authoritah 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +13 -2
- data/lib/authoritah.rb +2 -4
- data/spec/authoritah_spec.rb +29 -5
- data/spec/spec_helper.rb +2 -0
- metadata +2 -2
data/README.rdoc
CHANGED
@@ -44,7 +44,7 @@ You also have the ability to expressly forbid access using the forbids directive
|
|
44
44
|
|
45
45
|
In this scenario any logged in user can access the controller actions, but any user responding true to blacklisted? will be forbidden from running the :create or :destroy actions.
|
46
46
|
|
47
|
-
|
47
|
+
You can also pass a Proc as the predicate:
|
48
48
|
|
49
49
|
class WidgetController < ApplicationController
|
50
50
|
|
@@ -53,4 +53,15 @@ The final feature so far is the ability to pass a Proc as the predicate:
|
|
53
53
|
|
54
54
|
The Proc gets passed the result of the :current_user message to the controller for you to specify more complex rules.
|
55
55
|
|
56
|
-
|
56
|
+
I've also now added the ability to customise how the user is using the :on_reject option. You can either pass it a symbol identifying a method to call, or a Proc:
|
57
|
+
|
58
|
+
class WidgetController < ApplicationController
|
59
|
+
|
60
|
+
permits :current_user => :logged_in?, :on_reject => :redirect_to_login
|
61
|
+
forbids :current_user => :blacklisted?, :from => [:create, :destroy], :on_reject => Proc.new { redirect_to '/blacklisted' }
|
62
|
+
|
63
|
+
def redirect_to_login
|
64
|
+
flash[:notice] = "Please login to view widgets"
|
65
|
+
redirect_to root_url
|
66
|
+
end
|
67
|
+
end
|
data/lib/authoritah.rb
CHANGED
@@ -105,8 +105,6 @@ module Authoritah
|
|
105
105
|
return true
|
106
106
|
else
|
107
107
|
if on_reject_action.is_a?(Proc)
|
108
|
-
# debugger
|
109
|
-
# on_reject_action.call(controller)
|
110
108
|
controller.instance_eval(&on_reject_action)
|
111
109
|
else
|
112
110
|
controller.send(on_reject_action)
|
@@ -122,14 +120,14 @@ module Authoritah
|
|
122
120
|
protected
|
123
121
|
|
124
122
|
# Returns [true, nil] if the rule chain applied without a problem.
|
125
|
-
# Returns [false, :reject_to]
|
123
|
+
# Returns [false, :reject_to destination] otherwise
|
126
124
|
def apply_rule_chain(rule_type, controller, action)
|
127
125
|
select_permissions_for(action).each do |permission|
|
128
126
|
begin
|
129
127
|
response = if permission[:role_predicate].is_a? Symbol
|
130
128
|
controller.send(permission[:role_method]).send(permission[:role_predicate])
|
131
129
|
elsif permission[:role_predicate].is_a? Proc
|
132
|
-
|
130
|
+
controller.instance_exec(controller.send(permission[:role_method]), &permission[:role_predicate])
|
133
131
|
elsif permission[:role_predicate] == nil
|
134
132
|
controller.send(permission[:role_method])
|
135
133
|
end
|
data/spec/authoritah_spec.rb
CHANGED
@@ -234,10 +234,10 @@ describe TestAuthorizerController, :type => :controller do
|
|
234
234
|
end
|
235
235
|
end
|
236
236
|
|
237
|
-
describe "using a
|
237
|
+
describe "using a lambda" do
|
238
238
|
context "with a wildcard rule" do
|
239
239
|
before(:each) do
|
240
|
-
TestAuthorizerController.permits(:current_user =>
|
240
|
+
TestAuthorizerController.permits(:current_user => lambda {|u| u.logged_in?})
|
241
241
|
end
|
242
242
|
context "a logged in user" do
|
243
243
|
before(:each) do
|
@@ -246,6 +246,30 @@ describe TestAuthorizerController, :type => :controller do
|
|
246
246
|
it "should render index" do get :index; response.should render_template('index') end
|
247
247
|
end
|
248
248
|
end
|
249
|
+
context "that accesses controller environment" do
|
250
|
+
before(:each) do
|
251
|
+
TestAuthorizerController.class_eval do
|
252
|
+
define_method(:user_is_allowed?) { |user| true }
|
253
|
+
end
|
254
|
+
@user = stub(:logged_in? => true)
|
255
|
+
controller.stubs(:current_user => @user)
|
256
|
+
TestAuthorizerController.permits(:current_user => lambda {|u| user_is_allowed?(u) })
|
257
|
+
end
|
258
|
+
context "an allowed_user" do
|
259
|
+
it "should render show" do
|
260
|
+
controller.expects(:user_is_allowed?).at_least_once.with(@user).returns(true)
|
261
|
+
get :show, :id => "100"
|
262
|
+
response.should render_template('show')
|
263
|
+
end
|
264
|
+
end
|
265
|
+
context "a logged in user with the wrong ID" do
|
266
|
+
it "should render show" do
|
267
|
+
controller.expects(:user_is_allowed?).at_least_once.with(@user).returns(false)
|
268
|
+
get :show, :id => "100"
|
269
|
+
response.status.should == "404 Not Found"
|
270
|
+
end
|
271
|
+
end
|
272
|
+
end
|
249
273
|
end
|
250
274
|
|
251
275
|
describe "specifying a different action to run on failure" do
|
@@ -255,7 +279,7 @@ describe TestAuthorizerController, :type => :controller do
|
|
255
279
|
TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => :method)
|
256
280
|
end.should_not raise_error
|
257
281
|
lambda do
|
258
|
-
TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject =>
|
282
|
+
TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => lambda {})
|
259
283
|
end.should_not raise_error
|
260
284
|
lambda do
|
261
285
|
TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => 5)
|
@@ -282,9 +306,9 @@ describe TestAuthorizerController, :type => :controller do
|
|
282
306
|
end
|
283
307
|
end
|
284
308
|
|
285
|
-
context "when :on_reject =>
|
309
|
+
context "when :on_reject => lambda" do
|
286
310
|
before(:each) do
|
287
|
-
TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject =>
|
311
|
+
TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => lambda { redirect_to root_url })
|
288
312
|
end
|
289
313
|
context "an unauthenticated user" do
|
290
314
|
it "should redirect to /" do
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authoritah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Steven Mohapi-Banks
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-11-
|
12
|
+
date: 2009-11-18 00:00:00 +00:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|