Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: ryanb/cancan
base: 1.6.6
...
head fork: ryanb/cancan
compare: 2.0
Commits on Mar 24, 2011
Ryan Bates modifying Ability to use symbol for subject instead of class, also ad…
…ding subject aliases
98ed392
Ryan Bates getting all specs passing again 3a825ed
Ryan Bates adding enable_authorization method and deprecating some other control…
…ler methods
7ee942c
Ryan Bates allow strings along with symbols in Ability definition and checking a03d352
Commits on Mar 25, 2011
Ryan Bates adding attributes as 3rd argument to can and can? calls 85efbdb
Ryan Bates adding fully_authorized? method to Ability to check if conditions are…
… considered in authorize! call
0f37534
Ryan Bates require attributes to be checked on create/update action in order to …
…be fully authorized
488cc2d
Ryan Bates refactoring fully authorized check and catching bug 242e912
Ryan Bates check authorization is sufficient in an after_filter when doing enabl…
…e_authorization
346ca2c
Ryan Bates merging with master bcac159
Ryan Bates renaming AccessDenied exception to Unauthorized cf2896f
Ryan Bates passing block to enable_authorization will be executed when CanCan::U…
…nauthorized exception is raised
35fbee5
Ryan Bates removing skipping feature in ControllerResource for now 5d68cae
Ryan Bates mark index action as fully authorized when fetching records through a…
…ccessible_by
27eba72
Ryan Bates don't authorize based on resource name in authorize_resource since th…
…is is already handled by enable_authorization
f41b394
Commits on Mar 26, 2011
Ryan Bates authorize params passed in create and update action baa1dac
Ryan Bates fixing marking fully_authorized on an object instance e5b7621
Ryan Bates updating some documentation for CanCan 2.0 c6f9abb
Commits on Apr 21, 2011
Ryan Bates allow SQL conditions to be used with a block 63865cc
Commits on May 16, 2011
Ryan Bates updating version in gemspec to alpha 5a64d94
Commits on May 19, 2011
Ryan Bates merging master into 2.0 e24d5d1
Ryan Bates changing the interface for ControllerResource load/authorize so they …
…can be intertwined
a29e316
Ryan Bates set resource attributes in update action and authorize after set - cl…
…oses #141
f6c2054
Commits on Jun 13, 2011
Ryan Bates load member through method instead of instance variable to improve de…
…cent_exposure support
b8ff2db
Commits on Sep 28, 2011
Ryan Bates fixing model comparison spec, I believe this bug is caused by recent …
…version of with_model
6ef2c44
Ryan Bates include tests with cancan:ability generator - closes #350 6c1d685
Ryan Bates fixing ability generator 0442634
Ryan Bates merging 1.6 additions into 2.0 branch 86063e4
Ryan Bates Merge branch 'master' into 2.0 2160183
Ryan Bates fixing namespace controller resource spec 092b510
Ryan Bates Merge branch 'master' into 2.0 67c9361
Ryan Bates fixing spec for new id_param option eafd6cf
Jan Vlnas jnv Add failing example of `cannot` for attribute, corresponds to #406 aa83fee
Ryan Bates ignore cannot clause with attributes when not checking for with attri…
…butes - closes #406
1fb2c01
Ryan Bates consider specificity when finding relevant rules so generic rules wil…
…l not override specific ones - closes #321
6de9e46
Ryan Bates include namespace in params when creating/updating resource - closes #… c94de4a
Commits on Oct 04, 2011
Ryan Bates quick fix to get nested resources working again - closes #482 67a3038
Ryan Bates releasing 1.6.7 with nested resource fix 9eebeb2
Commits on Oct 15, 2011
Adam Michela soopa fix uninitialized constant warning in CanCan::Rule#model_adapter 80ceaf8
Commits on Oct 31, 2011
Roger Campos rogercampos Adding Ability#merge 7797b37
Commits on Nov 03, 2011
Grant Hutchins nertzy Use latest with_model gem
Now with_model clears the association class cache
between specs, which fixes a test pollution
problem.
9831294
Commits on Nov 09, 2011
Moff moffff Fixed problem with 'with_model' gem in DataMapper tests and Mongoid t…
…ests.
f18f53c
Commits on Dec 25, 2011
Manuel Meurer manuelmeurer Fixed typo e65f9bd
Commits on Jan 05, 2012
Dmitry Afanasyev icrowley Fixed bug with params for actions that build new instances with names…
…paced models
baadcb9
Commits on Feb 02, 2012
Mauricio Zaffari mauriciozaffari Pass forward :if and :unless options to the before filter. i.e:
    load_and_authorize_resource :if => condition == true
83e2dce
Commits on Feb 15, 2012
Diego Plentz plentz adding travis-ci badge 37a42e3
Commits on Feb 29, 2012
Florent Piteau flop Don't remove key-value from the subject hash we might want to use it …
…again.
ba01349
Commits on Mar 22, 2012
Dmitry Vorotilin route Just add singleton to description of authorize_resource f166b59
Commits on Apr 03, 2012
Shailesh spatil checked for ActionContoller::Base instead of just ActionContoller 51702e0
Commits on Apr 17, 2012
Ryan Bates adding project status message to readme aed37cd
Commits on Apr 22, 2012
Ryan Bates switching to Rspec stubbing/mocking - no more RR b37f2d0
Ryan Bates changing should spec wording ec36137
Ryan Bates removing .rvmrc, no need for a gemset with Bundler 8c72ab4
Ryan Bates disabling MetaWhere feature and making Acitve Record fixture that is …
…always loaded
1ff1b70
Ryan Bates upgrading specs to use Rails 3.2.3 88cd11b
Commits on Apr 23, 2012
Ryan Bates getting data_mapper and mongoid specs passwing with latest versions 167d383
Aryk Grosz Aryk Add check for Enumerable as condition value 65bbf0e
Commits on May 10, 2012
Ryan Bates Merge pull request #607 from Mixbook/master
Added support for value to be Enumerable
6e8bc85
Ryan Bates Merge pull request #587 from route/patch-1
Just add singleton to description of authorize_resource
78e1a17
Ryan Bates Merge pull request #559 from plentz/patch-1
Adding travis-ci badge
d117624
Ryan Bates Merge pull request #564 from flop/master
False positives on multiple nested abilities definitions
b73bd06
Ryan Bates Merge pull request #556 from mauriciozaffari/master
Pass forward :if and :unless options to the before filter.
70515de
Ryan Bates Merge pull request #505 from nertzy/update_with_model
Use latest with_model gem
c1f7181
Ryan Bates Merge pull request #541 from icrowley/master
Fixed bug with params for actions that build new instances with namespaced models
a8a85f1
Ryan Bates adding a .rbenv-version file 10cbfbb
Nicholas Clark NickClark Clarify readme for rails 2.3 users 0bbe2e1
Commits on May 11, 2012
Michael de Silva bsodmike cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed r…
…esources authorization
48ed6f9
Michael de Silva bsodmike cancan 2.0 fix for issue #565; test to properly authorize resource fo…
…r namespaced controller
0e8c7ca
Gimi Liang Gimi Merge pull request #616 from NickClark/rails_2_3_readme_clarification
Clarify readme for rails 2.3 users
8e46cca
Gimi Liang Gimi Merge pull request #535 from manuelmeurer/patch-2
Fixed a small typo
14e1f5c
Ryan Bates Merge pull request #570 from bsodmike/bsodmike-2.0
Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization
4986de8
Ryan Bates fixing Ruby versions running on travis.yml ccd24ab
Ryan Bates Merge pull request #492 from soopa/master
Fix "uninitialized constant CanCan::Rule::ModelAdapters"
7f4f469
Ryan Bates Merge pull request #509 from moffff/master
Fix 'spec/spec_helper.rb:20: uninitialized constant WithModel (NameError)'
1cdd7b3
Commits on May 14, 2012
Chris Gunther cgunther port fix for namespaced params from 2.0 back to 1.6 b347c7b
Ryan Bates Merge pull request #619 from derekprior/namespace-fix
Updated: port fix for namespaced params from 2.0 back to 1.6
0c21831
Commits on May 26, 2012
Anuj Dutta andhapp Fix to handle MetaWhere and non-MetaWhere conditions correctly. c27ead5
Commits on May 28, 2012
Ryan Bates Merge pull request #625 from rogercampos/merging
Adding Ability#merge
b3f9ffe
Commits on May 29, 2012
Ryan Bates Merge pull request #632 from andhapp/fix-issue-327
Fix to handle MetaWhere and non-MetaWhere conditions correctly.
80a8c39
Commits on May 30, 2012
Oliver Morgan ollym Named resources were not being loaded correctly. Fixes #633 78cbcf1
Commits on May 31, 2012
Oliver Morgan ollym Classify causes plural model names to be incorrectly renamed
Some model names will be renamed incorrectly e.g. 'business'. It should
be the responsibility of the user to make sure they use a name that
directly corresponds to the model name. The only filtering performed
should be camelize.
245b83f
Commits on Jun 04, 2012
Oliver Morgan ollym Fixed bug where parent resources were being regarded as children 354e34b
Commits on Jun 10, 2012
Anuj Dutta andhapp Fix for issue-644 to allow users to specify a mix of can and cannot r…
…ules with mongo.
da663aa
Commits on Jun 11, 2012
Ryan Bates Merge pull request #645 from andhapp/issue-644
Allow users to specify a mix of can and cannot rule for mongoid
7bf683d
Ryan Bates Merge pull request #635 from ollym/2.0
Named resources were not loading correctly in 2.0
76d465a
Commits on Jun 18, 2012
Mark Sim marksim Fixes Nested Resource Loading d5baed6
mccraigmccraig of the clan mccraig mccraigmccraig initialise attributes after a resource is created by an InheritedReso…
…urces controller
c2c0b86
Mike Pack mikepack Add specs for resource attributes.
Remove inconsistent line breaks.
b965f5b
Mike Pack mikepack Refactor out attribute assignment 88aba46
Anuj Dutta andhapp Fix pull request 640. For some reason github didn't allow a clean mer…
…ge althought there weren't any conflicts. Fix it so that it's easier to just merge via the UI.
a1254ca
Commits on Jun 19, 2012
Ryan Bates Merge pull request #618 from spatil/master
Check for defined ActionController::Base instead ActionController
33e33c5
Ryan Bates Merge pull request #650 from andhapp/fix-pull-request-486
Fixes Nested Resource Loading
aff8ca6
Ryan Bates Merge pull request #653 from andhapp/fix-pull-request-640
Init attributes in InheritedResources controller w/ specs
2b89dbb
Ryan Bates load ostruct for OpenStruct used in spec 9448041
Ryan Bates clearing leftover whitespace 112a995
Ryan Bates removing project status section from readme since contributors are no…
…w kind enough to keep tabs on the issue tracker
a020016
Ryan Bates updating changelog 6d7bce7
Ryan Bates preparing for 1.6.8 5f1be25
Commits on Jun 25, 2012
Ryan Bates releasing 1.6.8 1e89b31
Commits on Jun 26, 2012
Ryan Bates tests passing with Rails 3.2.6 de000fd
Commits on Jun 27, 2012
Ryan Bates bringing up to date with master branch 6886aec
Commits on Jun 29, 2012
Nugroho Herucahyono xinuc fix namespace split, so we can use / for namespace 6c1828a
Commits on Jul 02, 2012
Ryan Bates Merge pull request #668 from bukalapak/2.0
Fix namespace split
aed9f26
Commits on Jul 05, 2012
Max Prokopiev maxprokopiev Fix mongoid example according to ability precedence. Closes #672 17043ca
Commits on Sep 28, 2012
Matt Culpepper load hooks return ActiveRecord::Model in Rails 4, use Concern 9550154
Commits on Sep 29, 2012
Ryan Bates Merge pull request #751 from mculp/2.0
fixes #750 - load hooks return ActiveRecord::Model in Rails 4, use Concern
f1cebde
Commits on Oct 04, 2012
Sergio Arbeo Serabe Solves problem when authorizing new action.
Given two models Category and Projects. A Category has_many
projects and Project belongs_to a category. Furthermore,
projects are shallow nested resources in a category.

Let's say that a user can edit certain category's projects
(and only one category can be edited by each user [1]), this is
expressed with the following line in Ability model:

can :new, :projects, category_id: user.category_id

Given the old implementation, we get that any user can 'new'
(though not 'create') a project in any category:

```ruby
def assign_attributes(resource)
  resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
  initial_attributes.each do |attr_name, value|
    resource.send("#{attr_name}=", value)
  end
  resource
end
```

In this case, category_id in project would get overwritten
inside the initial_attributes loop and authorization would pass.
I consider this a buggy behaviour.

[1] User belongs_to a category, and a Category has many
users. On the other hand, there might be users without
any category.

Conflicts:
	spec/cancan/controller_resource_spec.rb
1f7e4c8
Commits on Feb 22, 2013
Ryan Bates Merge pull request #754 from Serabe/new_authorization_bug
Solves problem when authorizing new action.
68ea78b
Ryan Bates Merge pull request #673 from juggler/rules_order
Changes rules order in mongoid specs. Fixes #672
e6bf4c8