RubyGems - stffn-declarative_authorization - Versions diffs - 0.3.2.1 → 0.3.2.2 - Mend

stffn-declarative_authorization 0.3.2.1 → 0.3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/lib/declarative_authorization/authorization.rb +2 -2
data/lib/declarative_authorization/in_controller.rb +2 -2
data/lib/declarative_authorization/maintenance.rb +2 -8
data/test/controller_test.rb +17 -3
data/test/maintenance_test.rb +5 -0
data/test/test_helper.rb +2 -0
metadata +2 -3

data/lib/declarative_authorization/authorization.rb CHANGED

@@ -33,10 +33,10 @@ module Authorization
     Thread.current["current_user"] = user
   end
-  @@ignore_access_control = false
   # For use in test cases only
   def self.ignore_access_control (state = nil) # :nodoc:
-    false
+    Thread.current["ignore_access_control"] = state unless state.nil?
+    Thread.current["ignore_access_control"] || false
   end
   def self.activate_authorization_rules_browser? # :nodoc:

data/lib/declarative_authorization/in_controller.rb CHANGED

@@ -555,8 +555,8 @@ module Authorization
         unless object
           begin
             object = load_object_model.find(contr.params[:id])
-          rescue ActiveRecord::RecordNotFound
-            logger.debug("filter_access_to tried to find " +
+          rescue ActiveRecord::RecordNotFound, RuntimeError
+            contr.logger.debug("filter_access_to tried to find " +
                 "#{load_object_model.inspect} from params[:id] " +
                 "(#{contr.params[:id].inspect}), because attribute_check is enabled " +
                 "and #{instance_var.to_s} isn't set.")

data/lib/declarative_authorization/maintenance.rb CHANGED

@@ -2,12 +2,6 @@
 require File.dirname(__FILE__) + '/authorization.rb'
 module Authorization
-  def self.ignore_access_control (state = nil) # :nodoc:
-    Thread.current["ignore_access_control"] = state unless state.nil?
-    Thread.current["ignore_access_control"] || false
-  end
   # Provides a few maintenance methods for modifying data without enforcing
   # authorization.
   module Maintenance
@@ -21,8 +15,8 @@ module Authorization
     #  without_access_control do
     #    SomeModel.find(:first).save
     #  end
-    def without_access_control
-      self.class.without_access_control
+    def without_access_control (&block)
+      Authorization::Maintenance.without_access_control(&block)
     end
     # A class method variant of without_access_control.  Thus, one can call

data/test/controller_test.rb CHANGED

@@ -124,9 +124,6 @@ class BasicControllerTest < ActionController::TestCase
     }
     request!(MockUser.new(:test_role), "new", reader)
     assert @controller.authorized?
-    request!(MockUser.new(:test_role), "edit_2", reader)
-    assert !@controller.authorized?
   end
   def test_existing_instance_var_remains_unchanged
@@ -238,6 +235,23 @@ class LoadObjectControllerTest < ActionController::TestCase
     assert @controller.authorized?
     assert @controller.instance_variable_defined?(:@load_mock_object)
   end
+  def test_filter_access_object_load_without_param
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :load_mock_objects, :to => [:show, :edit] do
+            if_attribute :id => is {"1"}
+          end
+        end
+      end
+    }
+    assert_raise RuntimeError, "No id param supplied" do
+      request!(MockUser.new(:test_role), "show", reader)
+    end
+  end
   def test_filter_access_with_object_load_custom
     reader = Authorization::Reader::DSLReader.new

data/test/maintenance_test.rb CHANGED

@@ -2,6 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper.rb')
 require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
 class MaintenanceTest < Test::Unit::TestCase
+  include Authorization::TestHelper
   def test_usages_by_controllers
     usage_test_controller = Class.new(ActionController::Base)
@@ -25,6 +26,10 @@ class MaintenanceTest < Test::Unit::TestCase
     assert !engine.permit?(:test_2, :context => :permissions,
         :user => MockUser.new(:test_role))
     Authorization::Maintenance::without_access_control do
+      assert engine.permit!(:test_2, :context => :permissions,
+          :user => MockUser.new(:test_role))
+    end
+    without_access_control do
       assert engine.permit?(:test_2, :context => :permissions,
           :user => MockUser.new(:test_role))
     end

data/test/test_helper.rb CHANGED

@@ -86,8 +86,10 @@ class MocksController < ActionController::Base
         #p args
       end
       alias_method :info, :warn
+      alias_method :debug, :warn
       def warn?; end
       alias_method :info?, :warn?
+      alias_method :debug?, :warn?
     end.new
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stffn-declarative_authorization
 version: !ruby/object:Gem::Version
-  version: 0.3.2.1
+  version: 0.3.2.2
 platform: ruby
 authors:
 - Steffen Bartsch
@@ -77,7 +77,6 @@ files:
 - test/test_helper.rb
 has_rdoc: true
 homepage: http://github.com/stffn/declarative_authorization
-licenses:
 post_install_message:
 rdoc_options: []
@@ -98,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project:
-rubygems_version: 1.3.5
+rubygems_version: 1.2.0
 signing_key:
 specification_version: 2
 summary: declarative_authorization is a Rails plugin for authorization based on readable authorization rules.