will/cancan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

don't authorize based on resource name in authorize_resource since this is already handled by enable_authorization

Browse Source
This commit is contained in:
Ryan Bates 2011-03-25 16:40:20 -07:00
parent 27eba72e4b
commit f41b39406c
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/cancan/controller_resource.rb
View File

@ -33,7 +33,7 @@ module CanCan
end end
def authorize_resource def authorize_resource
@controller.authorize!(authorization_action, resource_instance || subject_name_with_parent) @controller.authorize!(authorization_action, resource_instance) if resource_instance
end end
def parent? def parent?

13
spec/cancan/controller_resource_spec.rb
View File

@ -95,12 +95,12 @@ describe CanCan::ControllerResource do
@controller.instance_variable_defined?(:@projects).should be_false @controller.instance_variable_defined?(:@projects).should be_false
end end
it "should not authorize single resource in collection action" do it "should not authorize resource in collection action" do
@params[:action] = "index" @params[:action] = "index"
@controller.instance_variable_set(:@project, :some_project) @controller.instance_variable_set(:@project, :some_project)
stub(@controller).authorize!(:index, :projects) { raise CanCan::Unauthorized } stub(@controller).authorize!(:index, :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller) resource = CanCan::ControllerResource.new(@controller)
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized) lambda { resource.authorize_resource }.should_not raise_error(CanCan::Unauthorized)
end end
it "should authorize parent resource in collection action" do it "should authorize parent resource in collection action" do
@ -119,11 +119,11 @@ describe CanCan::ControllerResource do
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should perform authorization using controller action and non loaded model" do it "should not perform authorization using controller action when no loaded model" do
@params.merge!(:action => "show", :id => 123) @params.merge!(:action => "show", :id => 123)
stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized } stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller) resource = CanCan::ControllerResource.new(@controller)
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized) lambda { resource.authorize_resource }.should_not raise_error(CanCan::Unauthorized)
end end
it "should call load_resource and authorize_resource for load_and_authorize_resource" do it "should call load_resource and authorize_resource for load_and_authorize_resource" do
@ -242,6 +242,7 @@ describe CanCan::ControllerResource do
end end
it "should authorize nested resource through parent association on index action" do it "should authorize nested resource through parent association on index action" do
pending
@params.merge!(:action => "index") @params.merge!(:action => "index")
category = Object.new category = Object.new
@controller.instance_variable_set(:@category, category) @controller.instance_variable_set(:@category, category)
@ -311,11 +312,11 @@ describe CanCan::ControllerResource do
@controller.instance_variable_get(:@project).should == project @controller.instance_variable_get(:@project).should == project
end end
it "should authorize based on resource name if class is false" do it "should not authorize based on resource name if class is false because we don't do class level authorization anymore" do
@params.merge!(:action => "show", :id => 123) @params.merge!(:action => "show", :id => 123)
stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized } stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller, :class => false) resource = CanCan::ControllerResource.new(@controller, :class => false)
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized) lambda { resource.authorize_resource }.should_not raise_error(CanCan::Unauthorized)
end end
it "should load and authorize using custom instance name" do it "should load and authorize using custom instance name" do