will/cancan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

don't authorize uncountable instance in collection action - closes #193

Browse Source
This commit is contained in:
Ryan Bates
2011-01-05 13:47:38 -08:00
parent 15ca8ade3b
commit bc9ecb226d
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
spec/cancan/controller_resource_spec.rb
View File

@@ -91,6 +91,22 @@ describe CanCan::ControllerResource do
@controller.instance_variable_defined?(:@projects).should be_false
end
it "should not authorize single resource in collection action" do
@params[:action] = "index"
@controller.instance_variable_set(:@project, :some_project)
stub(@controller).authorize!(:index, Project) { raise CanCan::AccessDenied }
resource = CanCan::ControllerResource.new(@controller)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
end
it "should authorize parent resource in collection action" do
@params[:action] = "index"
@controller.instance_variable_set(:@category, :some_category)
stub(@controller).authorize!(:read, :some_category) { raise CanCan::AccessDenied }
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
end
it "should perform authorization using controller action and loaded model" do
@params[:action] = "show"
@controller.instance_variable_set(:@project, :some_project)