adding fully_authorized? method to Ability to check if conditions are considered in authorize! call
This commit is contained in:
parent
85efbdb8d0
commit
0f3753491d
|
@ -219,6 +219,8 @@ module CanCan
|
||||||
if cannot?(action, subject, *args)
|
if cannot?(action, subject, *args)
|
||||||
message ||= unauthorized_message(action, subject)
|
message ||= unauthorized_message(action, subject)
|
||||||
raise AccessDenied.new(message, action, subject)
|
raise AccessDenied.new(message, action, subject)
|
||||||
|
else
|
||||||
|
fully_authorized!(action, subject) unless subject.kind_of?(Symbol) && has_instance_conditions?(action, subject)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -246,6 +248,20 @@ module CanCan
|
||||||
relevant_rules(action, subject).any?(&:only_raw_sql?)
|
relevant_rules(action, subject).any?(&:only_raw_sql?)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def has_instance_conditions?(action, subject)
|
||||||
|
relevant_rules(action, subject).any?(&:instance_conditions?)
|
||||||
|
end
|
||||||
|
|
||||||
|
def fully_authorized?(action, subject)
|
||||||
|
@fully_authorized ||= []
|
||||||
|
@fully_authorized.include? [action, subject]
|
||||||
|
end
|
||||||
|
|
||||||
|
def fully_authorized!(action, subject)
|
||||||
|
@fully_authorized ||= []
|
||||||
|
@fully_authorized << [action, subject]
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def unauthorized_message_keys(action, subject)
|
def unauthorized_message_keys(action, subject)
|
||||||
|
|
|
@ -51,6 +51,10 @@ module CanCan
|
||||||
@block.nil? && !conditions_empty? && !@conditions.kind_of?(Hash)
|
@block.nil? && !conditions_empty? && !@conditions.kind_of?(Hash)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def instance_conditions?
|
||||||
|
@block || !conditions_empty?
|
||||||
|
end
|
||||||
|
|
||||||
def conditions_empty?
|
def conditions_empty?
|
||||||
@conditions == {} || @conditions.nil?
|
@conditions == {} || @conditions.nil?
|
||||||
end
|
end
|
||||||
|
|
|
@ -235,6 +235,48 @@ describe CanCan::Ability do
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# Sufficient Check
|
||||||
|
|
||||||
|
it "is not fully authorized when no authorize! call is made" do
|
||||||
|
@ability.can :update, :ranges, :begin => 1
|
||||||
|
@ability.can?(:update, :ranges).should be_true
|
||||||
|
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is fully authorized when calling authorize! with a matching action and subject" do
|
||||||
|
@ability.can :update, :ranges
|
||||||
|
@ability.authorize! :update, :ranges
|
||||||
|
@ability.should be_fully_authorized(:update, :ranges)
|
||||||
|
@ability.should_not be_fully_authorized(:create, :ranges)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is fully authorized when marking action and subject as such" do
|
||||||
|
@ability.fully_authorized! :update, :ranges
|
||||||
|
@ability.should be_fully_authorized(:update, :ranges)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is not fully authorized when a conditions hash exists but no instance is used" do
|
||||||
|
@ability.can :update, :ranges, :begin => 1
|
||||||
|
@ability.authorize! :update, :ranges
|
||||||
|
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is not fully authorized when a block exists but no instance is used" do
|
||||||
|
@ability.can :update, :ranges do |range|
|
||||||
|
range.begin == 1
|
||||||
|
end
|
||||||
|
@ability.authorize! :update, :ranges
|
||||||
|
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "is not fully authorized when attributes are required but not checked on in update/destroy actions" do
|
||||||
|
pending
|
||||||
|
@ability.can :update, :users, :name
|
||||||
|
@ability.authorize! :update, :users
|
||||||
|
@ability.should_not be_fully_authorized(:update, :users)
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
# Cannot
|
# Cannot
|
||||||
|
|
||||||
it "offers cannot? method which inverts can?" do
|
it "offers cannot? method which inverts can?" do
|
||||||
|
|
Loading…
Reference in New Issue
Block a user