inossidabile / protector-cancan Goto Github PK
View Code? Open in Web Editor NEWIntegration layer between Protector and CanCan
License: MIT License
protector-cancan's People
Contributors
Stargazers
Watchers
protector-cancan's Issues
Unexpected behavior with nested resources
I have a pair of models (irrelevant code removed):
class Adventure
has_many :adventure_entries
protect do |user|
can :view
end
end
class AdventureEntry
belongs_to :adventure
protect do |user|
can :view
end
endWith simple load_and_authorize_resource, protector is working as expected. However, nested resources are not working as expected with following controller code:
class AdventureEntriesController < ApplicationController
load_and_authorize_resource :adventure
load_and_authorize_resource :adventure_entry, :through => :adventure # this throws CanCan::AccessDeniedThis issue can also be reproduced in the console:
irb(main):001:0> user = User.first!; ability = Ability.new(user); adventure = Adventure.first!
irb(main):002:0> ability.can? :view, adventure => AdventureEntry
=> false
irb(main):001:0> user = User.first!; ability = Ability.new(user); adventure = Adventure.first!
irb(main):002:0> ability.can? :view, adventure
=> true
irb(main):003:0> ability.can? :view, AdventureEntry
=> true
irb(main):004:0> ability.can? :view, adventure => AdventureEntry
=> true
It looks like can? for multiple models fails, unless it was called on each of them previously.
Model.find does not work with sqlite3
the following is raising an error:
User.restrict!(User.all.first).find(1)SQLite3::RangeException: bind or column index out of range: SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1
Reproduce:
adding in to the Gemfile
gem 'protector', github: 'inossidabile/protector'rails g scaffold User name:string admin:boolean
and adding two users one with admin one without admin
class User < ActiveRecord::Base
protect do |user|
if user.admin?
can :read
else
scope {where(id: user.id)}
can :read
end
end
endWorkaround
@user = User.restrict!(User.all.first).find_by(id: params[:id])or using non restricted version
@user = User.find(params[:id])Typo in read me
def intialize(user) -> def initialize(user)
^
load_and_authorize_resources -> load_and_authorize_resourcecan?(action, model_instance) returns false
(rdb:1) subject
#<Category id: 6, domain_id: 3, parent_id: 1, lft: 2, rgt: 3, depth: 1, name: "test", created_at: "2013-10-29 12:14:56", updated_at: "2013-10-29 12:34:55">
(rdb:1) action
:update
(rdb:1) cancan_ability
#<Ability:0x00000009aba208 @protector_subject=#<User id: 1, email: "[email protected]", encrypted_password: "...", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: "2013-10-29 10:07:53", sign_in_count: 2, current_sign_in_at: "2013-10-29 12:09:19", last_sign_in_at: "2013-10-29 10:07:53", current_sign_in_ip: "127.0.0.1", last_sign_in_ip: "127.0.0.1", confirmation_token: nil, confirmed_at: "2013-10-29 10:07:23", confirmation_sent_at: "2013-10-29 10:04:14", unconfirmed_email: nil, failed_attempts: 0, unlock_token: nil, locked_at: nil, created_at: "2013-10-29 10:04:13", updated_at: "2013-10-29 12:09:19", global_role: 1>, @protector_subject_defined=true, @protector_models=#<Set: {Category(id: integer, domain_id: integer, parent_id: integer, lft: integer, rgt: integer, depth: integer, name: string, created_at: datetime, updated_at: datetime), ...}>, @rules=[#<CanCan::Rule:0x00000009ae1560 @match_all=false, @base_behavior=true, @actions=[:read], @subjects=[Category(id: integer, domain_id: integer, parent_id: integer, lft: integer, rgt: integer, depth: integer, name: string, created_at: datetime, updated_at: datetime)], @conditions={}, @block=nil, @expanded_actions=[:read, :index, :show]>, #<CanCan::Rule:0x00000009ae0200 @match_all=false, @base_behavior=true, @actions=[:create], @subjects=[Category(id: integer, domain_id: integer, parent_id: integer, lft: integer, rgt: integer, depth: integer, name: string, created_at: datetime, updated_at: datetime)], @conditions={}, @block=nil, @expanded_actions=[:create, :new]>, ... ], @aliased_actions={:read=>[:index, :show], :create=>[:new], :update=>[:edit]}>
(rdb:1) cancan_ability.class.ancestors
[Ability, Apirizer::Ability, CanCan::Ability, Protector::CanCan::Ability, Object, PP::ObjectMixin, V8::Conversion::Object, ActiveSupport::Dependencies::Loadable, JSON::Ext::Generator::GeneratorMethods::Object, Kernel, BasicObject]
(rdb:1) cancan_ability.can?(action, subject)
false
(rdb:1) cancan_ability.can?(action, subject.restrict!(cancan_ability.protector_subject))
false
(rdb:1) subject.restrict!(cancan_ability.protector_subject).can?(action)
... SQL ...
true
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.