-
Notifications
You must be signed in to change notification settings - Fork 783
Upgrading to 1.3
CanCan version 1.3 greatly changes the way nesting controller resources works. It has support for polymorphic associations, singleton resource, and many more options. The Ability module has also been improved with support for multiple can
definitions which get properly translated to SQL.
See Upgrading to 1.1 if you are still on 1.0 or below. Also see the CHANGELOG for the full list of changes.
The :nested
option no longer exists on load_and_authorize_resource
. You should now use the :through
option and call the load_and_authorize_resource
option again. For example, you will need to change this.
class ProductsController < ApplicationController
load_and_authorize_resource :nested => :category
end
To this.
class ProductsController < ApplicationController
load_and_authorize_resource :category
load_and_authorize_resource :product, :through => :category
end
This way deep nesting is fully supported and you can pass any options to each load/authorize_resource call. See Nested Resources for more information.
It is now possible to specify multiple can
and cannot
definitions with hashes and have it properly translate to a single SQL query.
# in Ability
can :manage, User, :id => 1
can :manage, User, :manager_id => 1
cannot :manage, User, :self_managed => true
When using accessible_by
in the controller it will translate to SQL conditions that look like this.
not (self_managed = 't') AND ((manager_id = 1) OR (id = 1))
Special thanks to funny-falcon for this feature.
See page Multiple can definitions (from 1.3) for more information.
This is a small but really convenient feature which allows you to change what column is used to fetch the resource.
load_and_authorize_resource :find_by => :permalink
In this case it will use find_by_permalink!(params[:id])
when fetching the model. Many more options have been added to this method, see the RDocs for details.
This project is abandoned, see its successor: CanCanCan