Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization #570

Merged
merged 2 commits into from

3 participants

@bsodmike

This fixes the issue detailed in full here: #565 :clap:

@bsodmike

Here's something interesting Ryan. I've returned working on an old app and until now I was treating its resource as a non-db backed resource; hence the patch above. However, now I'm doing CRUD as well.

class Admin::ScheduledSessionsController < AdminController
  include ApplicationHelper
  load_and_authorize_resource :class => "Session"

...and my abilities now look like:

class AdminAbility
  include CanCan::Ability
  def initialize(user)
    if user
      can [:index, :show], "admin/dashboard"
      can [:index, :show, :published, :unpublished], "admin/scheduled_sessions"

      if user.super_admin?
        can [:new, :create], "admin/scheduled_sessions"
        can [:new, :create], :sessions

        can [:edit, :update], "admin/scheduled_sessions"
        can [:edit, :update], :sessions do |s|
          s.applicant_signups.count == 0 
        end

        can [:publish, :unpublish], "admin/scheduled_sessions"
        can [:publish, :unpublish], :sessions

      end

    end
  end
end
@jeremyf
Collaborator

@bsodmike Unfortunately, your patch does not merge cleanly against master. Could you rebase and submit again? Then ping me.

@bsodmike

Hi @jeremyf done, can you try now please? Thanks!

@jeremyf
Collaborator

[Verified] Clean merge on 2.0; And the specs all pass.

@bsodmike

Thanks - will this be merged into @ryanb's 2.0 branch soon?

@jeremyf
Collaborator

@bsodmike While I have commit rights to the repo, I'm here to help triage things. Right now I'm trying to clear out the pull requests. As far as timing, Ryan's been merged several requests yesterday that I verified. So I assume so.

@bsodmike

That's fine thanks. Yup, just noticed that @ryanb's been merging PR's in. Cheers for your efforts, really appreciated!

@ryanb
Owner

I had been meaning to get something like this in, thank you for the pull request. Glad it is so easy as well.

@ryanb ryanb merged commit 4986de8 into ryanb:2.0
@bsodmike

Awesome @ryanb, my pleasure =)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on May 11, 2012
  1. @bsodmike
  2. @bsodmike
This page is out of date. Refresh to see the latest.
Showing with 9 additions and 1 deletion.
  1. +1 −1  lib/cancan/rule.rb
  2. +8 −0 spec/cancan/controller_resource_spec.rb
View
2  lib/cancan/rule.rb
@@ -100,7 +100,7 @@ def matches_action?(action)
def matches_subject?(subject)
subject = subject_name(subject) if subject_object? subject
- @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) # || matches_subject_class?(subject)
+ @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) || @expanded_subjects.include?(subject) # || matches_subject_class?(subject)
end
def matches_attribute?(attribute)
View
8 spec/cancan/controller_resource_spec.rb
@@ -384,6 +384,14 @@ class Project < ::Project; end
@controller.instance_variable_get(:@project).name.should == "foobar"
end
+ it "should properly authorize resource for namespaced controller" do
+ @ability.can(:index, "admin/dashboard")
+ @params.merge!(:controller => "admin/dashboard", :action => "index")
+ @controller.authorize!(:index, "admin/dashboard")
+ resource = CanCan::ControllerResource.new(@controller, :authorize => true).process
+ lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+ end
+
# it "raises ImplementationRemoved when adding :name option" do
# lambda {
# CanCan::ControllerResource.new(@controller, :name => :foo)
Something went wrong with that request. Please try again.