Bug related to :manage and using multiple operations in permission definition

chaps-io / access-granted

Multi-role and whitelist based authorization gem for Rails (and not only Rails!)

MIT License

774 stars 41 forks source link

Bug related to :manage and using multiple operations in permission definition #21

Closed vittorius closed 8 years ago

vittorius commented 8 years ago

Hey there. I've spotted a couple of cases where behavior doesn't seem logical:

role :admin, proc { |user| user.admin? } do
  can :manage, Merchant # can? :edit @merchant is AccessDenied, :read is OK
end

role :admin, proc { |user| user.admin? } do
  can [:manage], Merchant # can? :edit @merchant is AccessDenied, :read is AccessDenied
end

role :admin, proc { |user| user.admin? } do
  can [:manage, :edit], Merchant # can? :edit @merchant is AccessDenied, :read is AccessDenied
end

:question: :question: :question:

pokonski commented 8 years ago

can :manage is only a shortcut right now, it doesn't work with other attributes or inside an array, but this is worth improving so your examples can work, too :)

vittorius commented 8 years ago

role :admin, proc { |user| user.admin? } do
  can :manage, Merchant # can? :read @merchant is OK
  can :edit, Merchant # can? :edit @merchant is OK
end

vittorius commented 8 years ago

OK, will take into account. I'm your beta tester for today :smile:

pokonski commented 8 years ago

Yeah, see this: https://github.com/chaps-io/access-granted/blob/master/lib/access-granted/role.rb#L71-L75

So when you provide other permissions in separate can calls it will work :)

OK, will take into account. I'm your beta tester for today :smile:

I appreciate that! :D