Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization #570
Conversation
|
Here's something interesting Ryan. I've returned working on an old app and until now I was treating its resource as a non-db backed resource; hence the patch above. However, now I'm doing CRUD as well. class Admin::ScheduledSessionsController < AdminController
include ApplicationHelper
load_and_authorize_resource :class => "Session"...and my abilities now look like: class AdminAbility
include CanCan::Ability
def initialize(user)
if user
can [:index, :show], "admin/dashboard"
can [:index, :show, :published, :unpublished], "admin/scheduled_sessions"
if user.super_admin?
can [:new, :create], "admin/scheduled_sessions"
can [:new, :create], :sessions
can [:edit, :update], "admin/scheduled_sessions"
can [:edit, :update], :sessions do |s|
s.applicant_signups.count == 0
end
can [:publish, :unpublish], "admin/scheduled_sessions"
can [:publish, :unpublish], :sessions
end
end
end
end |
|
@bsodmike Unfortunately, your patch does not merge cleanly against master. Could you rebase and submit again? Then ping me. |
…ked resources authorization
…ce for namespaced controller
|
Hi @jeremyf done, can you try now please? Thanks! |
|
[Verified] Clean merge on 2.0; And the specs all pass. |
|
Thanks - will this be merged into @ryanb's 2.0 branch soon? |
|
@bsodmike While I have commit rights to the repo, I'm here to help triage things. Right now I'm trying to clear out the pull requests. As far as timing, Ryan's been merged several requests yesterday that I verified. So I assume so. |
|
That's fine thanks. Yup, just noticed that @ryanb's been merging PR's in. Cheers for your efforts, really appreciated! |
|
I had been meaning to get something like this in, thank you for the pull request. Glad it is so easy as well. |
Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization
|
Awesome @ryanb, my pleasure =) |
This fixes the issue detailed in full here: #565 👏