mark index action as fully authorized when fetching records through accessible_by

This commit is contained in:
Ryan Bates 2011-03-25 16:34:13 -07:00
parent 5d68caefd0
commit 27eba72e4b
2 changed files with 5 additions and 2 deletions

View File

@ -28,6 +28,7 @@ module CanCan
self.resource_instance ||= load_resource_instance
elsif load_collection?
self.collection_instance ||= load_collection
current_ability.fully_authorized! @params[:action], @params[:controller]
end
end

View File

@ -66,21 +66,23 @@ describe CanCan::ControllerResource do
@controller.instance_variable_get(:@project).name.should == "from params"
end
it "should build a collection when on index action when class responds to accessible_by" do
it "should build a collection when on index action when class responds to accessible_by and mark ability as fully authorized" do
stub(Project).accessible_by(@ability, :index) { :found_projects }
@params[:action] = "index"
resource = CanCan::ControllerResource.new(@controller, :project)
resource.load_resource
@controller.instance_variable_get(:@project).should be_nil
@controller.instance_variable_get(:@projects).should == :found_projects
@ability.should be_fully_authorized(:index, :projects)
end
it "should not build a collection when on index action when class does not respond to accessible_by" do
it "should not build a collection when on index action when class does not respond to accessible_by and not mark ability as fully authorized" do
@params[:action] = "index"
resource = CanCan::ControllerResource.new(@controller)
resource.load_resource
@controller.instance_variable_get(:@project).should be_nil
@controller.instance_variable_defined?(:@projects).should be_false
@ability.should_not be_fully_authorized(:index, :projects)
end
it "should not use accessible_by when defining abilities through a block" do