Skip to content

Cancan 2.0 fix for issue #565; fixes namespaced non-db/model backed resources authorization #570

Merged
merged 2 commits into from May 11, 2012
View
2 lib/cancan/rule.rb
@@ -100,7 +100,7 @@ def matches_action?(action)
def matches_subject?(subject)
subject = subject_name(subject) if subject_object? subject
- @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) # || matches_subject_class?(subject)
+ @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) || @expanded_subjects.include?(subject) # || matches_subject_class?(subject)
end
def matches_attribute?(attribute)
View
8 spec/cancan/controller_resource_spec.rb
@@ -384,6 +384,14 @@ class Project < ::Project; end
@controller.instance_variable_get(:@project).name.should == "foobar"
end
+ it "should properly authorize resource for namespaced controller" do
+ @ability.can(:index, "admin/dashboard")
+ @params.merge!(:controller => "admin/dashboard", :action => "index")
+ @controller.authorize!(:index, "admin/dashboard")
+ resource = CanCan::ControllerResource.new(@controller, :authorize => true).process
+ lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+ end
+
# it "raises ImplementationRemoved when adding :name option" do
# lambda {
# CanCan::ControllerResource.new(@controller, :name => :foo)
Something went wrong with that request. Please try again.