add a check for abstract_model visibility in action authorization

fix railsadminteam#924
dparis · Feb 14, 2012 · 0a6a2b7 · 0a6a2b7
1 parent 6534f0b
commit 0a6a2b7
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 3 deletions.
diff --git a/app/helpers/rails_admin/application_helper.rb b/app/helpers/rails_admin/application_helper.rb
@@ -46,7 +46,7 @@ def main_navigation
       nodes_stack.group_by(&:navigation_label).map do |navigation_label, nodes|
 
         %{<li class='nav-header'>#{navigation_label || t('admin.misc.navigation')}</li>}.html_safe + 
-        nodes.select{|n| n.parent.nil?}.map do |node|
+        nodes.select{|n| n.parent.nil? || !n.parent.in?(nodes_stack.map{|c| c.abstract_model.model }) }.map do |node|
           %{
             <li#{' class="active"' if node.page_type == @page_type }>
               <a href="#{url_for(:action => :index, :controller => 'rails_admin/main', :model_name => node.abstract_model.to_param)}">#{node.label_plural}</a>

diff --git a/lib/rails_admin/config/actions/base.rb b/lib/rails_admin/config/actions/base.rb
@@ -14,7 +14,7 @@ class Base < RailsAdmin::Config::Base
 
         # Should the action be visible
         register_instance_option :visible? do
-          authorized?
+          authorized? && (bindings[:abstract_model] ? RailsAdmin.config(bindings[:abstract_model]).with(bindings).try(:visible?) : true)
         end
 
         register_instance_option :authorized? do

diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb
@@ -35,7 +35,7 @@
 
       helper.action(:dashboard).should == nil
     end
-
+        
     it 'should return only visible actions, passing all bindings' do
       RailsAdmin.config do |config|
         config.actions do
@@ -200,6 +200,23 @@
       result.should_not match "Comments"
     end
 
+    it "should show children of hidden models" do # https://github.com/sferik/rails_admin/issues/978
+      RailsAdmin.config do |config|
+        config.included_models = [Ball, Hardball]
+        config.model Ball do
+          hide
+        end
+      end
+      helper.main_navigation.should match /(nav\-header).*(Navigation).*(Hardballs)/m
+    end
+
+    it "should show children of excluded models" do
+      RailsAdmin.config do |config|
+        config.included_models = [Hardball]
+      end
+      helper.main_navigation.should match /(nav\-header).*(Navigation).*(Hardballs)/m
+    end
+
     it 'should "nest" in navigation label' do
       RailsAdmin.config do |config|
         config.included_models = [Comment]

diff --git a/spec/unit/config/actions_spec.rb b/spec/unit/config/actions_spec.rb
@@ -42,6 +42,22 @@
       RailsAdmin::Config::Actions.find(:custom_root, {:controller => "controller"}).should be_a(RailsAdmin::Config::Actions::Base)
     end
 
+    it 'should check bindings[:abstract_model] visibility while checking action\'s visibility' do
+      RailsAdmin.config Team do 
+        hide
+      end
+
+      RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Comment)}).should be_a(RailsAdmin::Config::Actions::Index) #decoy
+      RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Team)}).should be_nil
+    end
+
+    it 'should check bindings[:abstract_model] presence while checking action\'s visibility' do
+      RailsAdmin.config do |config|
+        config.excluded_models << Team
+      end
+      RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Comment)}).should be_a(RailsAdmin::Config::Actions::Index) #decoy
+      RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Team)}).should be_nil
+    end
   end
 
   describe 'all' do