Permalink
Browse files

Implement a :namespace option for filter_access_to in order to handle…

… namespaced controllers.
  • Loading branch information...
uhees committed Aug 8, 2009
1 parent d673055 commit f3376b1cf557e119511479acb2c702d9139d7c44
Showing with 72 additions and 3 deletions.
  1. +25 −3 lib/declarative_authorization/in_controller.rb
  2. +47 −0 test/controller_test.rb
@@ -222,6 +222,14 @@ module ClassMethods
# Privilege required; defaults to action_name
# [:+context+]
# The privilege's context, defaults to controller_name, pluralized.
# [:+namespace+]
# Prefix the default controller context with.
# * +true+: the model namespace(s) separated with underscores,
# * +Symbol+ or +String+: the given symbol or string
# * else: no prefix
# Example:
# filter_access_to :show, :namespace => true
# filter_access_to :delete, :namespace => :foo
# [:+attribute_check+]
# Enables the check of attributes defined in the authorization rules.
# Defaults to false. If enabled, filter_access_to will use a context
@@ -250,6 +258,7 @@ def filter_access_to (*args, &filter_block)
options = {
:require => nil,
:context => nil,
:namespace => nil,
:attribute_check => false,
:model => nil,
:load_method => nil
@@ -268,6 +277,7 @@ def filter_access_to (*args, &filter_block)
end
filter_access_permissions <<
ControllerPermission.new(actions, privilege, context,
options[:namespace],
options[:attribute_check],
options[:model],
options[:load_method],
@@ -524,19 +534,31 @@ def actions_from_option (option) # :nodoc:
end
class ControllerPermission # :nodoc:
attr_reader :actions, :privilege, :context, :attribute_check
def initialize (actions, privilege, context, attribute_check = false,
attr_reader :actions, :privilege, :context, :namespace, :attribute_check
def initialize (actions, privilege, context, namespace, attribute_check = false,
load_object_model = nil, load_object_method = nil,
filter_block = nil)
@actions = actions.to_set
@privilege = privilege
@context = context
@namespace = namespace
@load_object_model = load_object_model
@load_object_method = load_object_method
@filter_block = filter_block
@attribute_check = attribute_check
end
def controller_context(contr)
case @namespace
when true
"#{contr.class.name.gsub(/::/, "_").gsub(/Controller$/, "").underscore}".to_sym
when String, Symbol
"#{@namespace.to_s}_#{contr.class.controller_name}".to_sym
else
contr.class.controller_name.to_sym
end
end
def matches? (action_name)
@actions.include?(action_name.to_sym)
end
@@ -545,7 +567,7 @@ def permit! (contr)
if @filter_block
return contr.instance_eval(&@filter_block)
end
context = @context || contr.class.controller_name.to_sym
context = @context || controller_context(contr)
object = @attribute_check ? load_object(contr, context) : nil
privilege = @privilege || :"#{contr.action_name}"
View
@@ -384,3 +384,50 @@ def test_controller_hierarchy
assert !@controller.authorized?
end
end
<<<<<<< HEAD
=======
##################
module Foo
class CommonController < MocksController
filter_access_to :all
filter_access_to :new
filter_access_to :show, :namespace => :bar
filter_access_to :delete, :namespace => true
define_action_methods :new, :show, :delete
end
end
class NamespacedControllerTest < ActionController::TestCase
tests Foo::CommonController
def test_namespaced_controller
reader = Authorization::Reader::DSLReader.new
reader.parse %{
authorization do
role :test_role1 do
has_permission_on :common, :to => [:new, :show, :delete]
end
role :test_role2 do
has_permission_on :common, :to => [:new]
has_permission_on :bar_common, :to => [:show]
has_permission_on :foo_common, :to => [:delete]
end
end
}
request!(MockUser.new(:test_role1), "new", reader)
assert @controller.authorized?
request!(MockUser.new(:test_role1), "show", reader)
assert !@controller.authorized?
request!(MockUser.new(:test_role1), "delete", reader)
assert !@controller.authorized?
request!(MockUser.new(:test_role2), "new", reader)
assert @controller.authorized?
request!(MockUser.new(:test_role2), "show", reader)
assert @controller.authorized?
request!(MockUser.new(:test_role2), "delete", reader)
assert @controller.authorized?
end
end
>>>>>>> Implement a :namespace option for filter_access_to in order to handle namespaced controllers.

0 comments on commit f3376b1

Please sign in to comment.