Permalink
Browse files

fix :cancan specs

fix one :cancan related bug
remove :dashboard permission (need at least some namespacing)
make :cancan specs run as regular ones
  • Loading branch information...
1 parent 0b7415d commit 4ec9719920fb23019ce65b417ff5c4463a9b5e3f @bbenezech bbenezech committed Oct 26, 2011
View
@@ -32,7 +32,7 @@ group :development, :test do
end
end
- gem 'cancan' if ENV['AUTHORIZATION_ADAPTER'] == 'cancan'
+ gem 'cancan'
gem 'silent-postgres'
end
@@ -11,7 +11,6 @@ class MainController < RailsAdmin::ApplicationController
before_filter :check_for_cancel, :only => [:create, :update, :destroy, :export, :bulk_destroy]
def dashboard
- @authorization_adapter.authorize(:dashboard) if @authorization_adapter
@page_name = t("admin.dashboard.pagename")
@page_type = "dashboard"
@@ -245,7 +244,7 @@ def bulk_destroy
@authorization_adapter.authorize(:bulk_destroy, @abstract_model) if @authorization_adapter
scope = @authorization_adapter && @authorization_adapter.query(params[:action].to_sym, @abstract_model)
-
+
processed_objects = @abstract_model.destroy(params[:bulk_ids], scope)
destroyed = processed_objects.select(&:destroyed?)
@@ -272,7 +271,6 @@ def bulk_destroy
def get_bulk_objects(ids)
scope = @authorization_adapter && @authorization_adapter.query(params[:action].to_sym, @abstract_model)
objects = @abstract_model.get_bulk(ids, scope)
-
not_found unless objects
objects
end
@@ -5,7 +5,8 @@
- if authorized? :new, @abstract_model
%button.btn{:type => "submit", :name => "_add_another", :'data-disable-with' => t("admin.new.save_and_add_another")}
= t("admin.new.save_and_add_another")
- %button.btn{:type => "submit", :name => "_add_edit", :'data-disable-with' => t("admin.new.save_and_edit")}
- = t("admin.new.save_and_edit")
+ - if authorized? :edit, @abstract_model
@bf4

bf4 Jun 28, 2017 edited

Contributor

I think this is a bug; should be

- - if authorized? :edit, @abstract_model
+ - if authorized? :edit, @abstract_model, @object

otherwise, it tries to authorize an edit with a class, instead of an instance.

+ %button.btn{:type => "submit", :name => "_add_edit", :'data-disable-with' => t("admin.new.save_and_edit")}
+ = t("admin.new.save_and_edit")
%button.btn{:type => "submit", :name => "_continue", :'data-disable-with' => t("admin.new.cancel")}
= t("admin.new.cancel")
@@ -87,9 +87,9 @@
- other_right = index_path(params.merge(:set => (params[:set].to_i + 1)))
%td.other.right{ :style => "#{'display: none' if @other.include?("right")}" }= link_to "...", other_right, :remote => true
%td.last
- = link_to show_label, show_path(:model_name => params[:model_name], :id => object.id) if authorized? :show, @abstract_model, object
- = link_to edit_label, edit_path(:model_name => params[:model_name], :id => object.id) if authorized? :edit, @abstract_model, object
- = link_to delete_label, delete_path(:model_name => params[:model_name], :id => object.id) if authorized? :delete, @abstract_model, object
+ = link_to show_label, show_path(:model_name => params[:model_name], :id => object.id), :class => 'show_link' if authorized? :show, @abstract_model, object
+ = link_to edit_label, edit_path(:model_name => params[:model_name], :id => object.id), :class => 'edit_link' if authorized? :edit, @abstract_model, object
+ = link_to delete_label, delete_path(:model_name => params[:model_name], :id => object.id), :class => 'delete_link' if authorized? :delete, @abstract_model, object
- unless params[:all]
- total_count = @objects.total_count
= paginate(@objects, :theme => 'twitter-bootstrap', :remote => true)
@@ -52,8 +52,8 @@ def attributes_for(action, abstract_model)
# Change the action into something that fits better with CanCan's conventions
def translate_action(action)
case action
- when :list then :index # TODO Remove some day when no-one will care
- when :delete, :bulk_delete, :bulk_destroy then :destroy
+ when :list, :bulk_action then :index
+ when :delete, :bulk_destroy, :bulk_delete then :destroy
else action
end
end
Oops, something went wrong.

0 comments on commit 4ec9719

Please sign in to comment.