role_based_authorization 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.9
|
@@ -89,7 +89,7 @@ module RoleBasedAuthorization
|
|
89
89
|
matching = @roles.include?(:all)
|
90
90
|
|
91
91
|
# checking for right role (no need to check them if already matching)
|
92
|
-
matching = !@roles.find { |role| role == user.role }.nil? if !matching
|
92
|
+
matching = !@roles.find { |role| !user.nil? && role == user.role }.nil? if !matching
|
93
93
|
|
94
94
|
if @cond.nil?
|
95
95
|
return matching
|
@@ -149,6 +149,7 @@ module RoleBasedAuthorization
|
|
149
149
|
def authorize_action? opts = {}
|
150
150
|
# Option handling
|
151
151
|
user, ids, controller, action = *opts.values_at(:user, :ids, :controller, :action)
|
152
|
+
user ||= current_user
|
152
153
|
|
153
154
|
if respond_to?(:logged_in?) && !logged_in?
|
154
155
|
AUTHORIZATION_LOGGER.info("returning false (not logged in)")
|
@@ -162,7 +163,7 @@ module RoleBasedAuthorization
|
|
162
163
|
controller = controller_name if controller.nil? && respond_to?(:controller_name)
|
163
164
|
|
164
165
|
AUTHORIZATION_LOGGER.info("user %s requested access to method %s:%s using ids:%s" %
|
165
|
-
[ user && user.inspect + "(id:#{user.id} role:#{user.role})" || 'none',
|
166
|
+
[ user && (user.inspect + "(id:#{user.id} role:#{user.role})") || 'none',
|
166
167
|
controller,
|
167
168
|
action,
|
168
169
|
ids.inspect])
|
@@ -217,7 +218,6 @@ module RoleBasedAuthorization
|
|
217
218
|
def authorized?
|
218
219
|
authorize_action? :controller => controller_name,
|
219
220
|
:action => action_name,
|
220
|
-
:ids => params.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ }
|
221
|
-
:user => current_user
|
221
|
+
:ids => params.reject { |key,value| key.to_s !~ /(_id\Z)|(\Aid\Z)/ }
|
222
222
|
end
|
223
223
|
end
|
@@ -98,6 +98,13 @@ class RoleBasedAuthorizationTest < ActiveSupport::TestCase
|
|
98
98
|
assert_equal true, @controller.authorize_action?(:action => 'low_security_with_param_identified_by_other_id',
|
99
99
|
:other_id => 'object_id')
|
100
100
|
end
|
101
|
+
|
102
|
+
|
103
|
+
test "helper method should work" do
|
104
|
+
@controller.if_authorized?(:action => 'very_low_security') {
|
105
|
+
assert true
|
106
|
+
}
|
107
|
+
end
|
101
108
|
|
102
109
|
|
103
110
|
end
|