will/cancan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix error with single cannot condition

Browse Source
This commit is contained in:
Yura Sokolov 2010-05-25 12:14:01 +04:00
parent dbc1538054
commit bcab8d6369
3 changed files with 47 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/cancan/ability.rb
View File

@ -237,9 +237,9 @@ module CanCan
conds.reverse.inject(nil) do |sql, action| conds.reverse.inject(nil) do |sql, action|
behavior, condition = action behavior, condition = action
if condition && condition != {} if condition && condition != {}
condition = "#{subject.send(:sanitize_sql, condition)}" condition = subject.send(:sanitize_sql, condition)
case sql case sql
when nil then condition when nil then behavior ? condition : "not (#{condition})"
when true_cond when true_cond
behavior ? true_cond : "not (#{condition})" behavior ? true_cond : "not (#{condition})"
when false_cond when false_cond

52
spec/cancan/ability_spec.rb
View File

@ -233,25 +233,41 @@ describe CanCan::Ability do
@ability.conditions(:foo, Array).should == false @ability.conditions(:foo, Array).should == false
end end
it "should return appropriate sql conditions" do it "should return hash for single `can` definition" do
obj = Class.new do @ability.can :read, SqlSanitizer, :blocked => false, :user_id => 1
def self.sanitize_sql(hash_cond)
case hash_cond
when Hash then hash_cond.map{|name, value| "#{name}=#{value}"}
when Array
hash_cond.shift.gsub('?'){"#{hash_cond.shift.inspect}"}
when String then hash_cond
end
end
end
@ability.can :read, obj
@ability.can :manage, obj, :id => 1
@ability.can :update, obj, :manager_id => 1
@ability.cannot :update, obj, :self_managed => true
@ability.sql_conditions(:update, obj).should == 'not (self_managed=true) AND ((manager_id=1) OR (id=1))' @ability.sql_conditions(:read, SqlSanitizer).should == { :blocked => false, :user_id => 1 }
@ability.sql_conditions(:manage, obj).should == {:id=>1} end
@ability.sql_conditions(:read, obj).should == 'true=true'
it "should return `not (sql)` for single `cannot` definition" do
@ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
@ability.sql_conditions(:read, SqlSanitizer).should == 'not (blocked=true AND user_id=1)'
end
it "should return `sql` for single `can` definition in front of default cannot condition" do
@ability.cannot :read, SqlSanitizer
@ability.can :read, SqlSanitizer, :blocked => false, :user_id => 1
@ability.sql_conditions(:read, SqlSanitizer).should == 'blocked=false AND user_id=1'
end
it "should return `not (sql)` for single `cannot` definition in front of default can condition" do
@ability.can :read, SqlSanitizer
@ability.cannot :read, SqlSanitizer, :blocked => true, :user_id => 1
@ability.sql_conditions(:read, SqlSanitizer).should == 'not (blocked=true AND user_id=1)'
end
it "should return appropriate sql conditions in complex case" do
@ability.can :read, SqlSanitizer
@ability.can :manage, SqlSanitizer, :id => 1
@ability.can :update, SqlSanitizer, :manager_id => 1
@ability.cannot :update, SqlSanitizer, :self_managed => true
@ability.sql_conditions(:update, SqlSanitizer).should == 'not (self_managed=true) AND ((manager_id=1) OR (id=1))'
@ability.sql_conditions(:manage, SqlSanitizer).should == {:id=>1}
@ability.sql_conditions(:read, SqlSanitizer).should == 'true=true'
end end
it "should has eated cheezburger" do it "should has eated cheezburger" do

11
spec/spec_helper.rb
View File

@ -21,3 +21,14 @@ end
# this class helps out in testing nesting # this class helps out in testing nesting
class Person class Person
end end
class SqlSanitizer
def self.sanitize_sql(hash_cond)
case hash_cond
when Hash then hash_cond.map{|name, value| "#{name}=#{value}"}.join(' AND ')
when Array
hash_cond.shift.gsub('?'){"#{hash_cond.shift.inspect}"}
when String then hash_cond
end
end
end