Permalink
Browse files

load the collection instance variable on index action - closes #137

  • Loading branch information...
ryanb committed Sep 7, 2010
1 parent 158c908 commit 9d915457afb53f116e31d602ed89073a9c1f21e4
View
@@ -221,6 +221,10 @@ def attributes_for(action, subject)
attributes
end
+ def has_block?(action, subject)
+ relevant_can_definitions(action, subject).any?(&:only_block?)
+ end
+
private
def unauthorized_message_keys(action, subject)
@@ -28,6 +28,8 @@ def load_and_authorize_resource
def load_resource
if !resource_instance && (parent? || member_action?)
@controller.instance_variable_set("@#{instance_name}", load_resource_instance)
+ elsif load_collection?
+ @controller.instance_variable_set("@#{instance_name.pluralize}", load_collection)
end
end
@@ -49,6 +51,16 @@ def load_resource_instance
end
end
+ def load_collection?
+ !parent? && collection_actions.include?(@params[:action].to_sym) &&
+ resource_base.respond_to?(:accessible_by) &&
+ !@controller.current_ability.has_block?(authorization_action, resource_class)
+ end
+
+ def load_collection
+ resource_base.accessible_by(@controller.current_ability)
+ end
+
def build_resource
resource = resource_base.send(@options[:singleton] ? "build_#{name}" : "new")
initial_attributes.each do |name, value|
@@ -282,6 +282,15 @@
lambda { @ability.authorize!(:read, :foo) }.should_not raise_error
end
+ it "should know when block is used in conditions" do
+ @ability.can :read, :foo
+ @ability.should_not have_block(:read, :foo)
+ @ability.can :read, :foo do |foo|
+ false
+ end
+ @ability.should have_block(:read, :foo)
+ end
+
it "should raise access denied exception with default message if not specified" do
begin
@ability.authorize! :read, :foo
@@ -4,8 +4,9 @@
before(:each) do
@params = HashWithIndifferentAccess.new(:controller => "projects")
@controller = Object.new # simple stub for now
+ @ability = Ability.new(nil)
stub(@controller).params { @params }
- stub(@controller).current_ability.stub!.attributes_for { {} }
+ stub(@controller).current_ability { @ability }
end
it "should load the resource into an instance variable if params[:id] is specified" do
@@ -49,25 +50,45 @@
it "should build a new resource with attributes from current ability" do
@params.merge!(:action => "new")
- stub(@controller).current_ability.stub!.attributes_for(:new, Project) { {:name => "from conditions"} }
+ @ability.can(:create, Project, :name => "from conditions")
resource = CanCan::ControllerResource.new(@controller)
resource.load_resource
@controller.instance_variable_get(:@project).name.should == "from conditions"
end
it "should override initial attributes with params" do
@params.merge!(:action => "new", :project => {:name => "from params"})
- stub(@controller).current_ability.stub!.attributes_for(:new, Project) { {:name => "foobar"} }
+ @ability.can(:create, Project, :name => "from conditions")
resource = CanCan::ControllerResource.new(@controller)
resource.load_resource
@controller.instance_variable_get(:@project).name.should == "from params"
end
- it "should not build a resource when on index action" do
+ it "should build a collection when on index action when class responds to accessible_by" do
+ stub(Project).accessible_by(@ability) { :found_projects }
@params[:action] = "index"
resource = CanCan::ControllerResource.new(@controller)
resource.load_resource
@controller.instance_variable_get(:@project).should be_nil
+ @controller.instance_variable_get(:@projects).should == :found_projects
+ end
+
+ it "should not build a collection when on index action when class does not respond to accessible_by" do
+ @params[:action] = "index"
+ resource = CanCan::ControllerResource.new(@controller)
+ resource.load_resource
+ @controller.instance_variable_get(:@project).should be_nil
+ @controller.instance_variable_defined?(:@projects).should be_false
+ end
+
+ it "should not use accessible_by when defining abilities through a block" do
+ stub(Project).accessible_by(@ability) { :found_projects }
+ @params[:action] = "index"
+ @ability.can(:read, Project) { |p| false }
+ resource = CanCan::ControllerResource.new(@controller)
+ resource.load_resource
+ @controller.instance_variable_get(:@project).should be_nil
+ @controller.instance_variable_defined?(:@projects).should be_false
end
it "should perform authorization using controller action and loaded model" do

0 comments on commit 9d91545

Please sign in to comment.