what's wrong with the finding via restricted association?

inossidabile / protector

Comfortable (seriously) white-list security restrictions for models on a field level

MIT License

270 stars 31 forks source link

what's wrong with the finding via restricted association? #48

Closed AlexanderPavlenko closed 10 years ago

AlexanderPavlenko commented 10 years ago

restricted_model.many_things.find(thing_id).can?(:destroy) # => false
restricted_model.many_things.find(thing_id).restrict!(restricted_model.protector_subject).can?(:destroy) # => true
restricted_model.many_things.find(thing_id).can?(:destroy) # => true
restricted_model.many_things(true).find(thing_id).can?(:destroy) # => true

:scream:

inossidabile commented 10 years ago

Please show me which protector subjects you get for each case?

AlexanderPavlenko commented 10 years ago

It was the same User object, as far as I remember. Anyway, this code mutated to something else already, so I close this until I step on another rakes like this :D