fix error with single cannot condition
This commit is contained in:
parent
dbc1538054
commit
bcab8d6369
|
@ -237,9 +237,9 @@ module CanCan
|
||||||
conds.reverse.inject(nil) do |sql, action|
|
conds.reverse.inject(nil) do |sql, action|
|
||||||
behavior, condition = action
|
behavior, condition = action
|
||||||
if condition && condition != {}
|
if condition && condition != {}
|
||||||
condition = "#{subject.send(:sanitize_sql, condition)}"
|
condition = subject.send(:sanitize_sql, condition)
|
||||||
case sql
|
case sql
|
||||||
when nil then condition
|
when nil then behavior ? condition : "not (#{condition})"
|
||||||
when true_cond
|
when true_cond
|
||||||
behavior ? true_cond : "not (#{condition})"
|
behavior ? true_cond : "not (#{condition})"
|
||||||
when false_cond
|
when false_cond
|
||||||
|
|
|
@ -233,25 +233,41 @@ describe CanCan::Ability do
|
||||||
@ability.conditions(:foo, Array).should == false
|
@ability.conditions(:foo, Array).should == false
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return appropriate sql conditions" do
|
it "should return hash for single `can` definition" do
|
||||||
obj = Class.new do
|
@ability.can :read, SqlSanitizer, :blocked => false, :user_id => 1
|
||||||
def self.sanitize_sql(hash_cond)
|
|
||||||
case hash_cond
|
|
||||||
when Hash then hash_cond.map{|name, value| "#{name}=#{value}"}
|
|
||||||
when Array
|
|
||||||
hash_cond.shift.gsub('?'){"#{hash_cond.shift.inspect}"}
|
|
||||||
when String then hash_cond
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
@ability.can :read, obj
|
|
||||||
@ability.can :manage, obj, :id => 1
|
|
||||||
@ability.can :update, obj, :manager_id => 1
|
|
||||||
@ability.cannot :update, obj, :self_managed => true
|
|
||||||
|
|
||||||
@ability.sql_conditions(:update, obj).should == 'not (self_managed=true) AND ((manager_id=1) OR (id=1))'
|
@ability.sql_conditions(:read, SqlSanitizer).should == { :blocked => false, :user_id => 1 }
|
||||||
@ability.sql_conditions(:manage, obj).should == {:id=>1}
|
end
|
||||||
@ability.sql_conditions(:read, obj).should == 'true=true'
|
|
||||||
|
it "should return `not (sql)` for single `cannot` definition" do
|
||||||
|
@ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
|
||||||
|
|
||||||
|
@ability.sql_conditions(:read, SqlSanitizer).should == 'not (blocked=true AND user_id=1)'
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should return `sql` for single `can` definition in front of default cannot condition" do
|
||||||
|
@ability.cannot :read, SqlSanitizer
|
||||||
|
@ability.can :read, SqlSanitizer, :blocked => false, :user_id => 1
|
||||||
|
|
||||||
|
@ability.sql_conditions(:read, SqlSanitizer).should == 'blocked=false AND user_id=1'
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should return `not (sql)` for single `cannot` definition in front of default can condition" do
|
||||||
|
@ability.can :read, SqlSanitizer
|
||||||
|
@ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
|
||||||
|
|
||||||
|
@ability.sql_conditions(:read, SqlSanitizer).should == 'not (blocked=true AND user_id=1)'
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should return appropriate sql conditions in complex case" do
|
||||||
|
@ability.can :read, SqlSanitizer
|
||||||
|
@ability.can :manage, SqlSanitizer, :id => 1
|
||||||
|
@ability.can :update, SqlSanitizer, :manager_id => 1
|
||||||
|
@ability.cannot :update, SqlSanitizer, :self_managed => true
|
||||||
|
|
||||||
|
@ability.sql_conditions(:update, SqlSanitizer).should == 'not (self_managed=true) AND ((manager_id=1) OR (id=1))'
|
||||||
|
@ability.sql_conditions(:manage, SqlSanitizer).should == {:id=>1}
|
||||||
|
@ability.sql_conditions(:read, SqlSanitizer).should == 'true=true'
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should has eated cheezburger" do
|
it "should has eated cheezburger" do
|
||||||
|
|
|
@ -21,3 +21,14 @@ end
|
||||||
# this class helps out in testing nesting
|
# this class helps out in testing nesting
|
||||||
class Person
|
class Person
|
||||||
end
|
end
|
||||||
|
|
||||||
|
class SqlSanitizer
|
||||||
|
def self.sanitize_sql(hash_cond)
|
||||||
|
case hash_cond
|
||||||
|
when Hash then hash_cond.map{|name, value| "#{name}=#{value}"}.join(' AND ')
|
||||||
|
when Array
|
||||||
|
hash_cond.shift.gsub('?'){"#{hash_cond.shift.inspect}"}
|
||||||
|
when String then hash_cond
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
Loading…
Reference in New Issue
Block a user