lib/cuba_api/guard.rb in cuba-api-0.6.0 vs lib/cuba_api/guard.rb in cuba-api-0.6.1
- old
+ new
@@ -47,31 +47,34 @@
def current_groups
current_user.groups
end
def allowed_associations
- guard.associations( @_context, @_method )
+ guard.associations( guard_context, @_method )
end
def on_context( name, &block )
perm = guard.permissions( name )
if perm && perm.parent &&
- perm.parent.resource != @_context
+ perm.parent.resource != guard_context
raise 'parent resource is not guarded'
end
on name do
- old = @_context
- @_context = name
- yield( *captures )
- @_context = old
+ begin
+ old = guard_context
+ guard_context( name )
+ yield( *captures )
+ ensure
+ guard_context( old )
+ end
end
end
def on_association
on :association do |association|
# TODO one method in guard
- asso = guard.permissions( @_context ).associations
+ asso = guard.permissions( guard_context ).associations
if asso.empty? or asso.include?( association )
yield( association )
else
no_body :forbidden
end
@@ -82,21 +85,29 @@
args.insert( 0, send( method ) )
on *args do
@_method = method
- warn "[CubaApi::Guard] check #{method.to_s.upcase} #{@_context}: #{guard.allow?( @_context, method )}"
+ warn "[CubaApi::Guard] check #{method.to_s.upcase} #{guard_context}: #{guard.allow?( guard_context, method )}"
# TODO guard needs no association here
- if guard.allow?( @_context, method, (allowed_associations || []).first )
+ if guard.allow?( guard_context, method, (allowed_associations || []).first )
yield( *captures )
else
no_body :forbidden # 403
end
end
end
private
+
+ def guard_context( ctx = nil )
+ if ctx
+ @_conetxt = (req.env[ 'guard_context' ] = ctx)
+ else
+ @_context ||= req.env[ 'guard_context' ]
+ end
+ end
def guard
self.class.guard.call( current_groups )
end