lib/hobo/permissions.rb in hobo-0.8.4 vs lib/hobo/permissions.rb in hobo-0.8.5

@@ -5,20 +5,16 @@
     def self.enable
       Hobo::Permissions::Associations.enable
     end
     
     def self.included(klass)
-      klass.extend ClassMethods
-      
-      create_with_callbacks  = find_aliased_name klass, :create_with_callbacks
-      update_with_callbacks  = find_aliased_name klass, :update_with_callbacks
-      destroy_with_callbacks = find_aliased_name klass, :destroy_with_callbacks
-      
       klass.class_eval do
-        alias_method create_with_callbacks,  :create_with_callbacks_with_hobo_permission_check
-        alias_method update_with_callbacks,  :update_with_callbacks_with_hobo_permission_check
-        alias_method destroy_with_callbacks, :destroy_with_callbacks_with_hobo_permission_check
+        extend ClassMethods
+        
+        alias_method_chain :create, :hobo_permission_check
+        alias_method_chain :update, :hobo_permission_check
+        alias_method_chain :destroy, :hobo_permission_check
 
         attr_accessor :acting_user, :origin, :origin_attribute
 
         bool_attr_accessor :exempt_from_edit_checks
         
@@ -89,44 +85,30 @@
     def permission_check_required?
       # Lifecycle steps are exempt from permission checks
       acting_user && !(self.class.has_lifecycle? && lifecycle.active_step)
     end
         
-    def create_with_callbacks_with_hobo_permission_check(*args)
-      return false if callback(:before_create) == false
-      
+    def create_with_hobo_permission_check(*args, &b)
       if permission_check_required?
         create_permitted? or raise PermissionDeniedError, "#{self.class.name}#create"
       end
-      
-      result = create_without_callbacks
-      callback(:after_create)
-      result
+      create_without_hobo_permission_check(*args, &b)
     end
 
-    def update_with_callbacks_with_hobo_permission_check(*args)
-      return false if callback(:before_update) == false
-      
+    def update_with_hobo_permission_check(*args)
       if permission_check_required?
         update_permitted? or raise PermissionDeniedError, "#{self.class.name}#update"
       end
-      
-      result = update_without_callbacks(*args)
-      callback(:after_update)
-      result
+      update_without_hobo_permission_check(*args)
     end
 
-    def destroy_with_callbacks_with_hobo_permission_check
-      return false if callback(:before_destroy) == false
-      
+    def destroy_with_hobo_permission_check
       if permission_check_required?
         destroy_permitted? or raise PermissionDeniedError, "#{self.class.name}#.destroy"
       end
       
-      result = destroy_without_callbacks
-      callback(:after_destroy)
-      result
+      destroy_without_hobo_permission_check
     end
     
     # -------------------------------------- #
     
 
@@ -182,12 +164,12 @@
     def destroyable_by?(user)
       with_acting_user(user) { destroy_permitted? }
     end
     
     def method_callable_by?(user, method)
-      permission_method = "#{method}_call_permitted?"
-      respond_to?(permission_method) && with_acting_user(current_user) { send(permission_method) }
+      permission_method = "#{method}_permitted?"
+      respond_to?(permission_method) && with_acting_user(user) { send(permission_method) }
     end
     
     def viewable_by?(user, attribute=nil)
       if attribute
         attribute = attribute.to_s.sub(/\?$/, '').to_sym
@@ -335,24 +317,34 @@
     # Allow viewing by default
     def view_permitted?(attribute) true end
       
     # By default, attempt to derive edit permission from create/update permission
     def edit_permitted?(attribute)
-      Hobo::Permissions.unknownify_attribute(self, attribute) if attribute
+      if attribute
+        with_attribute_or_belongs_to_keys(attribute) do |attr, ftype|
+          unknownify_attribute(self, attr)
+          unknownify_attribute(self, ftype) if ftype
+        end
+      end
       new_record? ? create_permitted? : update_permitted?
     rescue Hobo::UndefinedAccessError
       # The permission is dependent on the unknown value
       # so this attribute is not editable
       false
     ensure
-      Hobo::Permissions.deunknownify_attribute(self, attribute) if attribute
+      if attribute
+        with_attribute_or_belongs_to_keys(attribute) do |attr, ftype|
+          deunknownify_attribute(self, attr)
+          deunknownify_attribute(self, ftype) if ftype
+        end
+      end
     end
   
   
     # Add some singleton methods to +record+ so give the effect that +attribute+ is unknown. That is,
     # attempts to access the attribute will result in a Hobo::UndefinedAccessError
-    def self.unknownify_attribute(record, attr)
+    def unknownify_attribute(record, attr)
       record.metaclass.class_eval do
         
         define_method attr do
           raise Hobo::UndefinedAccessError
         end
@@ -384,10 +376,10 @@
       end
       
     end
     
     # Best. Name. Ever
-    def self.deunknownify_attribute(record, attr)
+    def deunknownify_attribute(record, attr)
       [attr, "#{attr}_change", "#{attr}_was", "#{attr}_changed?", :changed?, :changed, :changes].each do |m|
         record.metaclass.send :remove_method, m.to_sym
       end
     end
   end