Permalink
Browse files

Implement a :namespace option for filter_access_to in order to handle…

… namespaced controllers.

Conflicts:

	declarative_authorization.gemspec.src
	test/controller_test.rb

Merge uhees and stffn
  • Loading branch information...
Jeroen van Dijk
Jeroen van Dijk committed Aug 26, 2009
1 parent 7225757 commit 1f9c2e626440aab4167999a3bc32c79ab148af2d
Showing with 72 additions and 3 deletions.
  1. +25 −3 lib/declarative_authorization/in_controller.rb
  2. +47 −0 test/controller_test.rb
@@ -222,6 +222,14 @@ module ClassMethods
# Privilege required; defaults to action_name
# [:+context+]
# The privilege's context, defaults to controller_name, pluralized.
+ # [:+namespace+]
+ # Prefix the default controller context with.
+ # * +true+: the model namespace(s) separated with underscores,
+ # * +Symbol+ or +String+: the given symbol or string
+ # * else: no prefix
+ # Example:
+ # filter_access_to :show, :namespace => true
+ # filter_access_to :delete, :namespace => :foo
# [:+attribute_check+]
# Enables the check of attributes defined in the authorization rules.
# Defaults to false. If enabled, filter_access_to will use a context
@@ -250,6 +258,7 @@ def filter_access_to (*args, &filter_block)
options = {
:require => nil,
:context => nil,
+ :namespace => nil,
:attribute_check => false,
:model => nil,
:load_method => nil
@@ -268,6 +277,7 @@ def filter_access_to (*args, &filter_block)
end
filter_access_permissions <<
ControllerPermission.new(actions, privilege, context,
+ options[:namespace],
options[:attribute_check],
options[:model],
options[:load_method],
@@ -498,19 +508,31 @@ def actions_from_option (option) # :nodoc:
end
class ControllerPermission # :nodoc:
- attr_reader :actions, :privilege, :context, :attribute_check
- def initialize (actions, privilege, context, attribute_check = false,
+ attr_reader :actions, :privilege, :context, :namespace, :attribute_check
+ def initialize (actions, privilege, context, namespace, attribute_check = false,
load_object_model = nil, load_object_method = nil,
filter_block = nil)
@actions = actions.to_set
@privilege = privilege
@context = context
+ @namespace = namespace
@load_object_model = load_object_model
@load_object_method = load_object_method
@filter_block = filter_block
@attribute_check = attribute_check
end
+ def controller_context(contr)
+ case @namespace
+ when true
+ "#{contr.class.name.gsub(/::/, "_").gsub(/Controller$/, "").underscore}".to_sym
+ when String, Symbol
+ "#{@namespace.to_s}_#{contr.class.controller_name}".to_sym
+ else
+ contr.class.controller_name.to_sym
+ end
+ end
+
def matches? (action_name)
@actions.include?(action_name.to_sym)
end
@@ -519,7 +541,7 @@ def permit! (contr)
if @filter_block
return contr.instance_eval(&@filter_block)
end
- context = @context || contr.class.controller_name.to_sym
+ context = @context || controller_context(contr)
object = @attribute_check ? load_object(contr, context) : nil
privilege = @privilege || :"#{contr.action_name}"
View
@@ -2,6 +2,9 @@
class LoadMockObject < MockDataObject
+ def self.find(*args)
+ new :id => args[0]
+ end
end
##################
@@ -367,3 +370,47 @@ def test_controller_hierarchy
assert !@controller.authorized?
end
end
+
+##################
+module Foo
+ class CommonController < MocksController
+ filter_access_to :all
+ filter_access_to :new
+ filter_access_to :show, :namespace => :bar
+ filter_access_to :delete, :namespace => true
+
+ define_action_methods :new, :show, :delete
+ end
+end
+class NamespacedControllerTest < ActionController::TestCase
+ tests Foo::CommonController
+ def test_namespaced_controller
+ reader = Authorization::Reader::DSLReader.new
+ reader.parse %{
+ authorization do
+ role :test_role1 do
+ has_permission_on :common, :to => [:new, :show, :delete]
+ end
+ role :test_role2 do
+ has_permission_on :common, :to => [:new]
+ has_permission_on :bar_common, :to => [:show]
+ has_permission_on :foo_common, :to => [:delete]
+ end
+ end
+ }
+ request!(MockUser.new(:test_role1), "new", reader)
+ assert @controller.authorized?
+ request!(MockUser.new(:test_role1), "show", reader)
+ assert !@controller.authorized?
+ request!(MockUser.new(:test_role1), "delete", reader)
+ assert !@controller.authorized?
+
+ request!(MockUser.new(:test_role2), "new", reader)
+ assert @controller.authorized?
+ request!(MockUser.new(:test_role2), "show", reader)
+ assert @controller.authorized?
+ request!(MockUser.new(:test_role2), "delete", reader)
+ assert @controller.authorized?
+ end
+end
+

0 comments on commit 1f9c2e6

Please sign in to comment.