refactoring fully authorized check and catching bug

This commit is contained in:
Ryan Bates 2011-03-25 13:30:45 -07:00
parent 488cc2dfdd
commit 242e912519
2 changed files with 12 additions and 5 deletions

View File

@ -220,14 +220,19 @@ module CanCan
if cannot?(action, subject, *args)
message ||= unauthorized_message(action, subject)
raise AccessDenied.new(message, action, subject)
else
not_fully_authorized = false
not_fully_authorized = true if %w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject)
not_fully_authorized = true if subject.kind_of?(Symbol) && has_instance_conditions?(action, subject)
fully_authorized!(action, subject) unless not_fully_authorized
elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
fully_authorized!(action, subject)
end
end
def sufficient_attribute_check?(action, subject, attribute)
!(%w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject))
end
def sufficient_condition_check?(action, subject)
!((subject.kind_of?(Symbol) || subject.kind_of?(String)) && has_instance_conditions?(action, subject))
end
def unauthorized_message(action, subject)
keys = unauthorized_message_keys(action, subject)
variables = {:action => action.to_s}

View File

@ -259,6 +259,8 @@ describe CanCan::Ability do
@ability.can :update, :ranges, :begin => 1
@ability.authorize! :update, :ranges
@ability.should_not be_fully_authorized(:update, :ranges)
@ability.authorize! "update", "ranges"
@ability.should_not be_fully_authorized(:update, :ranges)
end
it "is not fully authorized when a block exists but no instance is used" do