mark index action as fully authorized when fetching records through accessible_by
This commit is contained in:
parent
5d68caefd0
commit
27eba72e4b
|
@ -28,6 +28,7 @@ module CanCan
|
||||||
self.resource_instance ||= load_resource_instance
|
self.resource_instance ||= load_resource_instance
|
||||||
elsif load_collection?
|
elsif load_collection?
|
||||||
self.collection_instance ||= load_collection
|
self.collection_instance ||= load_collection
|
||||||
|
current_ability.fully_authorized! @params[:action], @params[:controller]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -66,21 +66,23 @@ describe CanCan::ControllerResource do
|
||||||
@controller.instance_variable_get(:@project).name.should == "from params"
|
@controller.instance_variable_get(:@project).name.should == "from params"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should build a collection when on index action when class responds to accessible_by" do
|
it "should build a collection when on index action when class responds to accessible_by and mark ability as fully authorized" do
|
||||||
stub(Project).accessible_by(@ability, :index) { :found_projects }
|
stub(Project).accessible_by(@ability, :index) { :found_projects }
|
||||||
@params[:action] = "index"
|
@params[:action] = "index"
|
||||||
resource = CanCan::ControllerResource.new(@controller, :project)
|
resource = CanCan::ControllerResource.new(@controller, :project)
|
||||||
resource.load_resource
|
resource.load_resource
|
||||||
@controller.instance_variable_get(:@project).should be_nil
|
@controller.instance_variable_get(:@project).should be_nil
|
||||||
@controller.instance_variable_get(:@projects).should == :found_projects
|
@controller.instance_variable_get(:@projects).should == :found_projects
|
||||||
|
@ability.should be_fully_authorized(:index, :projects)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should not build a collection when on index action when class does not respond to accessible_by" do
|
it "should not build a collection when on index action when class does not respond to accessible_by and not mark ability as fully authorized" do
|
||||||
@params[:action] = "index"
|
@params[:action] = "index"
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
resource.load_resource
|
resource.load_resource
|
||||||
@controller.instance_variable_get(:@project).should be_nil
|
@controller.instance_variable_get(:@project).should be_nil
|
||||||
@controller.instance_variable_defined?(:@projects).should be_false
|
@controller.instance_variable_defined?(:@projects).should be_false
|
||||||
|
@ability.should_not be_fully_authorized(:index, :projects)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should not use accessible_by when defining abilities through a block" do
|
it "should not use accessible_by when defining abilities through a block" do
|
||||||
|
|
Loading…
Reference in New Issue
Block a user