rurounijones-acl9 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.textile +28 -0
- data/MIT-LICENSE +20 -0
- data/README.textile +891 -0
- data/Rakefile +39 -0
- data/TODO +42 -0
- data/VERSION.yml +4 -0
- data/lib/acl9.rb +16 -0
- data/lib/acl9/config.rb +9 -0
- data/lib/acl9/controller_extensions.rb +85 -0
- data/lib/acl9/controller_extensions/dsl_base.rb +229 -0
- data/lib/acl9/controller_extensions/generators.rb +197 -0
- data/lib/acl9/helpers.rb +19 -0
- data/lib/acl9/model_extensions.rb +111 -0
- data/lib/acl9/model_extensions/object.rb +59 -0
- data/lib/acl9/model_extensions/subject.rb +148 -0
- data/test/access_control_test.rb +338 -0
- data/test/dsl_base_test.rb +758 -0
- data/test/helpers_test.rb +93 -0
- data/test/roles_test.rb +293 -0
- data/test/support/controllers.rb +207 -0
- data/test/support/models.rb +47 -0
- data/test/support/schema.rb +69 -0
- data/test/test_helper.rb +27 -0
- metadata +102 -0
@@ -0,0 +1,93 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
|
4
|
+
|
5
|
+
module SomeHelper
|
6
|
+
include Acl9Helpers
|
7
|
+
|
8
|
+
access_control :the_question do
|
9
|
+
allow :hamlet, :to => :be
|
10
|
+
allow :hamlet, :except => :be
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
class HelperTest < Test::Unit::TestCase
|
15
|
+
module Hamlet
|
16
|
+
def current_user
|
17
|
+
user = Object.new
|
18
|
+
|
19
|
+
class <<user
|
20
|
+
def has_role?(role, obj=nil)
|
21
|
+
role == 'hamlet'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
user
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
module NotLoggedIn
|
30
|
+
def current_user; nil end
|
31
|
+
end
|
32
|
+
|
33
|
+
module Noone
|
34
|
+
def current_user
|
35
|
+
user = Object.new
|
36
|
+
|
37
|
+
class <<user
|
38
|
+
def has_role?(*_); false end
|
39
|
+
end
|
40
|
+
|
41
|
+
user
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
class Base
|
46
|
+
include SomeHelper
|
47
|
+
|
48
|
+
attr_accessor :action_name
|
49
|
+
def controller
|
50
|
+
self
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
class Klass1 < Base
|
55
|
+
include Hamlet
|
56
|
+
end
|
57
|
+
|
58
|
+
class Klass2 < Base
|
59
|
+
include NotLoggedIn
|
60
|
+
end
|
61
|
+
|
62
|
+
class Klass3 < Base
|
63
|
+
include Noone
|
64
|
+
end
|
65
|
+
|
66
|
+
it "has :the_question method" do
|
67
|
+
Base.new.should respond_to(:the_question)
|
68
|
+
end
|
69
|
+
|
70
|
+
it "role :hamlet is allowed to be" do
|
71
|
+
k = Klass1.new
|
72
|
+
k.action_name = 'be'
|
73
|
+
k.the_question.should be_true
|
74
|
+
end
|
75
|
+
|
76
|
+
it "role :hamlet is allowed to not_be" do
|
77
|
+
k = Klass1.new
|
78
|
+
k.action_name = 'not_be'
|
79
|
+
k.the_question.should be_true
|
80
|
+
end
|
81
|
+
|
82
|
+
it "not logged in is not allowed to be" do
|
83
|
+
k = Klass2.new
|
84
|
+
k.action_name = 'be'
|
85
|
+
k.the_question.should == false
|
86
|
+
end
|
87
|
+
|
88
|
+
it "noone is not allowed to be" do
|
89
|
+
k = Klass3.new
|
90
|
+
k.action_name = 'be'
|
91
|
+
k.the_question.should == false
|
92
|
+
end
|
93
|
+
end
|
data/test/roles_test.rb
ADDED
@@ -0,0 +1,293 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
|
3
|
+
require 'support/models'
|
4
|
+
|
5
|
+
#Logger = ActiveRecord::Base.logger
|
6
|
+
load 'support/schema.rb'
|
7
|
+
|
8
|
+
class RolesTest < Test::Unit::TestCase
|
9
|
+
before do
|
10
|
+
Role.destroy_all
|
11
|
+
[User, Foo, Bar].each { |model| model.delete_all }
|
12
|
+
|
13
|
+
@user = User.create!
|
14
|
+
@user2 = User.create!
|
15
|
+
@foo = Foo.create!
|
16
|
+
@bar = Bar.create!
|
17
|
+
end
|
18
|
+
|
19
|
+
it "should not have any roles by default" do
|
20
|
+
%w(user manager admin owner).each do |role|
|
21
|
+
@user.has_role?(role).should be_false
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
it "#has_role! without object (global role)" do
|
26
|
+
lambda do
|
27
|
+
@user.has_role!('admin')
|
28
|
+
end.should change { Role.count }.from(0).to(1)
|
29
|
+
|
30
|
+
@user.has_role?('admin').should be_true
|
31
|
+
@user2.has_role?('admin').should be_false
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should not count global role as object role" do
|
35
|
+
@user.has_role!('admin')
|
36
|
+
|
37
|
+
[@foo, @bar, Foo, Bar, @user].each do |obj|
|
38
|
+
@user.has_role?('admin', obj).should be_false
|
39
|
+
@user.has_roles_for?(obj).should be_false
|
40
|
+
@user.roles_for(obj).should == []
|
41
|
+
end
|
42
|
+
|
43
|
+
[@foo, @bar].each do |obj|
|
44
|
+
obj.accepts_role?('admin', @user).should be_false
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
it "#has_role! with object (object role)" do
|
49
|
+
@user.has_role!('manager', @foo)
|
50
|
+
|
51
|
+
@user.has_role?('manager', @foo).should be_true
|
52
|
+
@user.has_roles_for?(@foo).should be_true
|
53
|
+
@user.has_role_for?(@foo).should be_true
|
54
|
+
|
55
|
+
roles = @user.roles_for(@foo)
|
56
|
+
roles.should == @foo.accepted_roles_by(@user)
|
57
|
+
roles.size.should == 1
|
58
|
+
roles.first.name.should == "manager"
|
59
|
+
|
60
|
+
@user.has_role?('manager', @bar).should be_false
|
61
|
+
@user2.has_role?('manager', @foo).should be_false
|
62
|
+
|
63
|
+
@foo.accepts_role?('manager', @user).should be_true
|
64
|
+
@foo.accepts_role_by?(@user).should be_true
|
65
|
+
@foo.accepts_roles_by?(@user).should be_true
|
66
|
+
end
|
67
|
+
|
68
|
+
it "shoud count object role also as global role" do
|
69
|
+
@user.has_role!('manager', @foo)
|
70
|
+
|
71
|
+
@user.has_role?('manager').should be_true
|
72
|
+
end
|
73
|
+
|
74
|
+
it "should not count object role as object class role" do
|
75
|
+
@user.has_role!('manager', @foo)
|
76
|
+
@user.has_role?('manager', Foo).should be_false
|
77
|
+
end
|
78
|
+
|
79
|
+
it "#has_role! with class" do
|
80
|
+
@user.has_role!('user', Bar)
|
81
|
+
|
82
|
+
@user.has_role?('user', Bar).should be_true
|
83
|
+
@user.has_roles_for?(Bar).should be_true
|
84
|
+
@user.has_role_for?(Bar).should be_true
|
85
|
+
|
86
|
+
roles = @user.roles_for(Bar)
|
87
|
+
roles.size.should == 1
|
88
|
+
roles.first.name.should == "user"
|
89
|
+
|
90
|
+
@user.has_role?('user', Foo).should be_false
|
91
|
+
@user2.has_role?('user', Bar).should be_false
|
92
|
+
end
|
93
|
+
|
94
|
+
it "should not count class role as object role" do
|
95
|
+
@user.has_role!('manager', Foo)
|
96
|
+
@user.has_role?('manager', @foo).should be_false
|
97
|
+
end
|
98
|
+
|
99
|
+
it "should be able to have several roles on the same object" do
|
100
|
+
@user.has_role!('manager', @foo)
|
101
|
+
@user.has_role!('user', @foo)
|
102
|
+
@user.has_role!('admin', @foo)
|
103
|
+
|
104
|
+
@user.has_role!('owner', @bar)
|
105
|
+
|
106
|
+
@user.roles_for(@foo) .map(&:name).sort.should == %w(admin manager user)
|
107
|
+
@foo.accepted_roles_by(@user).map(&:name).sort.should == %w(admin manager user)
|
108
|
+
end
|
109
|
+
|
110
|
+
it "should reuse existing roles" do
|
111
|
+
@user.has_role!('owner', @bar)
|
112
|
+
@user2.has_role!('owner', @bar)
|
113
|
+
|
114
|
+
@user.role_objects.should == @user2.role_objects
|
115
|
+
end
|
116
|
+
|
117
|
+
it "#has_no_role! should unassign a global role from user" do
|
118
|
+
set_some_roles
|
119
|
+
|
120
|
+
lambda do
|
121
|
+
@user.has_no_role!('3133t')
|
122
|
+
end.should change { @user.role_objects.count }.by(-1)
|
123
|
+
|
124
|
+
@user.has_role?('3133t').should be_false
|
125
|
+
end
|
126
|
+
|
127
|
+
it "#has_no_role! should unassign an object role from user" do
|
128
|
+
set_some_roles
|
129
|
+
|
130
|
+
lambda do
|
131
|
+
@user.has_no_role!('manager', @foo)
|
132
|
+
end.should change { @user.role_objects.count }.by(-1)
|
133
|
+
|
134
|
+
@user.has_role?('manager', @foo).should be_false
|
135
|
+
@user.has_role?('user', @foo).should be_true # another role on the same object
|
136
|
+
end
|
137
|
+
|
138
|
+
it "#has_no_role! should unassign a class role from user" do
|
139
|
+
set_some_roles
|
140
|
+
|
141
|
+
lambda do
|
142
|
+
@user.has_no_role!('admin', Foo)
|
143
|
+
end.should change { @user.role_objects.count }.by(-1)
|
144
|
+
|
145
|
+
@user.has_role?('admin', Foo).should be_false
|
146
|
+
@user.has_role?('admin').should be_true # global role
|
147
|
+
end
|
148
|
+
|
149
|
+
it "#has_no_roles_for! should unassign global and class roles with nil object" do
|
150
|
+
set_some_roles
|
151
|
+
|
152
|
+
lambda do
|
153
|
+
@user.has_no_roles_for!
|
154
|
+
end.should change { @user.role_objects.count }.by(-4)
|
155
|
+
|
156
|
+
@user.has_role?('admin').should be_false
|
157
|
+
@user.has_role?('3133t').should be_false
|
158
|
+
@user.has_role?('admin', Foo).should be_false
|
159
|
+
@user.has_role?('manager', Foo).should be_false
|
160
|
+
end
|
161
|
+
|
162
|
+
it "#has_no_roles_for! should unassign object roles" do
|
163
|
+
set_some_roles
|
164
|
+
|
165
|
+
lambda do
|
166
|
+
@user.has_no_roles_for! @foo
|
167
|
+
end.should change { @user.role_objects.count }.by(-2)
|
168
|
+
|
169
|
+
@user.has_role?('user', @foo).should be_false
|
170
|
+
@user.has_role?('manager', @foo).should be_false
|
171
|
+
end
|
172
|
+
|
173
|
+
it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
|
174
|
+
set_some_roles
|
175
|
+
|
176
|
+
lambda do
|
177
|
+
@user.has_no_roles_for! Foo
|
178
|
+
end.should change { @user.role_objects.count }.by(-4)
|
179
|
+
|
180
|
+
@user.has_role?('admin', Foo).should be_false
|
181
|
+
@user.has_role?('manager', Foo).should be_false
|
182
|
+
@user.has_role?('user', @foo).should be_false
|
183
|
+
@user.has_role?('manager', @foo).should be_false
|
184
|
+
end
|
185
|
+
|
186
|
+
it "#has_no_roles! should unassign all roles" do
|
187
|
+
set_some_roles
|
188
|
+
|
189
|
+
@user.has_no_roles!
|
190
|
+
@user.role_objects.count.should == 0
|
191
|
+
end
|
192
|
+
|
193
|
+
it "should delete unused roles from table" do
|
194
|
+
@user.has_role!('owner', @bar)
|
195
|
+
@user2.has_role!('owner', @bar)
|
196
|
+
|
197
|
+
Role.count.should == 1
|
198
|
+
|
199
|
+
@bar.accepts_no_role!('owner', @user2)
|
200
|
+
Role.count.should == 1
|
201
|
+
|
202
|
+
@bar.accepts_no_role!('owner', @user)
|
203
|
+
|
204
|
+
Role.count.should == 0
|
205
|
+
end
|
206
|
+
|
207
|
+
it "should accept :symbols as role names" do
|
208
|
+
@user.has_role! :admin
|
209
|
+
@user.has_role! :_3133t
|
210
|
+
|
211
|
+
@user.has_role! :admin, Foo
|
212
|
+
@user.has_role! :manager, Foo
|
213
|
+
@user.has_role! :user, @foo
|
214
|
+
@foo.accepts_role! :manager, @user
|
215
|
+
@bar.accepts_role! :owner, @user
|
216
|
+
|
217
|
+
@user.has_role?(:admin).should be_true
|
218
|
+
@user.has_role?(:_3133t).should be_true
|
219
|
+
@user.has_role?(:admin, Foo).should be_true
|
220
|
+
@user.has_role?(:manager, @foo).should be_true
|
221
|
+
end
|
222
|
+
|
223
|
+
private
|
224
|
+
|
225
|
+
def set_some_roles
|
226
|
+
@user.has_role!('admin')
|
227
|
+
@user.has_role!('3133t')
|
228
|
+
|
229
|
+
@user.has_role!('admin', Foo)
|
230
|
+
@user.has_role!('manager', Foo)
|
231
|
+
@user.has_role!('user', @foo)
|
232
|
+
@foo.accepts_role!('manager', @user)
|
233
|
+
@bar.accepts_role!('owner', @user)
|
234
|
+
end
|
235
|
+
end
|
236
|
+
|
237
|
+
class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
238
|
+
before do
|
239
|
+
AnotherRole.destroy_all
|
240
|
+
[AnotherSubject, FooBar].each { |model| model.delete_all }
|
241
|
+
|
242
|
+
@subj = AnotherSubject.create!
|
243
|
+
@subj2 = AnotherSubject.create!
|
244
|
+
@foobar = FooBar.create!
|
245
|
+
end
|
246
|
+
|
247
|
+
it "should basically work" do
|
248
|
+
lambda do
|
249
|
+
@subj.has_role!('admin')
|
250
|
+
@subj.has_role!('user', @foobar)
|
251
|
+
end.should change { AnotherRole.count }.from(0).to(2)
|
252
|
+
|
253
|
+
@subj.has_role?('admin').should be_true
|
254
|
+
@subj2.has_role?('admin').should be_false
|
255
|
+
|
256
|
+
@subj.has_role?(:user, @foobar).should be_true
|
257
|
+
@subj2.has_role?(:user, @foobar).should be_false
|
258
|
+
|
259
|
+
@subj.has_no_roles!
|
260
|
+
@subj2.has_no_roles!
|
261
|
+
end
|
262
|
+
end
|
263
|
+
|
264
|
+
class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
|
265
|
+
before do
|
266
|
+
Other::Role.destroy_all
|
267
|
+
[Other::User, Other::FooBar].each { |model| model.delete_all }
|
268
|
+
|
269
|
+
@user = Other::User.create!
|
270
|
+
@user2 = Other::User.create!
|
271
|
+
@foobar = Other::FooBar.create!
|
272
|
+
|
273
|
+
end
|
274
|
+
|
275
|
+
it "should basically work" do
|
276
|
+
lambda do
|
277
|
+
@user.has_role!('admin')
|
278
|
+
@user.has_role!('user', @foobar)
|
279
|
+
end.should change { Other::Role.count }.from(0).to(2)
|
280
|
+
|
281
|
+
@user.has_role?('admin').should be_true
|
282
|
+
@user2.has_role?('admin').should be_false
|
283
|
+
|
284
|
+
@user.has_role?(:user, @foobar).should be_true
|
285
|
+
@user2.has_role?(:user, @foobar).should be_false
|
286
|
+
|
287
|
+
@foobar.accepted_roles.count.should == 1
|
288
|
+
|
289
|
+
@user.has_no_roles!
|
290
|
+
@user2.has_no_roles!
|
291
|
+
end
|
292
|
+
end
|
293
|
+
|
@@ -0,0 +1,207 @@
|
|
1
|
+
class ApplicationController < ActionController::Base
|
2
|
+
rescue_from Acl9::AccessDenied do |e|
|
3
|
+
render :text => 'AccessDenied'
|
4
|
+
end
|
5
|
+
end
|
6
|
+
|
7
|
+
class EmptyController < ApplicationController
|
8
|
+
attr_accessor :current_user
|
9
|
+
before_filter :set_current_user
|
10
|
+
|
11
|
+
[:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
|
12
|
+
define_method(act) { render :text => 'OK' }
|
13
|
+
end
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def set_current_user
|
18
|
+
if params[:user]
|
19
|
+
self.current_user = params[:user]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
module TrueFalse
|
25
|
+
private
|
26
|
+
|
27
|
+
def true_meth; true end
|
28
|
+
def false_meth; false end
|
29
|
+
end
|
30
|
+
|
31
|
+
# all these controllers behave the same way
|
32
|
+
|
33
|
+
class ACLBlock < EmptyController
|
34
|
+
access_control :debug => true do
|
35
|
+
allow all, :to => [:index, :show]
|
36
|
+
allow :admin
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
class ACLMethod < EmptyController
|
41
|
+
access_control :as_method => :acl do
|
42
|
+
allow all, :to => [:index, :show]
|
43
|
+
allow :admin, :except => [:index, :show]
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
class ACLMethod2 < EmptyController
|
48
|
+
access_control :acl do
|
49
|
+
allow all, :to => [:index, :show]
|
50
|
+
allow :admin, :except => [:index, :show]
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
class ACLArguments < EmptyController
|
55
|
+
access_control :except => [:index, :show] do
|
56
|
+
allow :admin, :if => :true_meth, :unless => :false_meth
|
57
|
+
end
|
58
|
+
|
59
|
+
include TrueFalse
|
60
|
+
end
|
61
|
+
|
62
|
+
class ACLBooleanMethod < EmptyController
|
63
|
+
access_control :acl, :filter => false do
|
64
|
+
allow all, :to => [:index, :show], :if => :true_meth
|
65
|
+
allow :admin, :unless => :false_meth
|
66
|
+
allow all, :if => :false_meth
|
67
|
+
allow all, :unless => :true_meth
|
68
|
+
end
|
69
|
+
|
70
|
+
before_filter :check_acl
|
71
|
+
|
72
|
+
def check_acl
|
73
|
+
if self.acl
|
74
|
+
true
|
75
|
+
else
|
76
|
+
raise Acl9::AccessDenied
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
include TrueFalse
|
81
|
+
end
|
82
|
+
|
83
|
+
###########################################
|
84
|
+
class MyDearFoo
|
85
|
+
include Singleton
|
86
|
+
end
|
87
|
+
|
88
|
+
class ACLIvars < EmptyController
|
89
|
+
class VenerableBar; end
|
90
|
+
|
91
|
+
before_filter :set_ivars
|
92
|
+
|
93
|
+
access_control do
|
94
|
+
action :destroy do
|
95
|
+
allow :owner, :of => :foo
|
96
|
+
allow :bartender, :at => VenerableBar
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
private
|
101
|
+
|
102
|
+
def set_ivars
|
103
|
+
@foo = MyDearFoo.instance
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
class ACLSubjectMethod < ApplicationController
|
108
|
+
access_control :subject_method => :the_only_user do
|
109
|
+
allow :the_only_one
|
110
|
+
end
|
111
|
+
|
112
|
+
def index
|
113
|
+
render :text => 'OK'
|
114
|
+
end
|
115
|
+
|
116
|
+
private
|
117
|
+
|
118
|
+
def the_only_user
|
119
|
+
params[:user]
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
class ACLObjectsHash < ApplicationController
|
124
|
+
access_control :allowed?, :filter => false do
|
125
|
+
allow :owner, :of => :foo
|
126
|
+
end
|
127
|
+
|
128
|
+
def allow
|
129
|
+
@foo = nil
|
130
|
+
render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
|
131
|
+
end
|
132
|
+
|
133
|
+
def current_user
|
134
|
+
params[:user]
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
class ACLActionOverride < ApplicationController
|
139
|
+
access_control :allowed?, :filter => false do
|
140
|
+
allow all, :to => :index
|
141
|
+
deny all, :to => :show
|
142
|
+
allow :owner, :of => :foo, :to => :edit
|
143
|
+
end
|
144
|
+
|
145
|
+
def check_allow
|
146
|
+
render :text => (allowed?(params[:_action]) ? 'OK' : 'AccessDenied')
|
147
|
+
end
|
148
|
+
|
149
|
+
def check_allow_with_foo
|
150
|
+
render :text => (allowed?(params[:_action], :foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
|
151
|
+
end
|
152
|
+
|
153
|
+
def current_user
|
154
|
+
params[:user]
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
|
159
|
+
class ACLHelperMethod < ApplicationController
|
160
|
+
access_control :helper => :foo? do
|
161
|
+
allow :owner, :of => :foo
|
162
|
+
end
|
163
|
+
|
164
|
+
def allow
|
165
|
+
@foo = MyDearFoo.instance
|
166
|
+
|
167
|
+
render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
|
168
|
+
end
|
169
|
+
|
170
|
+
def current_user
|
171
|
+
params[:user]
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
class ACLQueryMethod < ApplicationController
|
176
|
+
attr_accessor :current_user
|
177
|
+
|
178
|
+
access_control :acl, :query_method => true do
|
179
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
180
|
+
allow :viewer, :to => [:index, :show]
|
181
|
+
allow :owner, :of => :foo, :to => :fooize
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
class ACLQueryMethodWithLambda < ApplicationController
|
186
|
+
attr_accessor :current_user
|
187
|
+
|
188
|
+
access_control :query_method => :acl? do
|
189
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
190
|
+
allow :viewer, :to => [:index, :show]
|
191
|
+
allow :owner, :of => :foo, :to => :fooize
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
class ACLNamedQueryMethod < ApplicationController
|
196
|
+
attr_accessor :current_user
|
197
|
+
|
198
|
+
access_control :acl, :query_method => 'allow_ay' do
|
199
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
200
|
+
allow :viewer, :to => [:index, :show]
|
201
|
+
allow :owner, :of => :foo, :to => :fooize
|
202
|
+
end
|
203
|
+
|
204
|
+
def acl?(*args)
|
205
|
+
allow_ay(*args)
|
206
|
+
end
|
207
|
+
end
|