mdarby-restful_acl 1.1.0 → 1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/restful_acl.rb +44 -2
- data/lib/restful_acl_helper.rb +2 -2
- metadata +2 -2
data/lib/restful_acl.rb
CHANGED
|
@@ -16,14 +16,14 @@ module RestfulAcl
|
|
|
16
16
|
|
|
17
17
|
# Load the object requested if the param[:id] exists
|
|
18
18
|
object = klass.find(params[:id]) unless params[:id].blank?
|
|
19
|
-
|
|
19
|
+
|
|
20
20
|
# Let's let the Model decide what is acceptable
|
|
21
21
|
permission_denied unless case params[:action]
|
|
22
22
|
when "index" then klass.is_readable_by(current_user)
|
|
23
23
|
when "show" then klass.is_readable_by(current_user, object)
|
|
24
24
|
when "edit", "update" then object.is_updatable_by(current_user)
|
|
25
|
-
when "new", "create" then klass.is_creatable_by(current_user)
|
|
26
25
|
when "destroy" then object.is_deletable_by(current_user)
|
|
26
|
+
when "new", "create" then creatable_action(klass)
|
|
27
27
|
else klass.is_readable_by(current_user)
|
|
28
28
|
end
|
|
29
29
|
|
|
@@ -36,6 +36,48 @@ module RestfulAcl
|
|
|
36
36
|
|
|
37
37
|
private
|
|
38
38
|
|
|
39
|
+
def creatable_action(klass)
|
|
40
|
+
begin
|
|
41
|
+
parent_object = get_parent_resource(klass, request.request_uri)
|
|
42
|
+
klass.is_creatable_by(current_user, parent_object)
|
|
43
|
+
rescue
|
|
44
|
+
issue_is_creatable_by_deprecation_warning(klass)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def issue_is_creatable_by_deprecation_warning(klass)
|
|
49
|
+
logger.info <<-END
|
|
50
|
+
[RESTful_ACL] -- *Deprecation Warning!*"
|
|
51
|
+
RESTful_ACL's #is_creatable_by method now requires an extra parameter.
|
|
52
|
+
Please update your model's #is_creatable_by method to the following format:
|
|
53
|
+
|
|
54
|
+
def self.is_creatable_by(user, parent_object = nil)
|
|
55
|
+
...
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
Offending class: #{klass}
|
|
59
|
+
|
|
60
|
+
Please see the http://github.com/mdarby/restful_acl for further info
|
|
61
|
+
|
|
62
|
+
END
|
|
63
|
+
|
|
64
|
+
false
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def get_parent_resource(target_klass, path)
|
|
68
|
+
# Convert the requested path into hash form
|
|
69
|
+
hash = ActionController::Routing::Routes.recognize_path(path, :method => :get)
|
|
70
|
+
|
|
71
|
+
# Loop through path keys and see if any end in '_id' and our kid class belongs_to the associated AR Class
|
|
72
|
+
pair = hash.detect{|k, v| k.to_s.ends_with?("_id") && target_klass.columns_hash.has_key?(k.to_s)}
|
|
73
|
+
|
|
74
|
+
# Load up the AR class based on the matching path pair
|
|
75
|
+
klass = pair[0].to_s[0...-3].classify.constantize
|
|
76
|
+
|
|
77
|
+
# Find and return the target parent object
|
|
78
|
+
klass.find(pair[1])
|
|
79
|
+
end
|
|
80
|
+
|
|
39
81
|
def permission_denied
|
|
40
82
|
logger.info("[ACL] Permission denied to %s at %s for %s" %
|
|
41
83
|
[(logged_in? ? current_user.login : 'guest'), Time.now, request.request_uri])
|
data/lib/restful_acl_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mdarby-restful_acl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: "1.2"
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Darby
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date:
|
|
12
|
+
date: 2009-01-03 00:00:00 -08:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|