end
def current_ability
- Ability.new(current_user).merge(granted_capability)
- end
-
- def granted_capability
- Capability.new(current_user, current_token)
+ # Add in capabilities from the oauth token if it exists and is a valid access token
+ if Authenticator.new(self, [:token]).allow?
+ Ability.new(current_user).merge(Capability.new(current_token))
+ else
+ Ability.new(current_user)
+ end
end
def deny_access(_exception)
class Capability
include CanCan::Ability
- def initialize(user, token)
- if user
- can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
- can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
- end
+ def initialize(token)
+ can [:read, :read_one], UserPreference if capability?(token, :allow_read_prefs)
+ can [:update, :update_one, :delete_one], UserPreference if capability?(token, :allow_write_prefs)
end
private
class UserCapabilityTest < CapabilityTest
test "user preferences" do
- user = create(:user)
-
# a user with no tokens
- capability = Capability.new create(:user), nil
+ capability = Capability.new nil
[:read, :read_one, :update, :update_one, :delete_one].each do |act|
assert capability.cannot? act, UserPreference
end
# A user with empty tokens
- capability = Capability.new create(:user), tokens
+ capability = Capability.new tokens
[:read, :read_one, :update, :update_one, :delete_one].each do |act|
assert capability.cannot? act, UserPreference
end
- capability = Capability.new user, tokens(:allow_read_prefs)
+ capability = Capability.new tokens(:allow_read_prefs)
[:update, :update_one, :delete_one].each do |act|
assert capability.cannot? act, UserPreference
assert capability.can? act, UserPreference
end
- capability = Capability.new user, tokens(:allow_write_prefs)
+ capability = Capability.new tokens(:allow_write_prefs)
[:read, :read_one].each do |act|
assert capability.cannot? act, UserPreference
end
projects / rails.git / commitdiff