permitted_to?(:action, @object.proxy_reflection) builds an object and pollutes the space.
16 views
Skip to first unread message
dgm
May 25, 2012, 5:57:08 PM5/25/12
to declarative_authorization
Given:
Class Person ...
has_many :phone_numbers, :through => :person_phone_numbers
end
With a view
Before call: <%= @person.phone_numbers.length %>
<% permitted_to? :edit, @person.phone_numbers do %>
After permitted_to? <%= @person.phone_numbers.length %>
<% end %>
I get this as output:
Before call: 1 After permitted_to? 2
I see this happening in authorization.rb line 167:
# If the object responds to :proxy_reflection, we're probably
working with
# an association proxy. Use 'new' to leverage ActiveRecord's
builder
# functionality to obtain an object against which we can check
permissions.
#
# Example: permit!( :edit, :object => user.posts )
#
if Authorization.is_a_association_proxy?(options[:object]) &&
options[:object].respond_to?(:new)
options[:object] = options[:object].new
end
I understand that if no object exists, you can't test it very well,
but when that object persists after the call is done, there is a
spurious object that messes up my views that iterate over that object.
Just to test my theory, I changed that to grab the first item in the
array, and my render dropped back to the proper number of elements.
That still doesn't fix the case where the association was empty.
Any ideas? Could we store a reference to the built object, and
remove it before leaving?
Class Person ...
has_many :phone_numbers, :through => :person_phone_numbers
end
With a view
Before call: <%= @person.phone_numbers.length %>
<% permitted_to? :edit, @person.phone_numbers do %>
After permitted_to? <%= @person.phone_numbers.length %>
<% end %>
I get this as output:
Before call: 1 After permitted_to? 2
I see this happening in authorization.rb line 167:
# If the object responds to :proxy_reflection, we're probably
working with
# an association proxy. Use 'new' to leverage ActiveRecord's
builder
# functionality to obtain an object against which we can check
permissions.
#
# Example: permit!( :edit, :object => user.posts )
#
if Authorization.is_a_association_proxy?(options[:object]) &&
options[:object].respond_to?(:new)
options[:object] = options[:object].new
end
I understand that if no object exists, you can't test it very well,
but when that object persists after the call is done, there is a
spurious object that messes up my views that iterate over that object.
Just to test my theory, I changed that to grab the first item in the
array, and my render dropped back to the proper number of elements.
That still doesn't fix the case where the association was empty.
Any ideas? Could we store a reference to the built object, and
remove it before leaving?
David Morton
May 25, 2012, 6:45:13 PM5/25/12
to declarative_...@googlegroups.com
It seems hackish, but it works:
Inside permit!, wrap it with a begin/ensure block. When making test object, store the proxy object and the new temp object, and then in the ensure section, delete it.
I sent a pull request, 147.
The request doesn't change the indention of the code within the begin/ensure block to make the change easy to read, but I'll leave it to others to decide if the indention should be changed.
Inside permit!, wrap it with a begin/ensure block. When making test object, store the proxy object and the new temp object, and then in the ensure section, delete it.
I sent a pull request, 147.
The request doesn't change the indention of the code within the begin/ensure block to make the change easy to read, but I'll leave it to others to decide if the indention should be changed.
Reply all
Reply to author
Forward
0 new messages