Skip to content
This repository

Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization #570

Merged
merged 2 commits into from almost 2 years ago

3 participants

Michael de Silva Jeremy Friesen Ryan Bates
Michael de Silva

This fixes the issue detailed in full here: #565 :clap:

Michael de Silva

Here's something interesting Ryan. I've returned working on an old app and until now I was treating its resource as a non-db backed resource; hence the patch above. However, now I'm doing CRUD as well.

class Admin::ScheduledSessionsController < AdminController
  include ApplicationHelper
  load_and_authorize_resource :class => "Session"

...and my abilities now look like:

class AdminAbility
  include CanCan::Ability
  def initialize(user)
    if user
      can [:index, :show], "admin/dashboard"
      can [:index, :show, :published, :unpublished], "admin/scheduled_sessions"

      if user.super_admin?
        can [:new, :create], "admin/scheduled_sessions"
        can [:new, :create], :sessions

        can [:edit, :update], "admin/scheduled_sessions"
        can [:edit, :update], :sessions do |s|
          s.applicant_signups.count == 0 
        end

        can [:publish, :unpublish], "admin/scheduled_sessions"
        can [:publish, :unpublish], :sessions

      end

    end
  end
end
Jeremy Friesen
Collaborator
jeremyf commented May 10, 2012

@bsodmike Unfortunately, your patch does not merge cleanly against master. Could you rebase and submit again? Then ping me.

Michael de Silva

Hi @jeremyf done, can you try now please? Thanks!

Jeremy Friesen
Collaborator
jeremyf commented May 11, 2012

[Verified] Clean merge on 2.0; And the specs all pass.

Michael de Silva

Thanks - will this be merged into @ryanb's 2.0 branch soon?

Jeremy Friesen
Collaborator
jeremyf commented May 11, 2012

@bsodmike While I have commit rights to the repo, I'm here to help triage things. Right now I'm trying to clear out the pull requests. As far as timing, Ryan's been merged several requests yesterday that I verified. So I assume so.

Michael de Silva

That's fine thanks. Yup, just noticed that @ryanb's been merging PR's in. Cheers for your efforts, really appreciated!

Ryan Bates
Owner
ryanb commented May 11, 2012

I had been meaning to get something like this in, thank you for the pull request. Glad it is so easy as well.

Ryan Bates ryanb merged commit 4986de8 into from May 11, 2012
Ryan Bates ryanb closed this May 11, 2012
Michael de Silva

Awesome @ryanb, my pleasure =)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
2  lib/cancan/rule.rb
@@ -100,7 +100,7 @@ def matches_action?(action)
100 100
 
101 101
     def matches_subject?(subject)
102 102
       subject = subject_name(subject) if subject_object? subject
103  
-      @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) # || matches_subject_class?(subject)
  103
+      @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) || @expanded_subjects.include?(subject) # || matches_subject_class?(subject)
104 104
     end
105 105
 
106 106
     def matches_attribute?(attribute)
8  spec/cancan/controller_resource_spec.rb
@@ -384,6 +384,14 @@ class Project < ::Project; end
384 384
     @controller.instance_variable_get(:@project).name.should == "foobar"
385 385
   end
386 386
 
  387
+  it "should properly authorize resource for namespaced controller" do
  388
+    @ability.can(:index, "admin/dashboard")
  389
+    @params.merge!(:controller => "admin/dashboard", :action => "index")
  390
+    @controller.authorize!(:index, "admin/dashboard")
  391
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true).process
  392
+    lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
  393
+  end
  394
+
387 395
   # it "raises ImplementationRemoved when adding :name option" do
388 396
   #   lambda {
389 397
   #     CanCan::ControllerResource.new(@controller, :name => :foo)
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.