Project

General

Profile

hosts_escalation.patch

tests not working, just for partial review - Marek Hulán, 07/31/2013 11:04 AM

View differences:

app/controllers/api/base_controller.rb
35 35
      @resource_class ||= resource_name.camelize.constantize
36 36
    end
37 37

  
38
    def resource_scope
39
      @resource_scope ||= resource_class.scoped
40
    end
41

  
38 42
    protected
39 43

  
40 44
    def process_resource_error(options = { })
......
110 114
      resource = resource_identifying_attributes.find do |key|
111 115
        next if key=='id' and params[:id].to_i == 0
112 116
        method = "find_by_#{key}"
113
        resource_class.respond_to?(method) and
114
          (resource = resource_class.send method, params[:id]) and
117
        resource_scope.respond_to?(method) and
118
          (resource = resource_scope.send method, params[:id]) and
115 119
          break resource
116 120
      end
117 121

  
app/controllers/api/v1/hosts_controller.rb
108 108
        @host.request_url = request.host_with_port if @host.respond_to?(:request_url)
109 109
      end
110 110

  
111
      # we need to limit resources for a current user
112
      def resource_scope
113
        resource_class.my_hosts
114
      end
115

  
111 116
    end
112 117
  end
113 118
end
test/fixtures/users.yml
18 18
  last_login_on: 2009-10-12 21:50:04
19 19
  auth_source: one
20 20

  
21
three:
22
  login: thtree
23
  firstname: Three
24
  lastname: User
25
  mail: userthree@someware.com
26
  admin: false
27
  last_login_on: 2009-10-12 21:50:04
28
  auth_source: one
29
  filter_on_owner: true
30

  
21 31
admin:
22 32
  login: admin
23 33
  firstname: Admin
......
49 59
  last_login_on: 2009-10-12 21:50:04
50 60
  auth_source: internal
51 61
  password_hash: 02d7ff9921071af778ff4f8608579dcd6d80dfba
52
  password_salt: 80a167f1effbd82c2485ed81c3cfd68b11bc40dc
62
  password_salt: 80a167f1effbd82c2485ed81c3cfd68b11bc40dc
test/functional/api/v1/hosts_controller_test.rb
63 63
    assert_response :success
64 64
  end
65 65

  
66
  test "should not allow access to a host out of users hosts scope" do
67
    @request.session[:user] = users(:three).id
68
    get :show, { :id => hosts(:one).to_param }
69
    assert_response :not_found
70
  end
66 71
end