Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed bug in development mode: before filter not installed on second …

…request
  • Loading branch information...
commit 3a77340273292e3b72873f586dc84e538aba4652 1 parent 3a6375d
@stffn authored
Showing with 41 additions and 38 deletions.
  1. +41 −38 lib/in_controller.rb
View
79 lib/in_controller.rb
@@ -6,6 +6,8 @@ module AuthorizationInController
def self.included(base) # :nodoc:
base.extend(ClassMethods)
+ base.hide_action :authorization_engine, :permitted_to?,
+ :permitted_to!
end
DEFAULT_DENY = false
@@ -54,6 +56,41 @@ def permitted_to! (privilege, object_or_sym = nil)
:skip_attribute_test => object.nil?})
end
+ protected
+ def filter_access_filter # :nodoc:
+ permissions = self.class.all_filter_access_permissions
+ all_permissions = permissions.select {|p| p.actions.include?(:all)}
+ matching_permissions = permissions.select {|p| p.matches?(action_name)}
+ allowed = false
+ auth_exception = nil
+ begin
+ allowed = if !matching_permissions.empty?
+ matching_permissions.all? {|perm| perm.permit!(self)}
+ elsif !all_permissions.empty?
+ all_permissions.all? {|perm| perm.permit!(self)}
+ else
+ !DEFAULT_DENY
+ end
+ rescue AuthorizationError => e
+ auth_exception = e
+ end
+
+ unless allowed
+ if all_permissions.empty? and matching_permissions.empty?
+ logger.warn "Permission denied: No matching filter access " +
+ "rule found for #{self.class.controller_name}.#{action_name}"
+ elsif auth_exception
+ logger.info "Permission denied: #{auth_exception}"
+ end
+ if respond_to?(:permission_denied)
+ # permission_denied needs to render or redirect
+ send(:permission_denied)
+ else
+ send(:render, :text => "You are not allowed to access this action.")
+ end
+ end
+ end
+
module ClassMethods
#
# Defines a filter to be applied according to the authorization of the
@@ -144,42 +181,8 @@ def filter_access_to (*args, &filter_block)
actions = args
# collect permits in controller array for use in one before_filter
- #p filter_chain
- unless filter_access_permissions?
- before_filter do |contr|
- permissions = contr.class.all_filter_access_permissions
- all_permissions = permissions.select {|p| p.actions.include?(:all)}
- matching_permissions = permissions.select {|p| p.matches?(contr.action_name)}
- allowed = false
- auth_exception = nil
- begin
- allowed = if !matching_permissions.empty?
- matching_permissions.all? {|perm| perm.permit!(contr)}
- elsif !all_permissions.empty?
- all_permissions.all? {|perm| perm.permit!(contr)}
- else
- !DEFAULT_DENY
- end
- rescue AuthorizationError => e
- auth_exception = e
- end
-
- unless allowed
- if all_permissions.empty? and matching_permissions.empty?
- contr.logger.warn "Permission denied: No matching filter access " +
- "rule found for #{contr.class.controller_name}.#{contr.action_name}"
- elsif auth_exception
- contr.logger.info "Permission denied: #{auth_exception}"
- end
- if contr.respond_to?(:permission_denied)
- # permission_denied needs to render or redirect
- contr.send(:permission_denied)
- else
- contr.send(:render, :text => "You are not allowed to access this action.")
- end
- end
- end
- #p filter_chain
+ unless filter_chain.any? {|filter| filter.method == :filter_access_filter}
+ before_filter :filter_access_filter
end
filter_access_permissions.each do |perm|
@@ -193,11 +196,10 @@ def filter_access_to (*args, &filter_block)
filter_block)
end
- protected
# Collecting all the ControllerPermission objects from the controller
# hierarchy. Permissions for actions are overwritten by calls to
# filter_access_to in child controllers with the same action.
- def all_filter_access_permissions
+ def all_filter_access_permissions # :nodoc:
ancestors.inject([]) do |perms, mod|
if mod.respond_to?(:filter_access_permissions)
perms +
@@ -210,6 +212,7 @@ def all_filter_access_permissions
end
end
+ protected
def filter_access_permissions
class_variable_set(:@@declarative_authorization_permissions, {}) unless class_variable_defined?(:@@declarative_authorization_permissions)
class_variable_get(:@@declarative_authorization_permissions)[self.name] ||= []
Please sign in to comment.
Something went wrong with that request. Please try again.