Closed fdeschenes closed 11 years ago
Subject can be restricted too as well. So I've decided to solve it cardinally. I've added special wrapper: Protector.insecurely
. It works this way:
Protector.insecurely do
# whatever you do here, even new restrictions, your entities will stay unprotected
end
So meta block evaluation is now wrapped in such thing. Should work, check it out.
There seems to be something wrong with the way it handles associations. In the example below, the check for
message.user_id == user.id
causes an endless loop.Here's a trace of the loop (this is repeated several times) because the server returns a 500.
I've temporarily resolved this locally changing the
Protector::DSL::Meta#initialize
method to unrestrict the "entry" and then restrict it again. Here's my solution:I'm not sure if this is the best solution but it's definitely fixed the issue. Let me know if you want me to commit my change or if you'd rather fix it yourself.