Permalink
Browse files

add a check for abstract_model visibility in action authorization

fix #924
  • Loading branch information...
1 parent 6534f0b commit 0a6a2b7c85ee2eab6b3533f03881fa5dd11b3821 @bbenezech bbenezech committed Feb 14, 2012
@@ -46,7 +46,7 @@ def main_navigation
nodes_stack.group_by(&:navigation_label).map do |navigation_label, nodes|
%{<li class='nav-header'>#{navigation_label || t('admin.misc.navigation')}</li>}.html_safe +
- nodes.select{|n| n.parent.nil?}.map do |node|
+ nodes.select{|n| n.parent.nil? || !n.parent.in?(nodes_stack.map{|c| c.abstract_model.model }) }.map do |node|
%{
<li#{' class="active"' if node.page_type == @page_type }>
<a href="#{url_for(:action => :index, :controller => 'rails_admin/main', :model_name => node.abstract_model.to_param)}">#{node.label_plural}</a>
@@ -14,7 +14,7 @@ class Base < RailsAdmin::Config::Base
# Should the action be visible
register_instance_option :visible? do
- authorized?
+ authorized? && (bindings[:abstract_model] ? RailsAdmin.config(bindings[:abstract_model]).with(bindings).try(:visible?) : true)
end
register_instance_option :authorized? do
@@ -35,7 +35,7 @@
helper.action(:dashboard).should == nil
end
-
+
it 'should return only visible actions, passing all bindings' do
RailsAdmin.config do |config|
config.actions do
@@ -200,6 +200,23 @@
result.should_not match "Comments"
end
+ it "should show children of hidden models" do # https://github.com/sferik/rails_admin/issues/978
+ RailsAdmin.config do |config|
+ config.included_models = [Ball, Hardball]
+ config.model Ball do
+ hide
+ end
+ end
+ helper.main_navigation.should match /(nav\-header).*(Navigation).*(Hardballs)/m
+ end
+
+ it "should show children of excluded models" do
+ RailsAdmin.config do |config|
+ config.included_models = [Hardball]
+ end
+ helper.main_navigation.should match /(nav\-header).*(Navigation).*(Hardballs)/m
+ end
+
it 'should "nest" in navigation label' do
RailsAdmin.config do |config|
config.included_models = [Comment]
@@ -42,6 +42,22 @@
RailsAdmin::Config::Actions.find(:custom_root, {:controller => "controller"}).should be_a(RailsAdmin::Config::Actions::Base)
end
+ it 'should check bindings[:abstract_model] visibility while checking action\'s visibility' do
+ RailsAdmin.config Team do
+ hide
+ end
+
+ RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Comment)}).should be_a(RailsAdmin::Config::Actions::Index) #decoy
+ RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Team)}).should be_nil
+ end
+
+ it 'should check bindings[:abstract_model] presence while checking action\'s visibility' do
+ RailsAdmin.config do |config|
+ config.excluded_models << Team
+ end
+ RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Comment)}).should be_a(RailsAdmin::Config::Actions::Index) #decoy
+ RailsAdmin::Config::Actions.find(:index, {:controller => double(:authorized? => true), :abstract_model => RailsAdmin::AbstractModel.new(Team)}).should be_nil
+ end
end
describe 'all' do

0 comments on commit 0a6a2b7

Please sign in to comment.