Browse files

Merge branch 'master' of

  • Loading branch information...
cemerick committed Mar 29, 2013
2 parents 26ef881 + 683bacc commit 487e56d1f0d8715f065f5eccd92e26b180f8054c
Showing with 17 additions and 3 deletions.
  1. +1 −1
  2. +7 −2 src/cemerick/friend.clj
  3. +5 −0 test/test_friend/functional.clj
  4. +4 −0 test/test_friend/mock_app.clj
@@ -305,7 +305,7 @@ to the application, but two entries are priviliged:
form or HTTP Basic authentication, an oAuth token, etc.; this value
_must_ be unique across all users within the application
* `:roles`, an optional collection of values enumerating the roles for
-which the user is authorized.
+which the user is authorized, or a function returning the same.
_If a map of credentials is found to be invalid, the credential function must
return nil._
@@ -248,9 +248,14 @@ Equivalent to (complement current-authentication)."}
"Returns the first value in the :roles of the current authentication
in the given identity map that isa? one of the required roles.
Returns nil otherwise, indicating that the identity is not authorized
- for the set of required roles."
+ for the set of required roles. If :roles is a fn, it will be executed
+ with no args and assumed to return a collection of roles."
[roles identity]
- (let [granted-roles (-> identity current-authentication :roles)]
+ (let [granted-roles (-> identity current-authentication :roles)
+ granted-roles (if (fn? granted-roles)
+ (granted-roles)
+ granted-roles)]
(first (for [granted granted-roles
required roles
:when (isa? granted required)]
@@ -141,6 +141,11 @@
(is (= {:roles ["test-friend.mock-app/admin"]} (:body (http/get (url "/echo-roles") {:as :json}))))))
+(deftest admin-login-fn-role
+ (binding [clj-http.core/*cookie-store* (clj-http.cookies/cookie-store)]
+ (http/post (url "/login") {:form-params {:username "root-fn-role" :password "admin_password"}})
+ (check-user-role-access)))
(deftest logout-only-on-correct-uri
;; logout middleware was previously being applied eagerly
(binding [clj-http.core/*cookie-store* (clj-http.cookies/cookie-store)]
@@ -101,6 +101,10 @@
(def users {"root" {:username "root"
:password (creds/hash-bcrypt "admin_password")
:roles #{::admin}}
+ "root-fn-role" {:username "root-fn-role"
+ :password (creds/hash-bcrypt "admin_password")
+ :roles (constantly #{::admin})}
"jane" {:username "jane"
:password (creds/hash-bcrypt "user_password")
:roles #{::user}}})

0 comments on commit 487e56d

Please sign in to comment.