Download as
Browse Code »

Commit 7018f3aad24d40c09dd58b39ab391afbf6c72ce7

Authored by Victor Costa
1 parent 1a167fcf
Exists in master and in 25 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, temp_ratings, tests, tests_fixies

Allow more than one permission when define access control with 'protect'

Showing 3 changed files with 20 additions and 3 deletions   Show diff stats
vendor/plugins/access_control/lib/permission_check.rb
  Diff comments   View file @7018f3a
... ... @@ -19,7 +19,7 @@ module PermissionCheck
19 19 before_filter actions do |c|
20 20 target = target_method.kind_of?(Symbol) ? c.send(target_method) : target_method
21 21 accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method
22   - unless accessor && accessor.has_permission?(permission.to_s, target)
  22 + unless Array.wrap(permission).map {|p| accessor && accessor.has_permission?(p.to_s, target)}.any?
23 23 c.class.render_access_denied(c) && false
24 24 end
25 25 end
... ...
vendor/plugins/access_control/test/permission_check_test.rb
  Diff comments   View file @7018f3a
... ... @@ -28,9 +28,20 @@ class PermissionCheckTest < ActionController::TestCase
28 28 end
29 29  
30 30 def test_try_render_shared_access_denied_view
31   - File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'access_control', 'access_denied.rhtml'))
32   - File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'shared', 'access_denied.rhtml'))
  31 + File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'access_control', 'access_denied.html.erb'))
  32 + File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'shared', 'access_denied.html.erb'))
33 33 AccessControlTestController.access_denied_template_path
34 34 end
35 35  
  36 + def test_allow_access_to_user_with_one_of_multiple_permissions
  37 + user = AccessControlTestAccessor.create!(:name => 'other_user')
  38 + role = Role.create!(:name => 'other_role', :permissions => ['permission1'])
  39 + resource = AccessControlTestResource.create!(:name => 'some_resource')
  40 + assert user.add_role(role, resource)
  41 + assert user.has_permission?('permission1', resource)
  42 +
  43 + get :stuff_with_multiple_permission, :user => user.id, :resource => resource.id
  44 + assert_response :success
  45 + end
  46 +
36 47 end
... ...
vendor/plugins/access_control/test/test_helper.rb
  Diff comments   View file @7018f3a
... ... @@ -41,6 +41,8 @@ class AccessControlTestController < ApplicationController
41 41 include PermissionCheck
42 42 protect 'see_index', 'global', :user, :only => :index
43 43 protect 'do_some_stuff', :resource, :user, :only => :other_stuff
  44 + protect ['permission1', 'permission2'], :resource, :user, :only => :stuff_with_multiple_permission
  45 +
44 46 def index
45 47 render :text => 'test controller'
46 48 end
... ... @@ -49,6 +51,10 @@ class AccessControlTestController < ApplicationController
49 51 render :text => 'test stuff'
50 52 end
51 53  
  54 + def stuff_with_multiple_permission
  55 + render :text => 'multiple permission'
  56 + end
  57 +
52 58 protected
53 59 def user
54 60 AccessControlTestAccessor.find(params[:user]) if params[:user]
... ...