stffn-declarative_authorization 0.3.2.1 → 0.3.2.2

data/lib/declarative_authorization/authorization.rb

@@ -33,10 +33,10 @@ module Authorization
     Thread.current["current_user"] = user
   end
   
-  @@ignore_access_control = false
   # For use in test cases only
   def self.ignore_access_control (state = nil) # :nodoc:
-    false
+    Thread.current["ignore_access_control"] = state unless state.nil?
+    Thread.current["ignore_access_control"] || false
   end
 
   def self.activate_authorization_rules_browser? # :nodoc:

data/lib/declarative_authorization/in_controller.rb

@@ -555,8 +555,8 @@ module Authorization
         unless object
           begin
             object = load_object_model.find(contr.params[:id])
-          rescue ActiveRecord::RecordNotFound
-            logger.debug("filter_access_to tried to find " +
+          rescue ActiveRecord::RecordNotFound, RuntimeError
+            contr.logger.debug("filter_access_to tried to find " +
                 "#{load_object_model.inspect} from params[:id] " +
                 "(#{contr.params[:id].inspect}), because attribute_check is enabled " +
                 "and #{instance_var.to_s} isn't set.")

data/lib/declarative_authorization/maintenance.rb

@@ -2,12 +2,6 @@
 require File.dirname(__FILE__) + '/authorization.rb'
 
 module Authorization
-  
-  def self.ignore_access_control (state = nil) # :nodoc:
-    Thread.current["ignore_access_control"] = state unless state.nil?
-    Thread.current["ignore_access_control"] || false
-  end
-  
   # Provides a few maintenance methods for modifying data without enforcing
   # authorization.
   module Maintenance
@@ -21,8 +15,8 @@ module Authorization
     #  without_access_control do
     #    SomeModel.find(:first).save
     #  end
-    def without_access_control
-      self.class.without_access_control
+    def without_access_control (&block)
+      Authorization::Maintenance.without_access_control(&block)
     end
 
     # A class method variant of without_access_control.  Thus, one can call

data/test/controller_test.rb

@@ -124,9 +124,6 @@ class BasicControllerTest < ActionController::TestCase
     }
     request!(MockUser.new(:test_role), "new", reader)
     assert @controller.authorized?
-    
-    request!(MockUser.new(:test_role), "edit_2", reader)
-    assert !@controller.authorized?
   end
   
   def test_existing_instance_var_remains_unchanged
@@ -238,6 +235,23 @@ class LoadObjectControllerTest < ActionController::TestCase
     assert @controller.authorized?
     assert @controller.instance_variable_defined?(:@load_mock_object)
   end
+
+  def test_filter_access_object_load_without_param
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :load_mock_objects, :to => [:show, :edit] do
+            if_attribute :id => is {"1"}
+          end
+        end
+      end
+    }
+
+    assert_raise RuntimeError, "No id param supplied" do
+      request!(MockUser.new(:test_role), "show", reader)
+    end
+  end
   
   def test_filter_access_with_object_load_custom
     reader = Authorization::Reader::DSLReader.new

data/test/maintenance_test.rb

@@ -2,6 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper.rb')
 require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
 
 class MaintenanceTest < Test::Unit::TestCase
+  include Authorization::TestHelper
 
   def test_usages_by_controllers
     usage_test_controller = Class.new(ActionController::Base)
@@ -25,6 +26,10 @@ class MaintenanceTest < Test::Unit::TestCase
     assert !engine.permit?(:test_2, :context => :permissions,
         :user => MockUser.new(:test_role))
     Authorization::Maintenance::without_access_control do
+      assert engine.permit!(:test_2, :context => :permissions,
+          :user => MockUser.new(:test_role))
+    end
+    without_access_control do
       assert engine.permit?(:test_2, :context => :permissions,
           :user => MockUser.new(:test_role))
     end

data/test/test_helper.rb

@@ -86,8 +86,10 @@ class MocksController < ActionController::Base
         #p args
       end
       alias_method :info, :warn
+      alias_method :debug, :warn
       def warn?; end
       alias_method :info?, :warn?
+      alias_method :debug?, :warn?
     end.new
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: stffn-declarative_authorization
 version: !ruby/object:Gem::Version 
-  version: 0.3.2.1
+  version: 0.3.2.2
 platform: ruby
 authors: 
 - Steffen Bartsch
@@ -77,7 +77,6 @@ files:
 - test/test_helper.rb
 has_rdoc: true
 homepage: http://github.com/stffn/declarative_authorization
-licenses: 
 post_install_message: 
 rdoc_options: []
 
@@ -98,7 +97,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.5
+rubygems_version: 1.2.0
 signing_key: 
 specification_version: 2
 summary: declarative_authorization is a Rails plugin for authorization based on readable authorization rules.