Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 186 lines (96 sloc) 6.514 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185
** RELEASE 0.5.6 (Sep 23, 2012)

* Fix handling of stray object associations [jhawthorn]

* Improve test infrastructure [jhawthorn]

* Allow decl_auth to be used without ActiveRecord [bterkuile]

* Rule reloading in development based on changes [urkle/sb]

** RELEASE 0.5.5 (Jan 10, 2012)

* Update of handling of association proxies for Rails 3.2

** RELEASE 0.5.4 (Nov 30, 2011)

* Cumulative loading of authorization rules [Damian Curso/sb]

* Improved used_privileges rake task [urkle]

* Performance improvements [John Hawthorn]

** RELEASE 0.5.3 (May 25, 2011)

* Bugfixes and documentation cleanup

* Rails 3.1.rc1 compatibility [sb]

* Added has_any_role?, has_any_role_with_hierarchy? [t.pickett66]

* Allow changing the default role [dbloete]

** RELEASE 0.5.2 (Dec 31, 2010) **

* Bugfixes and documentation updates

** RELEASE 0.5.1 (Sep 12, 2010) **

** RELEASE 0.5 (July 21, 2010) **

* Ruby 1.9.2 compatibility [sb]

* Comparisons in authorization roles: lt, lte, gt, gte [aepstein,hollownest]

* DSL optimization: allow array being passed to to

* Omnipotent roles [timcharper]

* Meaningful error in case of missing authorization rules file [timcharper]

* Rails 3 support [sb]

* Support shallow nested resources [jjb]

* Allow multiple authorization rules files [kaichen]

** RELEASE 0.4 (November 15, 2009) **

* Implemented controller namespace handling [sb]

* Improved if_attribute to allow nesting of has_many associations [sb]

* Improved if_permitted_to: allow has_many associations and improved context inference [sb]

* Added option on handling non-existant auto-loaded object [sb]

* Added with_user as module method [sb]

* Change support i18n [sb]

** RELEASE 0.3.2.3 (October 12, 2009) **

* Switched to gemcutter [sb]

* Fixed has_role? for guest user. Closes #8 [sb]

* Fixed unnecessary DB query with named scopes [sb, ledermann]

* Change support: suggestions: grouping, sorting by affected users [sb]

* Fixed context inference from AR objects for STI by switching to #class.name.tableize [sb]

* Allow multiple contexts as arguments to has_permission_on [Jeroen van Dijk]

** RELEASE 0.3.2.2 (August 27, 2009) **

* Fix without_access_control test cases [sb]

* Fixed error on debug logging (Closes #6) [sb]

* Fixed without_access_control instance method in TestHelper [sb]

** RELEASE 0.3.2.1 (August 14, 2009) **

* Fix gemspec for Rdoc generation [sb]

** RELEASE 0.3.2 (August 13, 2009) **

* Fix for model-level permitted_to?/! [sb]

** RELEASE 0.3.1 (August 12, 2009) **

* Change Support: Suggestion grouping, sort by affected users [sb]

* Changed context derived from objects to #class.name.tableize to fix STI [sb]

* Simplified controller authorization with filter_resource_access [sb]

* Allow passing explicit context in addition to object in permitted_to? [Olly Lylo, sb]

* Change Supporter: suggest changes to authorization rules [sb]

* Added permitted_to!/? in model [Eike Carls]

* New test helper: should_(not_)_be_allowed_to(privilege, object_or_context) [sb]

** RELEASE 0.3 (April 20, 2009) **

* New option :join_by for has_permission_on to allow AND'ing of statements in one has_permission_on block [sb]

* Allow using_access_control to be called directly on ActiveRecord::Base, globally enabling model security [sb]

* New operator: intersects_with, comparing two Enumerables in if_attribute [sb]

* Improved if_permitted_to syntax: if the attribute is left out, permissions are checked on for the current object [sb]

* Added #has_role_with_hierarchy? method to retrieve explicit and calculated roles [jeremyf]

* Added a simple rules analyzer to help improve authorization rules [sb]

* Gemified plugin. Needed to restructure the lib path contents [sb]

* Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]

* Added authorization usage helper for checking filter_access_to usage in controllers [sb]

* Added a authorization rules browser. See README for more information [sb]

* Added Model.using_access_control? to check if a model has model security activated [sb]

* Changed Authorization::ObligationScope#map_table_alias_for [Brian Langenfeld]
  * Fixed to prevent bad aliases from being produced.

* Changed Authorization::Attribute#validate? [Brian Langenfeld]
  * Encountering a nil value when evaluating an attribute now raises a NilAttributeValueError, instead of an AuthorizationError. We leave it to the caller to decide what to do about it.

* Changed Authorization::Engine#permit! [Brian Langenfeld]
  * We now convert incoming privileges to symbols (e.g. 'read' is made equivalent to :read). This ensures the privileges will match those defined in the authorization rules file.
  * The method now properly infers context when checking against an association (e.g. user.posts). We do this by leveraging ActiveRecord builder method 'new' to instantiate a proper object we can work with.
  * When testing rules for positive results (via Authorization::Attribute#validate?), we now rescue NilAttributeValueError exceptions, simply causing the rule to return a negative result (instead of barfing).

* Changed Authorization::ObligationScope#rebuild_join_options! [Brian Langenfeld]
  * If we're dealing with multiple obligations we have to check (i.e. ones that result in OR'd conditions), we now use :include instead of :joins for our generated scope. This does seem like a kludge, but until ActiveRecord scopes support unions (for checking obligations individually and consolidating the results), we don't have much choice. Something to revisit later, for sure.

** RELEASE 0.2 (February 2, 2009) **

* added negative operators: is_not, not_in, does_not_contain [sb]

* changed user.roles to user.role_symbols to reduce interferance with associations [sb]

* Ruby 1.9 and Rails 2.3 compatibility [sb]

* if_permitted_to for has_permission_on blocks for DRYer auth rules [sb]

* ObligationScope rewrite of query rewriting [Brian Langenfeld]

* changed exception hierarchy to begin at StandardError [sb]

* :is_in operator [sb]

* added has_role? helper [sb]

* made plugin thread-safe [sb]

* added maintenance and test helpers [sb]

* changed default permission denied response to 403 Forbidden [sb]

* descriptions for titles and roles [sb]

* fixed for PostgreSQL [Mark Mansour]

* improved DSL syntax: allow for array of contexts in has_permission_on [sb]

** RELEASE 0.1 (August 22, 2008) **
Something went wrong with that request. Please try again.