Merge pull request #626 from QWYNG/authorize_return_record_with_namespase_arry
'.authorize' and '#authorize' return record even with passed record with namespace array
This commit is contained in:
commit
772fcacd98
|
@ -71,7 +71,7 @@ module Pundit
|
|||
|
||||
raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
|
||||
|
||||
record
|
||||
record.is_a?(Array) ? record.last : record
|
||||
end
|
||||
|
||||
# Retrieves the policy scope for the given record.
|
||||
|
@ -222,7 +222,7 @@ protected
|
|||
|
||||
raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
|
||||
|
||||
record
|
||||
record.is_a?(Array) ? record.last : record
|
||||
end
|
||||
|
||||
# Allow this action not to perform authorization.
|
||||
|
|
|
@ -25,6 +25,26 @@ describe Pundit do
|
|||
expect(Pundit.authorize(user, post, :update?)).to be_truthy
|
||||
end
|
||||
|
||||
it "returns the record on successful authorization" do
|
||||
expect(Pundit.authorize(user, post, :update?)).to eq(post)
|
||||
end
|
||||
|
||||
it "returns the record when passed record with namespace " do
|
||||
expect(Pundit.authorize(user, [:project, comment], :update?)).to eq(comment)
|
||||
end
|
||||
|
||||
it "returns the record when passed record with nested namespace " do
|
||||
expect(Pundit.authorize(user, [:project, :admin, comment], :update?)).to eq(comment)
|
||||
end
|
||||
|
||||
it "returns the policy name symbol when passed record with headless policy" do
|
||||
expect(Pundit.authorize(user, :publication, :create?)).to eq(:publication)
|
||||
end
|
||||
|
||||
it "returns the class when passed record not a particular instance" do
|
||||
expect(Pundit.authorize(user, Post, :show?)).to eq(Post)
|
||||
end
|
||||
|
||||
it "can be given a different policy class" do
|
||||
expect(Pundit.authorize(user, post, :create?, policy_class: PublicationPolicy)).to be_truthy
|
||||
end
|
||||
|
@ -410,7 +430,23 @@ describe Pundit do
|
|||
end
|
||||
|
||||
it "returns the record on successful authorization" do
|
||||
expect(controller.authorize(post)).to be(post)
|
||||
expect(controller.authorize(post)).to eq(post)
|
||||
end
|
||||
|
||||
it "returns the record when passed record with namespace " do
|
||||
expect(controller.authorize([:project, comment], :update?)).to eq(comment)
|
||||
end
|
||||
|
||||
it "returns the record when passed record with nested namespace " do
|
||||
expect(controller.authorize([:project, :admin, comment], :update?)).to eq(comment)
|
||||
end
|
||||
|
||||
it "returns the policy name symbol when passed record with headless policy" do
|
||||
expect(controller.authorize(:publication, :create?)).to eq(:publication)
|
||||
end
|
||||
|
||||
it "returns the class when passed record not a particular instance" do
|
||||
expect(controller.authorize(Post, :show?)).to eq(Post)
|
||||
end
|
||||
|
||||
it "can be given a different permission to check" do
|
||||
|
|
|
@ -158,6 +158,10 @@ class CriteriaPolicy < Struct.new(:user, :criteria); end
|
|||
|
||||
module Project
|
||||
class CommentPolicy < Struct.new(:user, :comment)
|
||||
def update?
|
||||
true
|
||||
end
|
||||
|
||||
class Scope < Struct.new(:user, :scope)
|
||||
def resolve
|
||||
scope
|
||||
|
@ -174,6 +178,14 @@ module Project
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
module Admin
|
||||
class CommentPolicy < Struct.new(:user, :comment)
|
||||
def update?
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
class DenierPolicy < Struct.new(:user, :record)
|
||||
|
|
Loading…
Reference in New Issue