Permalink
Browse files

fixes asserts

  • Loading branch information...
mokevnin committed Dec 8, 2010
1 parent 33216a6 commit e8d01b6e5849a3367f2d939da5c000851e3517da
View
@@ -2,4 +2,5 @@
require 'ya_acl/builder'
require 'ya_acl/role'
require 'ya_acl/resource'
-require 'ya_acl/resource_proxy'
+require 'ya_acl/resource_proxy'
+require 'ya_acl/assert'
View
@@ -37,9 +37,9 @@ def allow?(resource_name, privilege, roles, params = [], options = {})
res.allow? privilege, roles, params, options
end
- def check!(resource, privilege, roles, params = [], options = {})
- unless allow?(resource, privilege, roles, params, options)
- raise AccessDeniedError, "Access denied for '#{resource}' and privilege '#{privilege}' with options '#{options.inspect}'"
+ def check!(resource_name, privilege, roles, params = [], options = {})
+ unless allow?(resource_name, privilege, roles, params, options)
+ raise AccessDeniedError, "Access denied for '#{resource_name}' and privilege '#{privilege}' with options '#{options.inspect}'"
end
true
View
@@ -0,0 +1,27 @@
+module YaAcl
+
+ class Assert
+ def initialize(&block)
+ @block = block
+ end
+ def check(can_roles, processing_roles, params)
+ @can_roles = can_roles
+ @processing_roles = processing_roles
+
+ @result = false
+ instance_exec(*params, &@block)
+ @result
+ end
+
+ def assert(*args)
+ func = args.pop
+ roles = args
+
+ if roles != (roles & @can_roles)
+ raise ArgumentError, "Not allowed for #{roles.inspect}"
+ end
+
+ @result = (@processing_roles & roles).any? ? func.call : true
+ end
+ end
+end
View
@@ -37,7 +37,7 @@ def resource(name, allow_roles = [], &block)
end
#TODO
- proxy = ResourceProxy.new(name, resource_allow_roles, existing_roles, &block)
+ proxy = ResourceProxy.new(name, resource_allow_roles, existing_roles, block)
acl.add_resource(proxy.resource)
end
end
View
@@ -22,27 +22,26 @@ def allow?(privilege, roles, params = [], options = {})
return false unless @privilegies[p][key]
return false if (@privilegies[p][key][:roles] & r || []).empty?
- privilege_accert = @privilegies[p][key][:assert]
- if privilege_accert
- @processing_privilege = privilege
- @processing_key = key
- @processing_roles = r
- if false == privilege_accert.call(*params)
+ assert = @privilegies[p][key][:assert]
+ if assert
+ can_roles = @privilegies[p][key][:roles]
+
+ if false == assert.check(can_roles, r, params)
return false
end
end
true
end
- def allow(privilege, roles, options = {}, check_block = nil)
+ def allow(privilege, roles, options = {}, &block)
p = privilege.to_sym
@privilegies[p] ||= {}
r = roles.collect(&:to_sym)
key = privilege_key(options)
@privilegies[p][key] ||= {}
@privilegies[p][key][:roles] = (@privilegies[p][key][:roles] || []) | r
- @privilegies[p][key][:assert] = check_block
+ @privilegies[p][key][:assert] = block && Assert.new(&block) || nil
end
def deny(privilege, roles, options = {})
@@ -58,16 +57,5 @@ def deny(privilege, roles, options = {})
def privilege_key(options = {})
options.any? ? options.sort.to_s : :default
end
-
- def assert(*args)
- func = args.pop
- roles = args
- can_roles = @privilegies[@processing_privilege][@processing_key][:roles]
- if roles != can_roles & roles
- raise ArgumentError, "Not allowed for #{roles.inspect}"
- end
- return true unless (@processing_roles & roles).any?
- func.call
- end
end
end
@@ -1,7 +1,7 @@
module YaAcl
class ResourceProxy
- def initialize(name, allow_roles, existing_roles, &block)
+ def initialize(name, allow_roles, existing_roles, block)
@resource = Resource.new(name)
@allow_roles = allow_roles
@existing_roles = existing_roles
@@ -14,14 +14,15 @@ def resource
def method_missing(privilege, *args, &check_block)
options = args[0] || {}
+
allow = (options.delete(:allow) || []) | @allow_roles
deny = options.delete(:deny) || []
if (allow | deny) & @existing_roles != (allow | deny)
raise ArgumentError, "Check roles for resource #{@resource.name} and privilege '#{privilege}'"
end
- resource.allow(privilege, allow, options, check_block)
+ resource.allow(privilege, allow, options, &check_block)
resource.deny(privilege, deny, options)
end
alias_method :privilege, :method_missing
@@ -74,4 +74,22 @@
end
}.should raise_exception(ArgumentError)
end
+
+ it 'should be work with assert' do
+ acl = YaAcl::Builder.build do
+ roles do
+ role :admin
+ role :another_user
+ end
+ resources :admin do
+ resource 'name', [:another_user] do
+ create do |var|
+ assert :admin, :another_user, lambda { true }
+ end
+ end
+ end
+ end
+
+ acl.check!('name', :create, :admin, [2]).should be_true
+ end
end
@@ -2,12 +2,12 @@
describe YaAcl::Resource do
it 'should be work allow?' do
- resource = YaAcl::Resource.new 'controller_name' do
- index :allow => [:admin, :member], :deny => [:guest]
- index :allow => [:moderator], :format => 'json'
- update :allow => [:editor], :format => 'json'
- update
- end
+ resource = YaAcl::Resource.new 'controller_name'
+ resource.allow :index, [:admin, :member]
+ resource.deny :index, [:guest]
+ resource.allow :index, [:moderator], :format => 'json'
+ resource.allow :update, [:editor], :format => 'json'
+ resource.allow :update, [:admin]
resource.name.should == 'controller_name'
resource.allow?('index', :moderator, [], :format => 'json').should be_true
@@ -21,10 +21,9 @@
end
it 'should be work allow? with inheritance' do
- resource = YaAcl::Resource.new 'controller_name', :admin do
- index :allow => [:guest]
- empty
- end
+ resource = YaAcl::Resource.new 'controller_name'
+ resource.allow :index, [:admin, :guest]
+ resource.allow :empty, [:admin]
resource.allow?(:index, :guest).should be_true
resource.allow?(:index, :admin).should be_true
@@ -33,12 +32,11 @@
end
it 'should be work allow? with assert' do
- resource = YaAcl::Resource.new 'controller_name', :admin do
- index :allow => [:guest], :format => 'xml' do |object_user_id, user_id|
- assert :guest, lambda {
- object_user_id == user_id ? true : false
- }
- end
+ resource = YaAcl::Resource.new 'controller_name'
+ resource.allow :index, [:admin, :guest], :format => 'xml' do |object_user_id, user_id|
+ assert :guest, lambda {
+ object_user_id == user_id ? true : false
+ }
end
resource.allow?(:index, :guest, [3, 4]).should be_false

0 comments on commit e8d01b6

Please sign in to comment.