@@ -18,6 +18,22 @@ end Above example gives access to users with admin role and to the owner of the @photo object which is to be updated. +There can also be passed array of owners as owner method argument: + +class UsersController < ApplicationController + before_filter :login_required, :only => [:update_photo] + before_filter :find_photo # sets @photo + owner '@users' + access_control :update_photo => '(admin | owner)' + + protected + + def find_photo + @photo = Photo.find(params[:id]) + @users = [@photo.owner_1, @photo.owner_2] + end +end + page_owner ---------- @@ -46,6 +62,7 @@ owner '@album.user', {}, :new => '@user', :index => '@another_user', :create => Some actions don't have any owner, and then we can just set owners of such actions to be nil. + TESTS Tests won't work if acl plugin is in another directory than ../acl_system2 README @@ -11,7 +11,14 @@ module Ocher def check(key, context) if key.downcase == 'owner' logged_user context[:user] do - (context[:user].id == context[:owner].id) + unless context[:owner].is_a?(Array) + (context[:user].id == context[:owner].id) + else + context[:owner].each do |owner| + return true if owner.id == context[:user].id + end + false + end end elsif key.downcase == 'page_owner' logged_user context[:user] do lib/acl_system2_ownership.rb @@ -14,13 +14,9 @@ class AbstractUser attr_accessor :id attr_accessor :name - def initialize(name = 'name') + def initialize(name = 'name', id = 1) @name = name - end - - def id - @id ||= 1 - @id + @id = id end end @@ -147,4 +143,16 @@ class AclSystem2OwnershipTest < Test::Unit::TestCase assert_equal controller.permit?("page_owner", context), false assert_equal controller.permit?("user | page_owner", context), true end + + def test_array_of_owners + owner1, owner2 = User.new('owner1', 1), User.new('owner1', 2) + context_owner1 = { :user => User.new('owner1', 1) } # logged in user, id = 1 + context_owner2 = { :user => User.new('owner2', 2) } # logged in user, id = 2 + context_not_owner = { :user => User.new('owner2', 1000) } # logged in user, id = 1000 + controller = ControllerProxy.new([owner1, owner2]) # user 1 is owner of object (the same id) + + assert_equal true, controller.permit?("owner", context_owner1) + assert_equal true, controller.permit?("owner", context_owner2) + assert_equal false, controller.permit?("owner", context_not_owner) + end end test/acl_system2_ownership_test.rb e176d258771b134d5eb9c74f4f320110a538ba24 Michal Ochman ocherek@gmail.com http://github.com/ocher/acl2_ownership/commit/b0ae8f2ee3ff1cdd8a1131512c8238f74dfc8c5c b0ae8f2ee3ff1cdd8a1131512c8238f74dfc8c5c 2008-09-13T13:03:35-07:00 2008-09-13T13:03:35-07:00 Added support for setting array of owners 9232c9a81f176584c79994c3aff390c917603bd1 Michal Ochman ocherek@gmail.com