This repository has been archived by the owner on Jan 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
377 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
module RightOn | ||
module Ability | ||
include CanCan::Ability | ||
|
||
private def add_rule_for(right) | ||
add_rule(RightOn::Rule.rule_for(right)) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
module RightOn | ||
module ControllerAdditions | ||
def authorize_action! | ||
controller = (self.rights_from || params[:controller]).to_s | ||
action = params[:action].to_s | ||
|
||
return if can_access_controller_action?(controller, action) | ||
|
||
fail CanCan::AccessDenied, "You are not authorized to access this page." | ||
end | ||
|
||
def can_access_controller_action?(controller, action) | ||
(can?(:access, controller) && !Right.where(subject: controller + '#' + action).exists?) || | ||
can?(:access, controller + '#' + action) | ||
end | ||
end | ||
end | ||
|
||
if defined? ActionController::Base | ||
ActionController::Base.class_eval do | ||
include RightOn::ControllerAdditions | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
module RightOn | ||
class Error < StandardError; end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
module RightOn | ||
class Rule | ||
def self.rule_for(right) | ||
self.new(right).call | ||
end | ||
|
||
def initialize(right) | ||
@right = right | ||
end | ||
|
||
def call | ||
validate! | ||
|
||
CanCan::Rule.new(can?, action, subject, conditions, nil) | ||
end | ||
|
||
private | ||
|
||
def validate! | ||
fail RightOn::Error, 'must specify an action' unless @right.action.present? | ||
end | ||
|
||
def can? | ||
@right.can | ||
end | ||
|
||
def action | ||
@right.action.to_sym | ||
end | ||
|
||
def subject | ||
model_class || @right.subject | ||
end | ||
|
||
def conditions | ||
model_class ? @right.conditions : nil | ||
end | ||
|
||
def model_class | ||
return nil unless @right.subject.present? | ||
|
||
begin | ||
model_class = self.class.const_get(@right.subject) | ||
rescue NameError | ||
model_class = Class | ||
end | ||
|
||
return model_class if model_class.ancestors.include?(ActiveRecord::Base) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
require 'active_support/all' | ||
require 'cancan/ability' | ||
require 'right_on/error' | ||
require 'right_on/rule' | ||
require 'right_on/ability' | ||
require 'spec_helper' | ||
|
||
describe RightOn::Ability do | ||
describe 'private #add_rule_for' do | ||
subject(:ability) { | ||
class TestAbility | ||
include RightOn::Ability | ||
end | ||
|
||
TestAbility.new | ||
} | ||
let(:right) { | ||
double(name: 'Do Something', can: true, action: 'action', subject: 'subject', conditions: {}) | ||
} | ||
|
||
before do | ||
ability.send(:add_rule_for, right) | ||
end | ||
|
||
it 'should add a rule to the ability' do | ||
expect(ability.send(:rules).count).to eq(1) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
require 'active_support/all' | ||
require 'action_controller' | ||
require 'cancan/ability' | ||
require 'cancan/controller_additions' | ||
require 'cancan/exceptions' | ||
require 'cancan/rule' | ||
require 'right_on/ability' | ||
require 'right_on/controller_additions' | ||
require 'right_on/error' | ||
require 'right_on/rule' | ||
require 'active_record' | ||
require 'spec_helper' | ||
|
||
# Mock this so we don't need to include active record | ||
module RightOn | ||
class Right | ||
def self.where(args) | ||
end | ||
end | ||
end | ||
|
||
describe RightOn::ControllerAdditions do | ||
let(:rule_override) { false } | ||
before do | ||
rule_class = class_double('RightOn::ControllerAdditions::Model') | ||
allow(RightOn::Right).to receive(:where).and_return(double(exists?: rule_override)) | ||
end | ||
|
||
subject(:controller) { | ||
class Ability | ||
include RightOn::Ability | ||
|
||
def initialize(user) | ||
|
||
end | ||
end | ||
|
||
class Controller < ActionController::Base | ||
def rights_from | ||
nil | ||
end | ||
|
||
private | ||
|
||
def params | ||
{ controller: 'controller', action: 'action' } | ||
end | ||
|
||
def current_user | ||
nil | ||
end | ||
end | ||
|
||
Controller.new | ||
} | ||
|
||
it 'should respond to authorize_action!' do | ||
expect(controller.respond_to? :authorize_action!).to be_truthy | ||
end | ||
|
||
describe 'private #authorize_action!' do | ||
context 'when the ability has a matching rule' do | ||
let(:right) { | ||
double(name: 'Do Something', can: true, action: 'access', subject: 'controller#action', conditions: {}) | ||
} | ||
|
||
before do | ||
controller.send(:current_ability).send(:add_rule_for, right) | ||
end | ||
|
||
it 'should grant access to controller#action' do | ||
expect{controller.send(:authorize_action!)}.to_not( | ||
raise_error(CanCan::AccessDenied, 'You are not authorized to access this page.')) | ||
end | ||
end | ||
|
||
context 'when the ability does not have a matching rule' do | ||
let(:right) { | ||
double(name: 'Do Something', can: true, action: 'access', subject: 'controller#other_action', conditions: {}) | ||
} | ||
|
||
before do | ||
controller.send(:current_ability).send(:add_rule_for, right) | ||
end | ||
|
||
it 'should grant access to controller#action' do | ||
expect{controller.send(:authorize_action!)}.to( | ||
raise_error(CanCan::AccessDenied, 'You are not authorized to access this page.')) | ||
end | ||
end | ||
|
||
context 'when the ability has a specific rule overriding the general rule' do | ||
let(:rule_override) { true } | ||
let(:right) { | ||
double(name: 'Generic', can: true, action: 'access', subject: 'controller', conditions: {}) | ||
} | ||
|
||
before do | ||
controller.send(:current_ability).send(:add_rule_for, right) | ||
end | ||
|
||
it 'should not grant access to controller#action' do | ||
expect{controller.send(:authorize_action!)}.to( | ||
raise_error(CanCan::AccessDenied, 'You are not authorized to access this page.')) | ||
end | ||
end | ||
end | ||
|
||
describe 'private #authorize_action!' do | ||
let(:controller) { | ||
class Controller < ActionController::Base | ||
def rights_from | ||
:other_controller | ||
end | ||
|
||
private | ||
|
||
def params | ||
{ controller: 'controller', action: 'action' } | ||
end | ||
|
||
def current_user | ||
nil | ||
end | ||
end | ||
|
||
Controller.new | ||
} | ||
|
||
context 'when rights from is a symbol' do | ||
specify do | ||
expect{controller.send(:authorize_action!)}.to( | ||
raise_error(CanCan::AccessDenied, 'You are not authorized to access this page.')) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.