@@ -208,15 +208,20 @@ module Authorization end bindvar = "#{attribute_table_alias}__#{attribute_name}_#{obligation_index}".to_sym - attribute_operator = case operator - when :contains, :is then "= :#{bindvar}" - when :does_not_contain, :is_not then "<> :#{bindvar}" - when :is_in, :intersects_with then "IN (:#{bindvar})" - when :is_not_in then "NOT IN (:#{bindvar})" - else raise AuthorizationUsageError, "Unknown operator: #{operator}" - end - obligation_conds << "#{connection.quote_table_name(attribute_table_alias)}.#{connection.quote_table_name(attribute_name)} #{attribute_operator}" - binds[bindvar] = attribute_value(value) + sql_attribute = "#{connection.quote_table_name(attribute_table_alias)}.#{connection.quote_table_name(attribute_name)}" + if value.nil? and [:is, :is_not].include?(operator) + obligation_conds << "#{sql_attribute} IS #{[:contains, :is].include?(operator) ? '' : 'NOT '}NULL" + else + attribute_operator = case operator + when :contains, :is then "= :#{bindvar}" + when :does_not_contain, :is_not then "<> :#{bindvar}" + when :is_in, :intersects_with then "IN (:#{bindvar})" + when :is_not_in then "NOT IN (:#{bindvar})" + else raise AuthorizationUsageError, "Unknown operator: #{operator}" + end + obligation_conds << "#{sql_attribute} #{attribute_operator}" + binds[bindvar] = attribute_value(value) + end end end obligation_conds << "1=1" if obligation_conds.empty? lib/declarative_authorization/obligation_scope.rb @@ -168,6 +168,34 @@ class ModelTest < Test::Unit::TestCase TestModel.delete_all end + def test_named_scope_with_is_nil + reader = Authorization::Reader::DSLReader.new + reader.parse %{ + authorization do + role :test_role do + has_permission_on :test_models, :to => :read do + if_attribute :content => nil + end + end + role :test_role_not_nil do + has_permission_on :test_models, :to => :read do + if_attribute :content => is_not { nil } + end + end + end + } + Authorization::Engine.instance(reader) + + test_model_1 = TestModel.create! + test_model_2 = TestModel.create! :content => "Content" + + assert_equal test_model_1, TestModel.with_permissions_to(:read, + :context => :test_models, :user => MockUser.new(:test_role)).first + assert_equal test_model_2, TestModel.with_permissions_to(:read, + :context => :test_models, :user => MockUser.new(:test_role_not_nil)).first + TestModel.delete_all + end + def test_named_scope_with_not_is reader = Authorization::Reader::DSLReader.new reader.parse %{ test/model_test.rb 0cbd80513c5c93b2c95b91ef78992f83c551d9c8 Steffen Bartsch sbartsch@tzi.org http://github.com/stffn/declarative_authorization/commit/1154a6ee6c29c9e705340bf835e2ab8bce6a9de6 1154a6ee6c29c9e705340bf835e2ab8bce6a9de6 2009-06-24T08:10:07-07:00 2009-06-24T08:10:07-07:00 Fix SQL condition for nil values (#15) 4476686d31db96ccbd041a2e6fedd9756dc38a22 Steffen Bartsch sbartsch@tzi.org