cbac.rb in cbac-0.7.0

- old
+ new

@@ -45,18 +45,22 @@
       # TODO following code is not yet tested
       def check_privilege_set(privilege_set, context = {})
         check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
       end
 
+      def permitted_for_generic_role?(privilege_set, context)
+        Cbac::GenericRole.joins(:generic_role_members, :permissions).exists?(
+          'cbac_memberships.user_id'  => current_user(context),
+          'cbac_permissions.privilege_set_id' => privilege_set.id
+        )
+      end
+
       # Check the given privilege_sets
       def check_privilege_sets(privilege_sets, context = {})
         # Check the generic roles
         return true if privilege_sets.any? { |set|
-          Cbac::GenericRole.joins(:generic_role_members, :permissions).exists?(
-            'cbac_memberships.user_id'  => current_user,
-            'cbac_permissions.privilege_set_id' => set.id
-          )
+          permitted_for_generic_role?(set, context)
         }
 
         # Check the context roles Get the permissions
         privilege_sets.collect do |privilege_set|
           Cbac::Permission.where(privilege_set_id: privilege_set.id, generic_role_id: 0)
@@ -87,11 +91,15 @@
       def unauthorized
         render :text => "You are not authorized to perform this action", :status => 401
       end
 
       # Default implementation of the current_user method
-      def current_user_id
-        session[:currentuser].to_i
+      def current_user_id(context = {})
+        context[:cbac_user].to_i
+      end
+
+      def current_user(context = {})
+        current_user_id(context)
       end
 
       # Load controller classes and methods
       def load_controller_methods
         begin