Merge branch 'develop'

CanCanCommunity · May 28, 2024 · 8418bd3 · 8418bd3
2 parents cbcf8b1 + bfada42
commit 8418bd3
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 11 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,7 +2,7 @@
 
 ### Reporting an Issue
 
-1. If you have any questions about CanCanCan, search the [Wiki](https://github.com/cancancommunity/cancancan/wiki) or
+1. If you have any questions about CanCanCan, search the [Developer guide](./docs/README.md) or
 use [Stack Overflow](http://stackoverflow.com/questions/tagged/cancancan).
 Do not post questions here.
 

diff --git a/docs/define_check_abilities.md b/docs/define_check_abilities.md
@@ -227,6 +227,6 @@ end
 some_user.can? :update, @article
 ```
 
-That's everything you know about defining and checking abilities. The DSL is very easy but yet very powerful. There's still a lot you need/should learn about defining abilities. You can [dig deeper](./hash_of_conditions.md) now, but we would suggest to stop, digest it, and proceed on a more Rails-specific topic: [Controller helpers](./controller_helpers.md) where you will learn how to secure your Rails application.
+That's everything you need to know about checking abilities. The DSL is very easy but yet very powerful. However, there is still a lot you should learn about defining abilities. You can [dig deeper](./hash_of_conditions.md) now, but we would suggest to stop, digest, and proceed on a more Rails-specific topic: [Controller helpers](./controller_helpers.md) where you will learn how to secure your Rails application.
 
 Or you could already take a look at the session about [testing](./testing.md).
diff --git a/docs/friendly_id.md b/docs/friendly_id.md
@@ -16,7 +16,7 @@ if defined?(CanCanCan)
 
   module CanCan
     module ModelAdapters
-      class ActiveRecord4Adapter < AbstractAdapter
+      class ActiveRecordAdapter < AbstractAdapter
         @@friendly_support = {}
 
         def self.find(model_class, id)

diff --git a/docs/rules_compression.md b/docs/rules_compression.md
@@ -52,4 +52,4 @@ becomes
 # nothing
 ```
 
-These optimizations allow you to follow the strategy of ["Give Permissions, don't take them"](https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities%3A-Best-Practices#give-permissions-dont-take-them-away) and automatically ignore previous rules when they are not needed.
+These optimizations allow you to follow the strategy of ["Give Permissions, don't take them"](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/define_abilities_best_practices.md#give-permissions-dont-take-them-away) and automatically ignore previous rules when they are not needed.
diff --git a/lib/cancan/ability/strong_parameter_support.rb b/lib/cancan/ability/strong_parameter_support.rb
@@ -31,7 +31,7 @@ def get_attributes(rule, subject)
         klass = subject_class?(subject) ? subject : subject.class
         # empty attributes is an 'all'
         if rule.attributes.empty? && klass < ActiveRecord::Base
-          klass.column_names.map(&:to_sym) - Array(klass.primary_key)
+          klass.attribute_names.map(&:to_sym) - Array(klass.primary_key)
         else
           rule.attributes
         end

diff --git a/lib/cancan/controller_additions.rb b/lib/cancan/controller_additions.rb
@@ -171,6 +171,11 @@ def load_resource(*args)
       # [:+instance_name+]
       #   The name of the instance variable for this resource.
       #
+      # [:+id_param+]
+      #   Find using a param key other than :id. For example:
+      #
+      #     load_resource :id_param => :url # will use find(params[:url])
+      #
       # [:+through+]
       #   Authorize conditions on this parent resource when instance isn't available.
       #

diff --git a/spec/cancan/ability_spec.rb b/spec/cancan/ability_spec.rb
@@ -5,6 +5,21 @@
 describe CanCan::Ability do
   before(:each) do
     (@ability = double).extend(CanCan::Ability)
+
+    connect_db
+    ActiveRecord::Migration.verbose = false
+    ActiveRecord::Schema.define do
+      create_table(:named_users) do |t|
+        t.string :first_name
+        t.string :last_name
+      end
+    end
+
+    unless defined?(NamedUser)
+      class NamedUser < ActiveRecord::Base
+        attribute :role, :string # Virtual only
+      end
+    end
   end
 
   it 'is able to :read anything' do
@@ -651,13 +666,10 @@ def active?
   end
 
   it 'returns an array of permitted attributes for a given action and subject' do
-    user_class = Class.new(ActiveRecord::Base)
-    allow(user_class).to receive(:column_names).and_return(%w[first_name last_name])
-    allow(user_class).to receive(:primary_key).and_return('id')
-    @ability.can :read, user_class
+    @ability.can :read, NamedUser
     @ability.can :read, Array, :special
     @ability.can :action, :subject, :attribute
-    expect(@ability.permitted_attributes(:read, user_class)).to eq(%i[first_name last_name])
+    expect(@ability.permitted_attributes(:read, NamedUser)).to eq(%i[id first_name last_name role])
     expect(@ability.permitted_attributes(:read, Array)).to eq([:special])
     expect(@ability.permitted_attributes(:action, :subject)).to eq([:attribute])
   end

diff --git a/spec/cancan/rule_spec.rb b/spec/cancan/rule_spec.rb
@@ -61,7 +61,7 @@ def count_queries(&block)
       end
 
       before do
-        ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
+        connect_db
         ActiveRecord::Migration.verbose = false
         ActiveRecord::Schema.define do
           create_table(:watermelons) do |t|