Added #has_role_with_hierarchy? method to retrieve explicit and calcu…

…lated roles [jeremyf]
stffn · Mar 24, 2009 · 0bbc07a · 0bbc07a
1 parent 60fda5c
commit 0bbc07a
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 1 deletion.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,5 @@
+* Added #has_role_with_hierarchy? method to retrieve explicit and calculated roles [jeremyf]
+
 * Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
 
 * Added a authorization rules browser.  See README for more information [sb]

diff --git a/declarative_authorization.gemspec b/declarative_authorization.gemspec
@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "declarative_authorization"
-  s.version = "0.2.4"
+  s.version = "0.2.4.1"
 
   s.required_ruby_version = ">= 1.8.6"
   s.authors = ["Steffen Bartsch"]

diff --git a/lib/declarative_authorization/authorization.rb b/lib/declarative_authorization/authorization.rb
@@ -239,6 +239,11 @@ def roles_for (user)
       (roles.empty? ? [:guest] : roles)
     end
 
+    # Returns the role symbols and inherritted role symbols for the given user
+    def roles_with_hierarchy_for(user)
+      flatten_roles(roles_for(user))
+    end
+
     # Returns an instance of Engine, which is created if there isn't one
     # yet.  If +dsl_file+ is given, it is passed on to Engine.new and 
     # a new instance is always created.

diff --git a/lib/declarative_authorization/helper.rb b/lib/declarative_authorization/helper.rb
@@ -47,5 +47,10 @@ def permitted_to? (privilege, object_or_sym = nil, &block)
     def has_role? (*roles, &block)
       controller.has_role?(*roles, &block)
     end
+
+    # As has_role? except checks all roles included in the role hierarchy
+    def has_role_with_hierarchy?(*roles, &block)
+      controller.has_role_with_hierarchy?(*roles, &block)
+    end
   end
 end
diff --git a/lib/declarative_authorization/in_controller.rb b/lib/declarative_authorization/in_controller.rb
@@ -69,6 +69,17 @@ def has_role? (*roles, &block)
       result
     end
 
+    # As has_role? except checks all roles included in the role hierarchy
+    def has_role_with_hierarchy?(*roles, &block)
+      user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
+      result = roles.all? do |role|
+        user_roles.include?(role)
+      end
+      yield if result and block_given?
+      result
+    end
+
+
     protected
     def filter_access_filter # :nodoc:
       permissions = self.class.all_filter_access_permissions

diff --git a/test/helper_test.rb b/test/helper_test.rb
@@ -92,4 +92,42 @@ def test_has_role
     assert !block_evaled
   end
 
+  def test_has_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+
+        role :root do
+          includes :test_role
+        end
+      end
+    }    
+
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+
+    assert has_role_with_hierarchy?(:test_role)
+    assert !has_role_with_hierarchy?(:other_role)
+
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+
+  end
+
+
 end