Permalink
Browse files

Added handling of Authorization::AuthorizationInController::ClassMeth…

…ods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
  • Loading branch information...
Jeremy Friesen authored and stffn committed Mar 3, 2009
1 parent e87d3dd commit 138ac3bb6eebf446d270c784448a086d2e535e26
Showing with 25 additions and 2 deletions.
  1. +2 −0 CHANGELOG
  2. +1 −1 lib/in_controller.rb
  3. +22 −1 test/controller_test.rb
View
@@ -1,3 +1,5 @@
+* Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
+
* Added a authorization rules browser. See README for more information [sb]
* Added Model.using_access_control? to check if a model has model security activated [sb]
View
@@ -193,7 +193,7 @@ def filter_access_to (*args, &filter_block)
}.merge!(options)
privilege = options[:require]
context = options[:context]
- actions = args
+ actions = args.flatten
# collect permits in controller array for use in one before_filter
unless filter_chain.any? {|filter| filter.method == :filter_access_filter}
View
@@ -18,13 +18,34 @@ class SpecificMocksController < MocksController
:attribute_check => true, :model => LoadMockObject
filter_access_to :new, :require => :test, :context => :permissions
+ filter_access_to [:action_group_action_1, :action_group_action_2]
define_action_methods :test_action, :test_action_2, :show, :edit, :create,
- :edit_2, :new, :unprotected_action
+ :edit_2, :new, :unprotected_action, :action_group_action_1, :action_group_action_2
end
class BasicControllerTest < ActionController::TestCase
tests SpecificMocksController
+
+ def test_filter_access_to_receiving_an_explicit_array
+ reader = Authorization::Reader::DSLReader.new
+
+ reader.parse %{
+ authorization do
+ role :test_action_group_2 do
+ has_permission_on :specific_mocks, :to => :action_group_action_2
+ end
+ end
+ }
+
+ request!(MockUser.new(:test_action_group_2), "action_group_action_2", reader)
+ assert @controller.authorized?
+ request!(MockUser.new(:test_action_group_2), "action_group_action_1", reader)
+ assert !@controller.authorized?
+ request!(nil, "action_group_action_2", reader)
+ assert !@controller.authorized?
+ end
+
def test_filter_access
assert !@controller.class.before_filters.empty?

0 comments on commit 138ac3b

Please sign in to comment.