Skip to content

Commit

Permalink
Improve support for nested resources
Browse files Browse the repository at this point in the history
  • Loading branch information
coorasse committed Mar 22, 2022
1 parent 051899d commit d0ea89a
Show file tree
Hide file tree
Showing 7 changed files with 89 additions and 41 deletions.
4 changes: 4 additions & 0 deletions .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ Metrics/BlockLength:
- 'lib/cancan/matchers.rb'
- '**/*_spec.rb'

Metrics/ClassLength:
Exclude:
- 'lib/cancan/model_adapters/active_record_adapter.rb'

# TODO
# Offense count: 2
# Configuration parameters: NamePrefix, NamePrefixBlacklist, NameWhitelist.
Expand Down
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,9 @@ When first developing, you need to run `bundle install` and then `bundle exec ap

You can then run all appraisal files (like CI does), with `appraisal rake` or just run a specific set `DB='sqlite' bundle exec appraisal activerecord_5.2.2 rake`.

If you use RubyMine, you can run RSpec tests by configuring the RSpec configuration template like this:
![rubymine_rspec.png](rubymine_rspec.png)

See the [CONTRIBUTING](./CONTRIBUTING.md) for more information.

## Special Thanks
Expand Down
11 changes: 5 additions & 6 deletions lib/cancan/conditions_matcher.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,14 @@ def matches_non_block_conditions(subject)
def nested_subject_matches_conditions?(subject_hash)
parent, child = subject_hash.first

matches_base_parent_conditions = matches_conditions_hash?(parent, @conditions[parent.class.name.downcase.to_sym] || {})
matches_base_parent_conditions = matches_conditions_hash?(parent,
@conditions[parent.class.name.downcase.to_sym] || {})

adapter = model_adapter(parent)

if adapter.override_nested_subject_conditions_matching?(parent, child, @conditions)
return matches_base_parent_conditions && adapter.nested_subject_matches_conditions?(parent, child, @conditions)
end

matches_base_parent_conditions
matches_base_parent_conditions &&
(!adapter.override_nested_subject_conditions_matching?(parent, child, @conditions) ||
adapter.nested_subject_matches_conditions?(parent, child, @conditions))
end

# Checks if the given subject matches the given conditions hash.
Expand Down
3 changes: 2 additions & 1 deletion lib/cancan/model_adapters/abstract_adapter.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ def self.matches_conditions_hash?(_subject, _conditions)
raise NotImplemented, 'This model adapter does not support matching on a conditions hash.'
end

# Used above override_conditions_hash_matching to determine if this model adapter will override the matching behavior for nested subject.
# Used above override_conditions_hash_matching to determine if this model adapter will override the
# matching behavior for nested subject.
# If this returns true then nested_subject_matches_conditions? will be called.
def self.override_nested_subject_conditions_matching?(_parent, _child, _all_conditions)
false
Expand Down
23 changes: 16 additions & 7 deletions lib/cancan/model_adapters/active_record_adapter.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,28 @@ def initialize(model_class, rules)
end

class << self
# When belongs_to parent_id is a condition for a model, we want to check the parent when testing ability for a hash {parent => model}
def override_nested_subject_conditions_matching?(parent, _child, all_conditions)
all_conditions[:"#{parent.class.name.downcase}_id"].present?
# When belongs_to parent_id is a condition for a model,
# we want to check the parent when testing ability for a hash {parent => model}
def override_nested_subject_conditions_matching?(parent, child, all_conditions)
parent_child_conditions(parent, child, all_conditions).present?
end

# parent_id condition can be an array of integer or one integer, we check the parent against this
def nested_subject_matches_conditions?(parent, _child, all_conditions)
id_condition = all_conditions[:"#{parent.class.name.downcase}_id"]
def nested_subject_matches_conditions?(parent, child, all_conditions)
id_condition = parent_child_conditions(parent, child, all_conditions)
return id_condition.include?(parent.id) if id_condition.is_a? Array
return id_condition == parent.id if id_condition.is_a? Integer

false
end

def parent_child_conditions(parent, child, all_conditions)
child_class = child.is_a?(Class) ? child : child.class
foreign_key = child_class.reflect_on_all_associations(:belongs_to).find do |association|
association.klass == parent.class
end&.foreign_key&.to_sym
foreign_key.nil? ? nil : all_conditions[foreign_key]
end
end

# Returns conditions intended to be used inside a database query. Normally you will not call this
Expand Down
Binary file added rubymine_rspec.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
86 changes: 59 additions & 27 deletions spec/cancan/model_adapters/active_record_adapter_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

require 'spec_helper'

describe CanCan::ModelAdapters::ActiveRecordAdapter do
RSpec.describe CanCan::ModelAdapters::ActiveRecordAdapter do
let(:true_v) do
ActiveRecord::Base.connection.quoted_true
end
Expand Down Expand Up @@ -49,6 +49,11 @@
t.timestamps null: false
end

create_table(:legacy_comments) do |t|
t.integer :post_id
t.timestamps null: false
end

create_table(:legacy_mentions) do |t|
t.integer :user_id
t.integer :article_id
Expand Down Expand Up @@ -100,6 +105,11 @@ class Comment < ActiveRecord::Base
belongs_to :project
end

class LegacyComment < ActiveRecord::Base
belongs_to :article, foreign_key: 'post_id'
belongs_to :project
end

class User < ActiveRecord::Base
has_many :articles
has_many :mentions
Expand Down Expand Up @@ -443,43 +453,65 @@ class User < ActiveRecord::Base
ability.cannot :read, Article, :secret
expect(Article.accessible_by(ability)).to eq([article])
end
end
end

describe 'when can? is used with a Hash (nested resources)' do
it 'verifies parent equality correctly' do
user1 = User.create!(name: 'user1')
user2 = User.create!(name: 'user2')
category = Category.create!(name: 'cat')
article1 = Article.create!(name: 'article1', category: category, user: user1)
article2 = Article.create!(name: 'article2', category: category, user: user2)
comment1 = Comment.create!(article: article1)
comment2 = Comment.create!(article: article2)
describe 'when can? is used with a Hash (nested resources)' do
let(:user1) { User.create!(name: 'user1') }
let(:user2) { User.create!(name: 'user2') }

ability1 = Ability.new(user1)
ability1.can :read, Article
ability1.can :manage, Article, user: user1
ability1.can :manage, Comment, article: user1.articles
before do
category = Category.create!(name: 'category')
@article1 = Article.create!(name: 'article1', category: category, user: user1)
@article2 = Article.create!(name: 'article2', category: category, user: user2)
@comment1 = Comment.create!(article: @article1)
@comment2 = Comment.create!(article: @article2)
@legacy_comment1 = LegacyComment.create!(article: @article1)
@legacy_comment2 = LegacyComment.create!(article: @article2)
end

expect(ability1.can?(:manage, { article1 => Comment })).to eq(true)
expect(ability1.can?(:manage, { article2 => Comment })).to eq(false)
expect(ability1.can?(:manage, { article1 => comment1 })).to eq(true)
expect(ability1.can?(:manage, { article2 => comment2 })).to eq(false)
context 'when conditions are defined using the parent model' do
let(:ability) do
Ability.new(user1).tap do |ability|
ability.can :read, Article
ability.can :manage, Article, user: user1
ability.can :manage, Comment, article: user1.articles
ability.can :manage, LegacyComment, article: user1.articles
end
end

ability2 = Ability.new(user2)
it 'verifies parent equality correctly' do
expect(ability.can?(:manage, { @article1 => Comment })).to eq(true)
expect(ability.can?(:manage, { @article1 => LegacyComment })).to eq(true)
expect(ability.can?(:manage, { @article1 => @comment1 })).to eq(true)
expect(ability.can?(:manage, { @article1 => @legacy_comment1 })).to eq(true)

expect(ability2.can?(:manage, { article1 => Comment })).to eq(false)
expect(ability2.can?(:manage, { article2 => Comment })).to eq(false)
expect(ability2.can?(:manage, { article1 => comment1 })).to eq(false)
expect(ability2.can?(:manage, { article2 => comment2 })).to eq(false)
expect(ability.can?(:manage, { @article2 => Comment })).to eq(false)
expect(ability.can?(:manage, { @article2 => LegacyComment })).to eq(false)
expect(ability.can?(:manage, { @article2 => @legacy_comment2 })).to eq(false)
end
end

ability = Ability.new(user1)
context 'when conditions are defined using the parent id' do
let(:ability) do
Ability.new(user1).tap do |ability|
ability.can :read, Article
ability.can :manage, Article, user_id: user1.id
ability.can :manage, Comment, article_id: user1.article_ids

expect(ability.can?(:manage, {art1 => Comment})).to eq(true)
expect(ability.can?(:manage, {art2 => Comment})).to eq(false)
ability.can :manage, LegacyComment, post_id: user1.article_ids
end
end

it 'verifies parent equality correctly' do
expect(ability.can?(:manage, { @article1 => Comment })).to eq(true)
expect(ability.can?(:manage, { @article1 => LegacyComment })).to eq(true)
expect(ability.can?(:manage, { @article1 => @comment1 })).to eq(true)
expect(ability.can?(:manage, { @article1 => @legacy_comment1 })).to eq(true)

expect(ability.can?(:manage, { @article2 => Comment })).to eq(false)
expect(ability.can?(:manage, { @article2 => LegacyComment })).to eq(false)
expect(ability.can?(:manage, { @article2 => @legacy_comment2 })).to eq(false)
end
end
end

Expand Down

0 comments on commit d0ea89a

Please sign in to comment.