Permalink
Browse files

Allow changing the default role

  • Loading branch information...
1 parent b2964ca commit 1e393fecef239e3acf4f34575460db0b0252cc38 @dbloete dbloete committed Jan 24, 2011
Showing with 38 additions and 5 deletions.
  1. +5 −0 README.rdoc
  2. +14 −5 lib/declarative_authorization/authorization.rb
  3. +19 −0 test/authorization_test.rb
View
@@ -256,6 +256,11 @@ public pages, :+guest+ can be used to allow access for users that are not
logged in. All other roles are application defined and need to be associated
with users by the application.
+If you need to change the default role, you can do so by adding an initializer
+that contains the following statement:
+
+ Authorization.default_role = :anonymous
+
Privileges, such as :create, may be put into hierarchies to simplify
maintenance. So the example above has the same meaning as
@@ -25,7 +25,7 @@ class NilAttributeValueError < AuthorizationError; end
# Controller-independent method for retrieving the current user.
# Needed for model security where the current controller is not available.
def self.current_user
- Thread.current["current_user"] || GuestUser.new
+ Thread.current["current_user"] || AnonymousUser.new
end
# Controller-independent method for setting the current user.
@@ -52,6 +52,15 @@ def self.dot_path= (path)
@@dot_path = path
end
+ @@default_role = :guest
+ def self.default_role
+ @@default_role
+ end
+
+ def self.default_role= (role)
+ @@default_role = role.to_sym
+ end
+
# Authorization::Engine implements the reference monitor. It may be used
# for querying the permission and retrieving obligations under which
# a certain privilege is granted for the current user.
@@ -241,7 +250,7 @@ def roles_for (user)
"doesn't return an Array of Symbols (#{roles.inspect})" \
if !roles.is_a?(Array) or (!roles.empty? and !roles[0].is_a?(Symbol))
- (roles.empty? ? [:guest] : roles)
+ (roles.empty? ? [Authorization.default_role] : roles)
end
# Returns the role symbols and inherritted role symbols for the given user
@@ -685,10 +694,10 @@ def self.reflection_for_path (parent_model, path)
end
end
- # Represents a pseudo-user to facilitate guest users in applications
- class GuestUser
+ # Represents a pseudo-user to facilitate anonymous users in applications
+ class AnonymousUser
attr_reader :role_symbols
- def initialize (roles = [:guest])
+ def initialize (roles = [Authorization.default_role])
@role_symbols = roles
end
end
View
@@ -316,6 +316,25 @@ def test_guest_user
assert !engine.permit?(:test, :context => :permissions_2)
end
+ def test_default_role
+ previous_default_role = Authorization.default_role
+ Authorization.default_role = :anonymous
+ reader = Authorization::Reader::DSLReader.new
+ reader.parse %{
+ authorization do
+ role :anonymous do
+ has_permission_on :permissions, :to => :test
+ end
+ end
+ }
+ engine = Authorization::Engine.new(reader)
+ assert engine.permit?(:test, :context => :permissions)
+ assert !engine.permit?(:test, :context => :permissions,
+ :user => MockUser.new(:guest))
+ # reset the default role, so that it does not mess up other tests
+ Authorization.default_role = previous_default_role
+ end
+
def test_invalid_user_model
reader = Authorization::Reader::DSLReader.new
reader.parse %{

0 comments on commit 1e393fe

Please sign in to comment.