Skip to content

Commit

Permalink
Fixes omnipotence for obligations (Closes stffn#90)
Browse files Browse the repository at this point in the history
  • Loading branch information
@stffn
stffn committed Jan 28, 2012
1 parent 616a703 commit 2a07f2a
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
2 changes: 2 additions & 0 deletions lib/declarative_authorization/authorization.rb
View file
Expand Up @@ -233,6 +233,8 @@ def obligations (privilege, options = {})

permit!(privilege, :skip_attribute_test => true, :user => user, :context => options[:context])

return [] if roles.is_a?(Array) and not (roles & omnipotent_roles).empty?

attr_validator = AttributeValidator.new(self, user, nil, privilege, options[:context])
matching_auth_rules(roles, privileges, options[:context]).collect do |rule|
rule.obligations(attr_validator)
Expand Down
22 changes: 21 additions & 1 deletion test/authorization_test.rb
View file
Expand Up @@ -34,7 +34,7 @@ def test_permit_context_people
:user => MockUser.new(:test_role))
end

def test_permit_elevated_people
def test_permit_with_has_omnipotence
reader = Authorization::Reader::DSLReader.new
reader.parse %{
authorization do
Expand Down Expand Up @@ -121,6 +121,26 @@ def test_obligations_with_conditions
:user => MockUser.new(:test_role, :attr => 1))
end

def test_obligations_with_omnipotence
reader = Authorization::Reader::DSLReader.new
reader.parse %{
authorization do
role :admin do
has_omnipotence
end
role :test_role do
has_permission_on :permissions, :to => :test do
if_attribute :attr => is { user.attr }
end
end
end
}
engine = Authorization::Engine.new(reader)
assert_equal [],
engine.obligations(:test, :context => :permissions,
:user => MockUser.new(:test_role, :admin, :attr => 1))
end

def test_obligations_with_anded_conditions
reader = Authorization::Reader::DSLReader.new
reader.parse %{
Expand Down

0 comments on commit 2a07f2a

Please sign in to comment.