adding a before filter for loading and authorizing a resource
This commit is contained in:
parent
6c6a57beec
commit
1034c81763
|
@ -9,7 +9,7 @@ module CanCan
|
||||||
base.alias_action :edit, :to => :update
|
base.alias_action :edit, :to => :update
|
||||||
end
|
end
|
||||||
|
|
||||||
def can?(original_action, target)
|
def can?(original_action, target) # TODO this could use some refactoring
|
||||||
(self.class.can_history || []).reverse.each do |can_action, can_target, can_block|
|
(self.class.can_history || []).reverse.each do |can_action, can_target, can_block|
|
||||||
possible_actions_for(original_action).each do |action|
|
possible_actions_for(original_action).each do |action|
|
||||||
if (can_action == :manage || can_action == action) && (can_target == :all || can_target == target || target.kind_of?(can_target))
|
if (can_action == :manage || can_action == action) && (can_target == :all || can_target == target || target.kind_of?(can_target))
|
||||||
|
|
|
@ -15,6 +15,23 @@ module CanCan
|
||||||
def can?(*args)
|
def can?(*args)
|
||||||
(@current_ability ||= current_ability).can?(*args)
|
(@current_ability ||= current_ability).can?(*args)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def load_resource # TODO this could use some refactoring
|
||||||
|
if params[:id]
|
||||||
|
instance_variable_set("@#{params[:controller].singularize}", params[:controller].singularize.camelcase.constantize.find(params[:id]))
|
||||||
|
elsif params[params[:controller].singularize.to_sym]
|
||||||
|
instance_variable_set("@#{params[:controller].singularize}", params[:controller].singularize.camelcase.constantize.new(params[params[:controller].singularize.to_sym]))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def authorize_resource # TODO this could use some refactoring
|
||||||
|
unauthorized! unless can?(params[:action].to_sym, instance_variable_get("@#{params[:controller].singularize}") || params[:controller].singularize.camelcase.constantize)
|
||||||
|
end
|
||||||
|
|
||||||
|
def load_and_authorize_resource
|
||||||
|
load_resource
|
||||||
|
authorize_resource
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -29,4 +29,47 @@ describe CanCan::ControllerAdditions do
|
||||||
@controller.current_ability.should be_kind_of(Ability)
|
@controller.current_ability.should be_kind_of(Ability)
|
||||||
@controller.can?(:foo, :bar).should be_false
|
@controller.can?(:foo, :bar).should be_false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "should load the resource if params[:id] is specified" do
|
||||||
|
stub(@controller).params { {:controller => "abilities", :action => "show", :id => 123} }
|
||||||
|
stub(Ability).find(123) { :some_resource }
|
||||||
|
@controller.load_resource
|
||||||
|
@controller.instance_variable_get(:@ability).should == :some_resource
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should build a new resource with hash if params[:id] is not specified" do
|
||||||
|
stub(@controller).params { {:controller => "abilities", :action => "create", :ability => {:foo => "bar"}} }
|
||||||
|
stub(Ability).new(:foo => "bar") { :some_resource }
|
||||||
|
@controller.load_resource
|
||||||
|
@controller.instance_variable_get(:@ability).should == :some_resource
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should not build a resource of neither id nor attributes are specified" do
|
||||||
|
stub(@controller).params { {:controller => "abilities", :action => "index"} }
|
||||||
|
@controller.load_resource
|
||||||
|
@controller.instance_variable_get(:@ability).should be_nil
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should perform authorization using controller action and loaded model" do
|
||||||
|
@controller.instance_variable_set(:@ability, :some_resource)
|
||||||
|
stub(@controller).params { {:controller => "abilities", :action => "show"} }
|
||||||
|
stub(@controller).can?(:show, :some_resource) { false }
|
||||||
|
lambda {
|
||||||
|
@controller.authorize_resource
|
||||||
|
}.should raise_error(CanCan::AccessDenied)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should perform authorization using controller action and non loaded model" do
|
||||||
|
stub(@controller).params { {:controller => "abilities", :action => "show"} }
|
||||||
|
stub(@controller).can?(:show, Ability) { false }
|
||||||
|
lambda {
|
||||||
|
@controller.authorize_resource
|
||||||
|
}.should raise_error(CanCan::AccessDenied)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should load and authorize resource in one call" do
|
||||||
|
mock(@controller).load_resource
|
||||||
|
stub(@controller).authorize_resource
|
||||||
|
@controller.load_and_authorize_resource
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue
Block a user