Permalink
Browse files

permission control..

  • Loading branch information...
1 parent 11e03b5 commit ffa281c4492e310b8a8719ee9c4310db8197082d BigCat committed Dec 20, 2010
@@ -25,6 +25,7 @@ def create
end
def show
+ authorize!(:read, @topic)
@posts = @topic.posts.paginate(:per_page => 10, :page => params[:page])
end
View
@@ -4,7 +4,12 @@ class Ability
def initialize(user)
user ||= User.new # guest user
- can :update, Post, :user_id => user.id
+
+ can :update, Post, :user_id => user.id, :status => "published" do |post|
+ post.topic.status=="published"
+ end
+
+ can :read, Topic, :status => "published"
# if user.admin?
# can :manage, :all
@@ -66,6 +66,7 @@ def should_find_topic
def should_find_post
@post = mock_model(Post)
+ @post.stub!(:status).and_return("published")
controller.should_receive(:find_post) { controller.instance_variable_set("@post", @post) }.ordered
end
@@ -36,6 +36,7 @@ def should_find_board
def should_find_topic
@topic = mock_model(Topic)
+ @topic.stub!(:status).and_return("published")
controller.should_receive(:find_topic) { controller.instance_variable_set("@topic", @topic) }.ordered
end
@@ -48,6 +49,7 @@ def should_find_new_attachments
describe "GET show" do
it "returns the topic ant its posts" do
+ controller.stub!(:current_user).and_return(nil)
should_find_board
should_find_topic
@posts = []

0 comments on commit ffa281c

Please sign in to comment.