirkconnell use version 1.x of with_model to avoid errors in class comparisons 5ab7dea
Commits on Sep 28, 2011
@ryanb fixing model comparison spec, I believe this bug is caused by recent …
…version of with_model
@ryanb include tests with cancan:ability generator - closes #350 6c1d685
@ryanb fixing ability generator 0442634
@ryanb merging 1.6 additions into 2.0 branch 86063e4
@ryanb Merge pull request #476 from kirkconnell/with_model-version-fix
Specs fail when running in a freshly installed environment.
@ryanb Merge pull request #424 from whilefalse/master
Support for namespaced models and engines
@ryanb Merge branch 'master' into 2.0 2160183
@ryanb fixing namespace controller resource spec 092b510
@ryanb Merge pull request #425 from skhisma/master
Allow custom IDs to be specified when calling load_resource
@ryanb Merge branch 'master' into 2.0 67c9361
@ryanb fixing spec for new id_param option eafd6cf
@jnv jnv Add failing example of `cannot` for attribute, corresponds to #406 aa83fee
@ryanb ignore cannot clause with attributes when not checking for with attri…
…butes - closes #406
@ryanb consider specificity when finding relevant rules so generic rules wil…
…l not override specific ones - closes #321
@ryanb include namespace in params when creating/updating resource - closes #… c94de4a
@codeprimate codeprimate Correct "return cant jump across threads" error when using check_auth…
@ryanb removing jruby/rubinius from travis.yml for now until I figure out wh…
…y they aren't passing
Commits on Sep 29, 2011
@ryanb releasing version 1.6.6 26b40f2
Commits on Oct 04, 2011
@ryanb quick fix to get nested resources working again - closes #482 67a3038
@ryanb releasing 1.6.7 with nested resource fix 9eebeb2
Commits on Oct 15, 2011
@soopa soopa fix uninitialized constant warning in CanCan::Rule#model_adapter 80ceaf8
Commits on Oct 31, 2011
@rogercampos rogercampos Adding Ability#merge 7797b37
Commits on Nov 03, 2011
@nertzy nertzy Use latest with_model gem
Now with_model clears the association class cache
between specs, which fixes a test pollution
Commits on Nov 09, 2011
@moffff moffff Fixed problem with 'with_model' gem in DataMapper tests and Mongoid t…
Commits on Dec 25, 2011
@manuelmeurer manuelmeurer Fixed typo e65f9bd
Commits on Jan 05, 2012
@icrowley icrowley Fixed bug with params for actions that build new instances with names…
…paced models
Commits on Feb 02, 2012
@mauriciozaffari mauriciozaffari Pass forward :if and :unless options to the before filter. i.e:
    load_and_authorize_resource :if => condition == true
Commits on Feb 15, 2012
@plentz plentz adding travis-ci badge 37a42e3
Commits on Feb 29, 2012
@flop flop Don't remove key-value from the subject hash we might want to use it …
Commits on Mar 22, 2012
Dmitriy Vorotilin Just add singleton to description of authorize_resource f166b59
Commits on Apr 03, 2012
@spatil spatil checked for ActionContoller::Base instead of just ActionContoller 51702e0
Commits on Apr 17, 2012
@ryanb adding project status message to readme aed37cd
Commits on Apr 22, 2012
@ryanb switching to Rspec stubbing/mocking - no more RR b37f2d0
@ryanb changing should spec wording ec36137
@ryanb removing .rvmrc, no need for a gemset with Bundler 8c72ab4
@ryanb disabling MetaWhere feature and making Acitve Record fixture that is …
…always loaded
@ryanb upgrading specs to use Rails 3.2.3 88cd11b
Commits on Apr 23, 2012
@ryanb getting data_mapper and mongoid specs passwing with latest versions 167d383
@Aryk Aryk Add check for Enumerable as condition value 65bbf0e
Commits on May 10, 2012
@ryanb Merge pull request #607 from Mixbook/master
Added support for value to be Enumerable
@ryanb Merge pull request #587 from route/patch-1
Just add singleton to description of authorize_resource
@ryanb Merge pull request #559 from plentz/patch-1
Adding travis-ci badge
@ryanb Merge pull request #564 from flop/master
False positives on multiple nested abilities definitions
@ryanb Merge pull request #556 from mauriciozaffari/master
Pass forward :if and :unless options to the before filter.
@ryanb Merge pull request #505 from nertzy/update_with_model
Use latest with_model gem
@ryanb Merge pull request #541 from icrowley/master
Fixed bug with params for actions that build new instances with namespaced models
@ryanb adding a .rbenv-version file 10cbfbb
@NickClark NickClark Clarify readme for rails 2.3 users 0bbe2e1
Commits on May 11, 2012
@bsodmike bsodmike cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed r…
…esources authorization
@bsodmike bsodmike cancan 2.0 fix for issue #565; test to properly authorize resource fo…
…r namespaced controller
@Gimi Gimi Merge pull request #616 from NickClark/rails_2_3_readme_clarification
Clarify readme for rails 2.3 users
@Gimi Gimi Merge pull request #535 from manuelmeurer/patch-2
Fixed a small typo
@ryanb Merge pull request #570 from bsodmike/bsodmike-2.0
Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization
@ryanb fixing Ruby versions running on travis.yml ccd24ab
@ryanb Merge pull request #492 from soopa/master
Fix "uninitialized constant CanCan::Rule::ModelAdapters"
@ryanb Merge pull request #509 from moffff/master
Fix 'spec/spec_helper.rb:20: uninitialized constant WithModel (NameError)'
Commits on May 14, 2012
@cgunther cgunther port fix for namespaced params from 2.0 back to 1.6 b347c7b
@ryanb Merge pull request #619 from derekprior/namespace-fix
Updated: port fix for namespaced params from 2.0 back to 1.6
Commits on May 26, 2012
@andhapp andhapp Fix to handle MetaWhere and non-MetaWhere conditions correctly. c27ead5
Commits on May 28, 2012
@ryanb Merge pull request #625 from rogercampos/merging
Adding Ability#merge
Commits on May 29, 2012
@ryanb Merge pull request #632 from andhapp/fix-issue-327
Fix to handle MetaWhere and non-MetaWhere conditions correctly.
Commits on May 30, 2012
@ollym ollym Named resources were not being loaded correctly. Fixes #633 78cbcf1
Commits on May 31, 2012
@ollym ollym Classify causes plural model names to be incorrectly renamed
Some model names will be renamed incorrectly e.g. 'business'. It should
be the responsibility of the user to make sure they use a name that
directly corresponds to the model name. The only filtering performed
should be camelize.
Commits on Jun 04, 2012
@ollym ollym Fixed bug where parent resources were being regarded as children 354e34b
Commits on Jun 10, 2012
@andhapp andhapp Fix for issue-644 to allow users to specify a mix of can and cannot r…
…ules with mongo.
Commits on Jun 11, 2012
@ryanb Merge pull request #645 from andhapp/issue-644
Allow users to specify a mix of can and cannot rule for mongoid
@ryanb Merge pull request #635 from ollym/2.0
Named resources were not loading correctly in 2.0
Commits on Jun 18, 2012
@marksim marksim Fixes Nested Resource Loading d5baed6
@mccraigmccraig mccraigmccraig initialise attributes after a resource is created by an InheritedReso…
…urces controller
@mikepack mikepack Add specs for resource attributes.
Remove inconsistent line breaks.
@mikepack mikepack Refactor out attribute assignment 88aba46
@andhapp andhapp Fix pull request 640. For some reason github didn't allow a clean mer…
…ge althought there weren't any conflicts. Fix it so that it's easier to just merge via the UI.
Commits on Jun 19, 2012
@ryanb Merge pull request #618 from spatil/master
Check for defined ActionController::Base instead ActionController
@ryanb Merge pull request #650 from andhapp/fix-pull-request-486
Fixes Nested Resource Loading
@ryanb Merge pull request #653 from andhapp/fix-pull-request-640
Init attributes in InheritedResources controller w/ specs
@ryanb load ostruct for OpenStruct used in spec 9448041
@ryanb clearing leftover whitespace 112a995
@ryanb removing project status section from readme since contributors are no…
…w kind enough to keep tabs on the issue tracker
@ryanb updating changelog 6d7bce7
@ryanb preparing for 1.6.8 5f1be25
Commits on Jun 25, 2012
@ryanb releasing 1.6.8 1e89b31
Commits on Jun 26, 2012
@ryanb tests passing with Rails 3.2.6 de000fd
Commits on Jun 27, 2012
@ryanb bringing up to date with master branch 6886aec
Commits on Jun 29, 2012
@xinuc xinuc fix namespace split, so we can use / for namespace 6c1828a
Commits on Jul 02, 2012
@ryanb Merge pull request #668 from bukalapak/2.0
Fix namespace split
Commits on Jul 05, 2012
@maxprokopiev maxprokopiev Fix mongoid example according to ability precedence. Closes #672 17043ca
Commits on Sep 28, 2012
Matt Culpepper load hooks return ActiveRecord::Model in Rails 4, use Concern 9550154
Commits on Sep 29, 2012
@ryanb Merge pull request #751 from mculp/2.0
fixes #750 - load hooks return ActiveRecord::Model in Rails 4, use Concern
Commits on Oct 04, 2012
@Serabe Serabe Solves problem when authorizing new action.
Given two models Category and Projects. A Category has_many
projects and Project belongs_to a category. Furthermore,
projects are shallow nested resources in a category.

Let's say that a user can edit certain category's projects
(and only one category can be edited by each user [1]), this is
expressed with the following line in Ability model:

can :new, :projects, category_id: user.category_id

Given the old implementation, we get that any user can 'new'
(though not 'create') a project in any category:

def assign_attributes(resource)
  resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
  initial_attributes.each do |attr_name, value|
    resource.send("#{attr_name}=", value)

In this case, category_id in project would get overwritten
inside the initial_attributes loop and authorization would pass.
I consider this a buggy behaviour.

[1] User belongs_to a category, and a Category has many
users. On the other hand, there might be users without
any category.

Commits on Feb 22, 2013
@ryanb Merge pull request #754 from Serabe/new_authorization_bug
Solves problem when authorizing new action.
@ryanb Merge pull request #673 from juggler/rules_order
Changes rules order in mongoid specs. Fixes #672