Skip to content
Browse files

passing block to enable_authorization will be executed when CanCan::U…

…nauthorized exception is raised
  • Loading branch information...
1 parent cf2896f commit 35fbee578f16002f39c3e13ad8e755eb03d241bb @ryanb committed Mar 25, 2011
Showing with 13 additions and 3 deletions.
  1. +4 −3 lib/cancan/controller_additions.rb
  2. +9 −0 spec/cancan/controller_additions_spec.rb
View
7 lib/cancan/controller_additions.rb
@@ -251,19 +251,20 @@ def skip_authorize_resource(*args)
#
# enable_authorization :unless => :devise_controller?
#
- def enable_authorization(options = {})
- self.before_filter(options.slice(:only, :except)) do |controller|
+ def enable_authorization(options = {}, &block)
+ before_filter(options.slice(:only, :except)) do |controller|
break if options[:if] && !controller.send(options[:if])
break if options[:unless] && controller.send(options[:unless])
controller.authorize! controller.params[:action], controller.params[:controller]
end
- self.after_filter(options.slice(:only, :except)) do |controller|
+ after_filter(options.slice(:only, :except)) do |controller|
break if options[:if] && !controller.send(options[:if])
break if options[:unless] && controller.send(options[:unless])
unless controller.current_ability.fully_authorized? controller.params[:action], controller.params[:controller]
raise CanCan::InsufficientAuthorizationCheck, "Authorization check is not sufficient for this action. This is probably because you have a conditions or attributes defined in Ability and are not checking for them in the action."
end
end
+ rescue_from(CanCan::Unauthorized, &block) if block
end
def cancan_resource_class
View
9 spec/cancan/controller_additions_spec.rb
@@ -95,4 +95,13 @@
@controller_class.enable_authorization(:unless => :engine_controller?)
@authorize_called.should be_false
end
+
+ it "enable_authorization should pass block to rescue_from CanCan::Unauthorized call" do
+ @block_called = false
+ mock(@controller_class).before_filter({})
+ mock(@controller_class).after_filter({})
+ mock(@controller_class).rescue_from(CanCan::Unauthorized) { |options, block| block.call(:exception) }
+ @controller_class.enable_authorization { |e| @block_called = (e == :exception) }
+ @block_called.should be_true
+ end
end

0 comments on commit 35fbee5

Please sign in to comment.
Something went wrong with that request. Please try again.