RubyGems - mdarby-restful_acl - Versions diffs - 2.0.2 → 2.0.3 - Mend

mdarby-restful_acl 2.0.2 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

data/README.textile +1 -1
data/lib/restful_acl_controller.rb +12 -1
metadata +1 -1

data/README.textile CHANGED Viewed

@@ -39,7 +39,7 @@ Add this before_filter into any controller that you'd like to restrict access to
 h4. Models
-Define a parent resource (if one exists) by using the <b>my_mom</b> method, and define the following five methods in the model of every resource you'd like to restrict access to. The five methods can contain anything you'd like so long as they return a boolean true or false. This allows you to define your User's roles any way you wish.
+Define a parent resource (if one exists) by using the <b>logical_parent</b> method, and define the following five methods in the model of every resource you'd like to restrict access to. The five methods can contain anything you'd like so long as they return a boolean true or false. This allows you to define your User's roles any way you wish.
 <pre>
   class Issue < ActiveRecord::Base

data/lib/restful_acl_controller.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module RestfulAclController
           when "show"           then object.is_readable_by(current_user, parent)
           when "edit", "update" then object.is_updatable_by(current_user, parent)
           when "destroy"        then object.is_deletable_by(current_user, parent)
-          else object.is_readable_by(current_user, parent)
+          else check_non_restful_route(current_user, klass, object, parent)
         end
       rescue NoMethodError => e
@@ -45,6 +45,17 @@ module RestfulAclController
     private
+      def check_non_restful_route(user, klass, object, parent)
+        if object
+          object.is_readable_by(user, parent)
+        elsif klass
+          klass.is_indexable_by(user, parent)
+        else
+          # If all else fails, deny access
+          false
+        end
+      end
       def get_method_from_error(error)
         error.message.gsub('`', "'").split("'").at(1)
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mdarby-restful_acl
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.3
 platform: ruby
 authors:
 - Matt Darby