Commit a1c993d29421d6ea200e494a1a38a28cd94bda35 to jbarket's restful-authorization

jbarket / restful-authorization

Description:	An authorization and workflow mechanism built on top of restful_authentication
Clone URL:	git://github.com/jbarket/restful-authorization.git Give this clone URL to anyone. `git clone git://github.com/jbarket/restful-authorization.git`
Search Repo:

Fixed overlap with access_denied

Jonathan Barket (author)

Tue Apr 29 12:52:53 -0700 2008

commit a1c993d29421d6ea200e494a1a38a28cd94bda35
tree 7a1fb5387dc4c559f4c9198e95307949641df85e
parent f8bf32a831eb66bcfb7f38d3e139c7ccb1443353

CHANGELOG
generators/authorized/templates/authorized_system.rb.erb

CHANGELOG

0
@@ -1,3 +1,8 @@
0
+* 0.04 - 04/29/2008
0
+  - Fixed issue with access_denied not playing right with restful_authentication's.
0
+    Since they really serve a different purpose, I simply renamed it. authorization_denied
0
+    also now caches the call to next_authorized_url?
0
+
0
 * 0.03 - 04/28/2008
0
   - Added :only_if_logged_in? key since logged_in? can't be tested via :if (scoping)
0
   - Added generator option --library-only to allow for "safe" library updating

generators/authorized/templates/authorized_system.rb.erb

0
@@ -189,33 +189,34 @@
0
         raise "Because restful-authorization extends restful_authentication, AuthenticatedSystem must be included before first before AuthorizedSystem!" unless base.included_modules.include?(AuthenticatedSystem)
0
       end 
0
 
0
-      # When <%= users_name %>_authorized_for fails, access_denied stores the current location
0
+      # When <%= users_name %>_authorized_for fails, authorization_denied stores the current location
0
       # in the session and then handles :redirect_to and :status as described in
0
       # the require_authorization documentation.
0
       #
0
       # It's important to use restful_authentication's redirect_back_or_default
0
       # instead of redirect_to to make sure that the workflow can move forward
0
       # as well as backward.
0
-      def access_denied
0
+      def authorization_denied
0
         store_location
0
-        if status = self.next_authorized_url?(params)[:status]
0
-          if self.next_authorized_url?(params)[:url]
0
-            render self.next_authorized_url?(params)[:url].merge(:status => status)
0
+        next_authorized_url? = self.next_authorized_url?(params)
0
+        if status = next_authorized_url?[:status]
0
+          if next_authorized_url?[:url]
0
+            render next_authorized_url?[:url].merge(:status => status)
0
           else
0
             render :nothing => true, :status => status
0
           end
0
         else
0
-          if self.next_authorized_url?(params)[:url]        
0
-            redirect_to(Symbol===self.next_authorized_url?(params)[:url] ? eval(self.next_authorized_url?(params)[:url].to_s) : self.next_authorized_url?(params)[:url])
0
+          if next_authorized_url?[:url]        
0
+            redirect_to(Symbol===next_authorized_url?[:url] ? eval(next_authorized_url?[:url].to_s) : next_authorized_url?[:url])
0
           else
0
-            super
0
+            access_denied
0
           end
0
         end      
0
       end
0
 
0
       # This is the before filter called by require_authorization
0
       def check_authorization    
0
-        return access_denied unless self.url_options_authenticate?(params)
0
+        return authorization_denied unless self.url_options_authenticate?(params)
0
         true
0
       end
0

Comments

No one has commented yet.