Permalink
Browse files

Put all available actions to reflect_on_security

  • Loading branch information...
1 parent 8e1eff4 commit 28dcccea7ec06b15a4fc467a35f32041979707b1 @denyago committed Nov 9, 2012
Showing with 27 additions and 3 deletions.
  1. +9 −1 lib/heimdallr/evaluator.rb
  2. +2 −1 lib/heimdallr/proxy/collection.rb
  3. +3 −1 lib/heimdallr/proxy/record.rb
  4. +13 −0 spec/proxy_examples.rb
View
10 lib/heimdallr/evaluator.rb
@@ -139,12 +139,20 @@ def can?(action)
# Return a Hash to be mixed in in +reflect_on_security+ methods of {Proxy::Collection}
# and {Proxy::Record}.
+ #
+ # @deprecated use +#actions+ instead
def reflection
{
- operations: [ :view, :create, :update ].select { |op| can? op }
+ operations: actions
}
end
+ # Returns Array to be used in +reflect_on_security+ methods of {Proxy::Collection}
+ # and {Proxy::Record}.
+ def actions
+ ([ :view, :create, :update ] | @allowed_fields.keys ).select { |op| can? op }
+ end
+
# Compute the restrictions for a given +context+ and possibly a specific +record+.
# Invokes a +block+ passed to the +initialize+ once.
#
View
3 lib/heimdallr/proxy/collection.rb
@@ -275,7 +275,8 @@ def reflect_on_security
scope: @scope,
options: @options,
restrictions: @restrictions,
- }.merge(@restrictions.reflection)
+ operations: @restrictions.actions
+ }
end
def creatable?
View
4 lib/heimdallr/proxy/record.rb
@@ -287,13 +287,15 @@ def inspect
#
# @return [Hash]
def reflect_on_security
+ operations = @restrictions.actions | ( destroyable? ? [:delete] : [] )
{
model: @record.class,
context: @context,
record: @record,
options: @options,
restrictions: @restrictions,
- }.merge(@restrictions.reflection)
+ operations: operations
+ }
end
def visible?
View
13 spec/proxy_examples.rb
@@ -100,6 +100,19 @@ def run_specs(user_model, article_model, dont_save_model)
article.restrict(@looser).able_to?(:foo).should_not be_true
end
+ describe "contains all available actions in reflect_on_security[:operations]" do
+ it "of Proxy::Record" do
+ article = article_model.create! :owner_id => @john.id, :content => 'test', :secrecy_level => 4
+ article.restrict(@john).reflect_on_security[:operations].should =~ [:create, :view, :update, :delete, :foo]
+ article.restrict(@looser).reflect_on_security[:operations].should =~ [:create, :view]
+ end
+
+ it "of Proxy::Collection" do
+ article_model.restrict(@john).reflect_on_security[:operations].should =~ [:create, :view]
+ article_model.restrict(@looser).reflect_on_security[:operations].should =~ [:create, :view]
+ end
+ end
+
it "should not create anything else if it did not saved" do
expect {
article_model.restrict(@looser).create! :content => 'test', :secrecy_level => 10, :dont_save => 'ok' rescue nil

0 comments on commit 28dccce

Please sign in to comment.