role_based_authorization 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.3
|
|
@@ -55,16 +55,12 @@ module RoleBasedAuthorization
|
|
|
55
55
|
def permit options
|
|
56
56
|
options[:controller] ||= controller_name
|
|
57
57
|
controller = options[:controller]
|
|
58
|
-
|
|
58
|
+
actions = [*options[:actions]] # create an array if options[:actions] is not already an array
|
|
59
59
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
options[:actions].each do |action|
|
|
67
|
-
action = action.to_s # this allows for both symbols and strings to be used for action names
|
|
60
|
+
role_auth_rules[controller] ||= {}
|
|
61
|
+
|
|
62
|
+
actions.each do |action|
|
|
63
|
+
action = action.to_sym # this allows for both symbols and strings to be used for action names
|
|
68
64
|
role_auth_rules[controller][action] ||= []
|
|
69
65
|
role_auth_rules[controller][action] << RoleBasedAuthorization::Rule.new(options[:to], options[:if], options[:object_id])
|
|
70
66
|
end
|
|
@@ -153,8 +149,8 @@ module RoleBasedAuthorization
|
|
|
153
149
|
|
|
154
150
|
[:all, opts[:action]].each do |action|
|
|
155
151
|
AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
|
|
156
|
-
|
|
157
|
-
raise "Action should be a
|
|
152
|
+
action = action.to_sym
|
|
153
|
+
raise "Action should be a symbol -- not a #{action.class.name}!" if action!=:all && action.class!=Symbol
|
|
158
154
|
|
|
159
155
|
next if rules[controller].nil? || rules[controller][action].nil?
|
|
160
156
|
if rules[controller][action].find { |rule| rule.match(opts[:user], opts[:ids]) }
|
|
@@ -21,6 +21,10 @@ class DummyController < ActionController::Base
|
|
|
21
21
|
|
|
22
22
|
permit :actions => 'very_low_security',
|
|
23
23
|
:to => :all
|
|
24
|
+
|
|
25
|
+
permit :actions => :very_low_security_symbol_version,
|
|
26
|
+
:to => :all
|
|
27
|
+
|
|
24
28
|
|
|
25
29
|
permit :actions => 'high_security',
|
|
26
30
|
:to => 3
|
|
@@ -54,6 +58,20 @@ class RoleBasedAuthorizationTest < ActiveSupport::TestCase
|
|
|
54
58
|
test "Should permit action very_low_security to everyone" do
|
|
55
59
|
assert_equal true, @controller.authorize_action?(:action => 'very_low_security')
|
|
56
60
|
end
|
|
61
|
+
|
|
62
|
+
test "Should permit action very_low_security to everyone even if it is given as a symbol" do
|
|
63
|
+
assert_equal true, @controller.authorize_action?(:action => :very_low_security)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
test "Should permit action very_low_security_symbol_version to everyone" do
|
|
67
|
+
assert_equal true, @controller.authorize_action?(:action => :very_low_security_symbol_version)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
|
|
71
|
+
test "Should permit action very_low_security_symbol_version to everyone even if it is given as a string" do
|
|
72
|
+
assert_equal true, @controller.authorize_action?(:action => 'very_low_security_symbol_version')
|
|
73
|
+
end
|
|
74
|
+
|
|
57
75
|
|
|
58
76
|
test "Should permit action high_security only to root (role 3)" do
|
|
59
77
|
assert_equal false, @controller.authorize_action?(:action => 'high_security')
|