refactoring fully authorized check and catching bug
This commit is contained in:
parent
488cc2dfdd
commit
242e912519
|
@ -220,14 +220,19 @@ module CanCan
|
||||||
if cannot?(action, subject, *args)
|
if cannot?(action, subject, *args)
|
||||||
message ||= unauthorized_message(action, subject)
|
message ||= unauthorized_message(action, subject)
|
||||||
raise AccessDenied.new(message, action, subject)
|
raise AccessDenied.new(message, action, subject)
|
||||||
else
|
elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
|
||||||
not_fully_authorized = false
|
fully_authorized!(action, subject)
|
||||||
not_fully_authorized = true if %w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject)
|
|
||||||
not_fully_authorized = true if subject.kind_of?(Symbol) && has_instance_conditions?(action, subject)
|
|
||||||
fully_authorized!(action, subject) unless not_fully_authorized
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def sufficient_attribute_check?(action, subject, attribute)
|
||||||
|
!(%w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject))
|
||||||
|
end
|
||||||
|
|
||||||
|
def sufficient_condition_check?(action, subject)
|
||||||
|
!((subject.kind_of?(Symbol) || subject.kind_of?(String)) && has_instance_conditions?(action, subject))
|
||||||
|
end
|
||||||
|
|
||||||
def unauthorized_message(action, subject)
|
def unauthorized_message(action, subject)
|
||||||
keys = unauthorized_message_keys(action, subject)
|
keys = unauthorized_message_keys(action, subject)
|
||||||
variables = {:action => action.to_s}
|
variables = {:action => action.to_s}
|
||||||
|
|
|
@ -259,6 +259,8 @@ describe CanCan::Ability do
|
||||||
@ability.can :update, :ranges, :begin => 1
|
@ability.can :update, :ranges, :begin => 1
|
||||||
@ability.authorize! :update, :ranges
|
@ability.authorize! :update, :ranges
|
||||||
@ability.should_not be_fully_authorized(:update, :ranges)
|
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||||
|
@ability.authorize! "update", "ranges"
|
||||||
|
@ability.should_not be_fully_authorized(:update, :ranges)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "is not fully authorized when a block exists but no instance is used" do
|
it "is not fully authorized when a block exists but no instance is used" do
|
||||||
|
|
Loading…
Reference in New Issue
Block a user