Skip to content

Make overwritting of access filters optional. #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Make overwritting of access filters optional. #187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions lib/declarative_authorization/in_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,9 @@ module ClassMethods
# Example demonstrating the default behavior:
# filter_access_to :show, :attribute_check => true,
# :load_method => lambda { User.find(params[:id]) }
#
# [:+overwrite+]
# Specifify if this filter will overwrite any access filter for the actions
# they have in common. Defaults to +true+.

def filter_access_to (*args, &filter_block)
options = args.last.is_a?(Hash) ? args.pop : {}
Expand All @@ -290,7 +292,8 @@ def filter_access_to (*args, &filter_block)
:context => nil,
:attribute_check => false,
:model => nil,
:load_method => nil
:load_method => nil,
:overwrite => true
}.merge!(options)
privilege = options[:require]
context = options[:context]
Expand All @@ -300,8 +303,10 @@ def filter_access_to (*args, &filter_block)
skip_before_filter :filter_access_filter
before_filter :filter_access_filter

filter_access_permissions.each do |perm|
perm.remove_actions(actions)
if options[:overwrite]
filter_access_permissions.each do |perm|
perm.remove_actions(actions)
end
end
filter_access_permissions <<
ControllerPermission.new(actions, privilege, context,
Expand Down
24 changes: 23 additions & 1 deletion test/controller_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,9 @@ class AccessOverwritesController < MocksController
filter_access_to :test_action, :test_action_2,
:require => :test, :context => :permissions_2
filter_access_to :test_action, :require => :test, :context => :permissions
define_action_methods :test_action, :test_action_2
filter_access_to :test_action_3, :require => :test_2, :context => :permissions
filter_access_to :test_action_3, :require => :test, :context => :permissions, :overwrite => false
define_action_methods :test_action, :test_action_2, :test_action_3
end
class AccessOverwritesControllerTest < ActionController::TestCase
def test_filter_access_overwrite
Expand All @@ -352,6 +354,26 @@ def test_filter_access_overwrite
request!(MockUser.new(:test_role), "test_action", reader)
assert @controller.authorized?
end

def test_filter_access_overwrite_disabled
reader = Authorization::Reader::DSLReader.new
reader.parse %{
authorization do
role :test_role do
has_permission_on :permissions, :to => :test
end

role :test_role_2 do
has_permission_on :permissions, :to => [ :test, :test_2 ]
end
end
}
request!(MockUser.new(:test_role), "test_action_3", reader)
assert [email protected]?

request!(MockUser.new(:test_role_2), "test_action_3", reader)
assert @controller.authorized?
end
end


Expand Down