Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
...
  • 17 commits
  • 13 files changed
  • 4 commit comments
  • 8 contributors
Commits on Jun 19, 2012
@DavidMikeSimon DavidMikeSimon Fix for issue 560 where joins could be thrown away by ActiveRecordAda…
…pter::merge_joins
cfc355c
@DavidMikeSimon DavidMikeSimon Spec to test against nested joins being thrown away ala issue 560 b162871
Commits on Jun 23, 2012
@fl00r fl00r Fixing Segmentation fault on aliasing 925274d
Commits on Jun 29, 2012
@andhapp andhapp Add code for fixing issue #664 (regression in 1.6.8). 60bc9e9
Commits on Jul 02, 2012
@brynary brynary Add Code Climate badge 8b993ee
@ryanb Merge pull request #655 from DavidMikeSimon/master
Fix for issue #560
d20d90d
@ryanb Merge pull request #660 from fl00r/master
Segmentation fault on aliasing
cad4db2
@ryanb Merge pull request #670 from andhapp/fix-issue-664
Namespaced Controllers not building new resource from params(regression 1.6.8)
2db73e6
Commits on Jul 03, 2012
@ryanb Merge pull request #676 from brynary/master
Add Code Climate badge
b4285ae
Commits on Aug 01, 2012
@calebthompson calebthompson Refold generated Ability comments at 80 characters
A lot of people still fold their code at 80 characters, so it is
nice to have generated code consider this.
857dd07
Commits on Oct 13, 2012
@nashby nashby show build status fro master branch 9a84277
@nashby nashby add contributing guide
[ci skip]
d4be93b
Commits on Oct 15, 2012
@nashby nashby Merge pull request #708 from calebthompson/patch-1
Refold generated Ability comments at 80 characters
3b50fed
Commits on Oct 24, 2012
@jonsgreen jonsgreen Issue #687: cancan inserting "AND (NULL)" at the end of sql
Ensure that empty conditions does not trigger unmergeable conditions
f5b3fcd
Commits on Oct 25, 2012
@ryanb Merge pull request #765 from jonsgreen/issue/cancan_inserting_and_nul…
…l_687

Issue #687: cancan inserting "AND (NULL)" at the end of sql
4dcd544
Commits on Dec 12, 2012
@ryanb add gem version badge (thanks Gemfury) 3f4ee12
Commits on Feb 04, 2013
@ryanb releasing 1.6.9 38d4654
View
11 CHANGELOG.rdoc
@@ -1,3 +1,14 @@
+1.6.9 (February 4, 2013)
+
+* fix inserting AND (NULL) to end of SQL queries (thanks jonsgreen) - issue #687
+
+* fix merge_joins for nested association hashes (thanks DavidMikeSimon) - issues #655, #560
+
+* raise error on recursive alias_action (thanks fl00r) - issue #660
+
+* fix namespace controllers not loading params (thanks andhapp) - issues #670, #664
+
+
1.6.8 (June 25, 2012)
* improved support for namespaced controllers and models
View
11 CONTRIBUTING.md
@@ -0,0 +1,11 @@
+### Please read before contributing
+
+1) If you have any questions about CanCan, search the [Wiki](https://github.com/ryanb/cancan/wiki) or use [Stack Overflow](http://stackoverflow.com/questions/tagged/cancan). Do not post questions here.
+
+2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [ryan@railscasts.com](mailto:ryan@railscasts.com) instead.
+
+3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. In case it was not, create your report including Rails and CanCan versions. If you are getting exceptions, please include the full backtrace.
+
+That's it! The more information you give, the more easy it becomes for us to track it down and fix it. Ideal scenario would be adding the issue to CanCan test suite or to a sample application.
+
+Thanks!
View
2 README.rdoc
@@ -1,4 +1,4 @@
-= CanCan {<img src="https://secure.travis-ci.org/ryanb/cancan.png" />}[http://travis-ci.org/ryanb/cancan]
+= CanCan {<img src="https://fury-badge.herokuapp.com/rb/cancan.png" alt="Gem Version" />}[http://badge.fury.io/rb/cancan] {<img src="https://secure.travis-ci.org/ryanb/cancan.png?branch=master" />}[http://travis-ci.org/ryanb/cancan] {<img src="https://codeclimate.com/badge.png" />}[https://codeclimate.com/github/ryanb/cancan]
Wiki[https://github.com/ryanb/cancan/wiki] | RDocs[http://rdoc.info/projects/ryanb/cancan] | Screencast[http://railscasts.com/episodes/192-authorization-with-cancan]
View
2 cancan.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = "cancan"
- s.version = "1.6.8"
+ s.version = "1.6.9"
s.author = "Ryan Bates"
s.email = "ryan@railscasts.com"
s.homepage = "http://github.com/ryanb/cancan"
View
6 lib/cancan/ability.rb
@@ -172,10 +172,16 @@ def cannot(action = nil, subject = nil, conditions = nil, &block)
# This way one can use params[:action] in the controller to determine the permission.
def alias_action(*args)
target = args.pop[:to]
+ validate_target(target)
aliased_actions[target] ||= []
aliased_actions[target] += args
end
+ # User shouldn't specify targets with names of real actions or it will cause Seg fault
+ def validate_target(target)
+ raise Error, "You can't specify target (#{target}) as alias because it is real action name" if aliased_actions.values.flatten.include? target
+ end
+
# Returns a hash of aliased actions. The key is the target and the value is an array of actions aliasing the key.
def aliased_actions
@aliased_actions ||= default_alias_actions
View
17 lib/cancan/controller_resource.rb
@@ -213,10 +213,15 @@ def name
def resource_params
if @options[:class]
- @params[@options[:class].to_s.underscore.gsub('/', '_')]
- else
- @params[namespaced_name.to_s.underscore.gsub("/", "_")]
+ params_key = extract_key(@options[:class])
+ return @params[params_key] if @params[params_key]
end
+
+ resource_params_by_namespaced_name
+ end
+
+ def resource_params_by_namespaced_name
+ @params[extract_key(namespaced_name)]
end
def namespace
@@ -244,5 +249,11 @@ def collection_actions
def new_actions
[:new, :create] + [@options[:new]].flatten
end
+
+ private
+
+ def extract_key(value)
+ value.to_s.underscore.gsub('/', '_')
+ end
end
end
View
4 lib/cancan/model_adapters/active_record_adapter.rb
@@ -145,8 +145,8 @@ def sanitize_sql(conditions)
# Takes two hashes and does a deep merge.
def merge_joins(base, add)
add.each do |name, nested|
- if base[name].is_a?(Hash) && !nested.empty?
- merge_joins(base[name], nested)
+ if base[name].is_a?(Hash)
+ merge_joins(base[name], nested) unless nested.empty?
else
base[name] = nested
end
View
3 lib/cancan/rule.rb
@@ -55,7 +55,8 @@ def conditions_empty?
end
def unmergeable?
- @conditions.respond_to?(:keys) && (! @conditions.keys.first.kind_of? Symbol)
+ @conditions.respond_to?(:keys) && @conditions.present? &&
+ (!@conditions.keys.first.kind_of? Symbol)
end
def associations_hash(conditions = @conditions)
View
18 lib/generators/cancan/ability/templates/ability.rb
@@ -11,18 +11,22 @@ def initialize(user)
# can :read, :all
# end
#
- # The first argument to `can` is the action you are giving the user permission to do.
- # If you pass :manage it will apply to every action. Other common actions here are
- # :read, :create, :update and :destroy.
+ # The first argument to `can` is the action you are giving the user
+ # permission to do.
+ # If you pass :manage it will apply to every action. Other common actions
+ # here are :read, :create, :update and :destroy.
#
- # The second argument is the resource the user can perform the action on. If you pass
- # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
+ # The second argument is the resource the user can perform the action on.
+ # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+ # class of the resource.
#
- # The third argument is an optional hash of conditions to further filter the objects.
+ # The third argument is an optional hash of conditions to further filter the
+ # objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
- # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+ # See the wiki for details:
+ # https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
end
View
4 spec/cancan/ability_spec.rb
@@ -87,6 +87,10 @@
@ability.can?(:increment, 123).should be_true
end
+ it "should raise an Error if alias target is an exist action" do
+ lambda{ @ability.alias_action :show, :to => :show }.should raise_error(CanCan::Error, "You can't specify target (show) as alias because it is real action name")
+ end
+
it "should always call block with arguments when passing no arguments to can" do
@ability.can do |action, object_class, object|
action.should == :foo
View
8 spec/cancan/controller_resource_spec.rb
@@ -75,13 +75,19 @@ class Project < ::Project; end
end
it "should build a new resource for namespaced model with hash if params[:id] is not specified" do
- project = Sub::Project.create!
@params.merge!(:action => "create", 'sub_project' => {:name => "foobar"})
resource = CanCan::ControllerResource.new(@controller, :class => ::Sub::Project)
resource.load_resource
@controller.instance_variable_get(:@project).name.should == "foobar"
end
+ it "should build a new resource for namespaced controller and namespaced model with hash if params[:id] is not specified" do
+ @params.merge!(:controller => "Admin::SubProjectsController", :action => "create", 'sub_project' => {:name => "foobar"})
+ resource = CanCan::ControllerResource.new(@controller, :class => Project)
+ resource.load_resource
+ @controller.instance_variable_get(:@sub_project).name.should == "foobar"
+ end
+
it "should build a new resource with attributes from current ability" do
@params.merge!(:action => "new")
@ability.can(:create, Project, :name => "from conditions")
View
26 spec/cancan/model_adapters/active_record_adapter_spec.rb
@@ -20,10 +20,12 @@
t.boolean "secret"
t.integer "priority"
t.integer "category_id"
+ t.integer "user_id"
end
model do
belongs_to :category
has_many :comments
+ belongs_to :user
end
end
@@ -37,6 +39,15 @@
end
end
+ with_model :user do
+ table do |t|
+
+ end
+ model do
+ has_many :articles
+ end
+ end
+
before(:each) do
Article.delete_all
Comment.delete_all
@@ -227,6 +238,21 @@
@ability.model_adapter(Article, :read).joins.should == [:project]
end
+ it "should merge nested and non-nested joins" do
+ @ability.can :read, Article, :project => { :blocked => false }
+ @ability.can :read, Article, :project => { :comments => { :spam => true } }
+ @ability.model_adapter(Article, :read).joins.should == [{:project=>[:comments]}]
+ end
+
+ it "should merge :all conditions with other conditions" do
+ user = User.create!
+ article = Article.create!(:user => user)
+ ability = Ability.new(user)
+ ability.can :manage, :all
+ ability.can :manage, Article, :user_id => user.id
+ Article.accessible_by(ability).should == [article]
+ end
+
it "should restrict articles given a MetaWhere condition" do
@ability.can :read, Article, :priority.lt => 2
article1 = Article.create!(:priority => 1)
View
5 spec/cancan/rule_spec.rb
@@ -44,4 +44,9 @@
@rule.should be_unmergeable
end
+
+ it "should be mergeable if conditions is an empty hash" do
+ @conditions = {}
+ @rule.should_not be_unmergeable
+ end
end

Showing you all comments on commits in this comparison.

@rykov
rykov commented on 3f4ee12 Dec 12, 2012

:+1:

@Irio
Irio commented on 3f4ee12 Dec 17, 2012

For what this stands for exactly?

@rykov
@korobkov

Please, bump the version with this fix included (now I've to use master from source rather than versioned gem)...

Something went wrong with that request. Please try again.