-
Notifications
You must be signed in to change notification settings - Fork 783
Upgrading to 1.3
CanCan version 1.3 greatly changes the way nesting controller resources works. It has support for polymorphic associations, singleton resource, and many more options. The Ability module has also been improved with support for multiple can definitions which get properly translated to SQL.
The :nested option no longer exists on load_and_authorize_resource. You should now use the :through option and define the @ load_and_authorize_resource@ option separately. For example, you will need to change this.
class ProductsController < ApplicationController load_and_authorize_resource :nested => :category end
To this.
class ProductsController < ApplicationController load_and_authorize_resource :category load_and_authorize_resource :product, :through => :category end
This way deep nesting is fully supported and you can pass as many options to each load/authorize_resource call. See Nested Resources for more information.
It is now possible to specify multiple can and cannot definitions with hashes and have it properly translate to a single SQL query.
# in Ability
can :manage, User, :id => 1
can :manage, User, :manager_id => 1
cannot :manage, User, :self_managed => true
# query(:manage, User).conditions # => "not (self_managed = 't') AND ((manager_id = 1) OR (id = 1))"
When using accessible_by in the controller it will translate to SQL conditions that look like this.
not (self_managed = 't') AND ((manager_id = 1) OR (id = 1))
Special thanks to funny-falcon for this feature.
This is a small but really convenient feature which allows you to change what column is used to fetch the resource.
load_and_authorize_resource :find_by => :permalink
In this case it will use find_by_permalink!(params[:id]) when fetching the model. Many more options have been added to this method, see the RDocs for details.
This project is abandoned, see its successor: CanCanCan