adding :if and :unless options to check_authorization - closes #284
This commit is contained in:
parent
37102fe6f8
commit
80f1ab20fb
|
@ -226,16 +226,33 @@ module CanCan
|
||||||
# check_authorization
|
# check_authorization
|
||||||
# end
|
# end
|
||||||
#
|
#
|
||||||
# Any arguments are passed to the +after_filter+ it triggers.
|
|
||||||
#
|
|
||||||
# See skip_authorization_check to bypass this check on specific controller actions.
|
# See skip_authorization_check to bypass this check on specific controller actions.
|
||||||
def check_authorization(*args)
|
#
|
||||||
self.after_filter(*args) do |controller|
|
# Options:
|
||||||
unless controller.instance_variable_defined?(:@_authorized)
|
# [:+only+]
|
||||||
|
# Only applies to given actions.
|
||||||
|
#
|
||||||
|
# [:+except+]
|
||||||
|
# Does not apply to given actions.
|
||||||
|
#
|
||||||
|
# [:+if+]
|
||||||
|
# Supply the name of a controller method to be called. The authorization check only takes place if this returns true.
|
||||||
|
#
|
||||||
|
# check_authorization :if => :admin_controller?
|
||||||
|
#
|
||||||
|
# [:+unless+]
|
||||||
|
# Supply the name of a controller method to be called. The authorization check only takes place if this returns false.
|
||||||
|
#
|
||||||
|
# check_authorization :unless => :devise_controller?
|
||||||
|
#
|
||||||
|
def check_authorization(options = {})
|
||||||
|
self.after_filter(options.slice(:only, :except)) do |controller|
|
||||||
|
return if controller.instance_variable_defined?(:@_authorized)
|
||||||
|
return if options[:if] && !controller.send(options[:if])
|
||||||
|
return if options[:unless] && controller.send(options[:unless])
|
||||||
raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
|
raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
# Call this in the class of a controller to skip the check_authorization behavior on the actions.
|
# Call this in the class of a controller to skip the check_authorization behavior on the actions.
|
||||||
#
|
#
|
||||||
|
|
|
@ -66,17 +66,33 @@ describe CanCan::ControllerAdditions do
|
||||||
end
|
end
|
||||||
|
|
||||||
it "check_authorization should trigger AuthorizationNotPerformed in after filter" do
|
it "check_authorization should trigger AuthorizationNotPerformed in after filter" do
|
||||||
mock(@controller_class).after_filter(:some_options) { |options, block| block.call(@controller) }
|
mock(@controller_class).after_filter(:only => [:test]) { |options, block| block.call(@controller) }
|
||||||
lambda {
|
lambda {
|
||||||
@controller_class.check_authorization(:some_options)
|
@controller_class.check_authorization(:only => [:test])
|
||||||
}.should raise_error(CanCan::AuthorizationNotPerformed)
|
}.should raise_error(CanCan::AuthorizationNotPerformed)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "check_authorization should not trigger AuthorizationNotPerformed when :if is false" do
|
||||||
|
stub(@controller).check_auth? { false }
|
||||||
|
mock(@controller_class).after_filter({}) { |options, block| block.call(@controller) }
|
||||||
|
lambda {
|
||||||
|
@controller_class.check_authorization(:if => :check_auth?)
|
||||||
|
}.should_not raise_error(CanCan::AuthorizationNotPerformed)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "check_authorization should not trigger AuthorizationNotPerformed when :unless is true" do
|
||||||
|
stub(@controller).engine_controller? { true }
|
||||||
|
mock(@controller_class).after_filter({}) { |options, block| block.call(@controller) }
|
||||||
|
lambda {
|
||||||
|
@controller_class.check_authorization(:unless => :engine_controller?)
|
||||||
|
}.should_not raise_error(CanCan::AuthorizationNotPerformed)
|
||||||
|
end
|
||||||
|
|
||||||
it "check_authorization should not raise error when @_authorized is set" do
|
it "check_authorization should not raise error when @_authorized is set" do
|
||||||
@controller.instance_variable_set(:@_authorized, true)
|
@controller.instance_variable_set(:@_authorized, true)
|
||||||
mock(@controller_class).after_filter(:some_options) { |options, block| block.call(@controller) }
|
mock(@controller_class).after_filter(:only => [:test]) { |options, block| block.call(@controller) }
|
||||||
lambda {
|
lambda {
|
||||||
@controller_class.check_authorization(:some_options)
|
@controller_class.check_authorization(:only => [:test])
|
||||||
}.should_not raise_error(CanCan::AuthorizationNotPerformed)
|
}.should_not raise_error(CanCan::AuthorizationNotPerformed)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user