Do Not Execute Scope When Checking Class Rule

[matt-glover]

I expect that a class level access can? check will not trigger a scope defined on the ability. The current code executes a count against the scope and drives logic based on the result. This pull patches the presumably inadvertent scope execution. If that scope execution is the expected behavior then this pull should be rejected and the docs should be clarified to make this behavior explicit.

For example, I expect the following will not trigger Foo.some_scoped_query:

# Ability.rb
can :read, Foo, Foo.some_scoped_query do |foo|
  foo.some_instance_check
end

# In some controller
can?(:read, Foo)

In the current code CanCan checks the conditions on a rule to see if they are empty. @conditions.empty? calls ActiveRecord::Relation#empty? when a scoped condition is provided. ActiveRecord::Relation#empty? will execute the scoped query as a count to see if any records are returned.

[inkstak]

+1

[bryanrite]

👍

[xhoy]

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

[matt-glover]

Looks like the change was already pulled into cancancan via CanCanCommunity/cancancan@d3e4fd7