-
-
Notifications
You must be signed in to change notification settings - Fork 638
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rules for STI subclasses apply to parent classes in accessible_by #771
Comments
Appears to be the same problem that was discussed in #663; at least, the root cause is that rules for subclasses are incorrectly pulled in as relevant rules for their parent classes. |
I'll vote for this. I've a problem with rules on sub-classes propagating up to affect the parent class. I'm upgrading an old 5.0.2 app to 6.latest, and I've got as far as 5.1.7 but this problem has me stumped. It used to work in lower versions but not now. I have an extra restriction on a subclass and it also puts the restriction on the parent class!!! Grrr!!. I see that #663 has been outstanding for just over a year now. |
I am seeing the same problem in my own code base. The gist is:
This is incorrect. I debugged this and it seems as though the |
|
Probably related to #768. Tested with the fix in #689 but behavior did not change
Steps to reproduce
Create an STI parent class and a subclass, and add
ability.can :read
to both classes. CallingParentClass.accessible_by(ability)
returns only instances of the subclassAdd this spec to
spec/cancan/model_adapters/active_record_adapter_spec.rb
, under the'when STI is in use'
context:Expected behavior
Parent STI models should not be affected by the rules (and their conditions) defined on subclasses
Actual behavior
Parent models are affected by conditions coming from rules defined on their subclasses, which exclude the parent class from the set of records returned by
accessible_by
Additional info for the sample spec
Vehicle.accessible_by(ability).to_sql
returnsSELECT "vehicles".* FROM "vehicles" WHERE "vehicles"."type" = 'Motorbike'
, when I would expect it to returnSELECT "vehicles".* FROM "vehicles"
Motorbike.accessible_by(ability).to_sql
returnsSELECT "vehicles".* FROM "vehicles" WHERE "vehicles"."type" IN ('Motorbike', 'Suzuki') AND "vehicles"."type" = 'Suzuki'
, when I would expect it to returnSELECT "vehicles".* FROM "vehicles" WHERE "vehicles"."type" IN ('Motorbike', 'Suzuki')
Suzuki.accessible_by(ability).to_sql
returnsSELECT "vehicles".* FROM "vehicles" WHERE "vehicles"."type" IN ('Suzuki') AND "vehicles"."type" = 'Suzuki'
, which is a valid query to return the appropriate records, but the STI type appears twice, which is redundantSystem configuration
Rails version:
Ran the above spec on 5.2.2, but the behavior is also present on 6.0.4.6 in a separate Rails application
Ruby version:
Ran the above spec on 2.6.5, but the behavior is also present on 3.0.3 in a separate Rails application
CanCanCan version
3.3.0
The text was updated successfully, but these errors were encountered: