add a :bang option to Authorization::Engine.permit!

With this option permit! will return false instead of raising exceptions.
bishma-stornelli · Jun 1, 2011 · ea71502 · ea71502
1 parent 5303bf7
commit ea71502
Showing 1 changed file with 19 additions and 9 deletions.
diff --git a/lib/declarative_authorization/authorization.rb b/lib/declarative_authorization/authorization.rb
@@ -129,13 +129,17 @@ def initialize_copy (from) # :nodoc:
     # [:+user+] 
     #   The user to check the authorization for.
     #   Defaults to Authorization#current_user.
+    # [:+bang+]
+    #   Should NotAuthorized exceptions be raised
+    #   Defaults to true.
     #
     def permit! (privilege, options = {})
       return true if Authorization.ignore_access_control
       options = {
         :object => nil,
         :skip_attribute_test => false,
-        :context => nil
+        :context => nil,
+        :bang => true
       }.merge(options)
 
       # Make sure we're handling all privileges as symbols.
@@ -168,17 +172,23 @@ def permit! (privilege, options = {})
       # at least one of the given privileges
       attr_validator = AttributeValidator.new(self, user, options[:object], privilege, options[:context])
       rules = matching_auth_rules(roles, privileges, options[:context])
-      if rules.empty?
-        raise NotAuthorized, "No matching rules found for #{privilege} for #{user.inspect} " +
-          "(roles #{roles.inspect}, privileges #{privileges.inspect}, " +
-          "context #{options[:context].inspect})."
-      end
 
       # Test each rule in turn to see whether any one of them is satisfied.
-      unless rules.any? {|rule| rule.validate?(attr_validator, options[:skip_attribute_test])}
-        raise AttributeAuthorizationError, "#{privilege} not allowed for #{user.inspect} on #{(options[:object] || options[:context]).inspect}."
+      rules.each do |rule|
+        return true if rule.validate?(attr_validator, options[:skip_attribute_test])
+      end
+
+      if options[:bang]
+        if rules.empty?
+          raise NotAuthorized, "No matching rules found for #{privilege} for #{user.inspect} " +
+            "(roles #{roles.inspect}, privileges #{privileges.inspect}, " +
+            "context #{options[:context].inspect})."
+        else
+          raise AttributeAuthorizationError, "#{privilege} not allowed for #{user.inspect} on #{(options[:object] || options[:context]).inspect}."
+        end
+      else
+        false
       end
-      true
     end
 
     # Calls permit! but rescues the AuthorizationException and returns false