[PATCH] Bug fixes and additions to scoped_access

I found that scoped_access does not re-evaluate the filters on every
run. If you are filtering access based on parameters, this can be bad.
The scope is set on the first request and then further requests use the
last generated scoping.

The initial part of ScopedAccess::Filter#before looks like this:

@scoping = controller.instance_eval(@scoping.to_s) if
@scoping.is_a?(Symbol)

This makes @scoping not a symbol on the first run and @scoping will
never be evaluated again. This would fail in code which looks like this:

For example:
def silo_filter(klass)
filter = ScopedAccess::ClassScoping.new klass, :silo_id => @silo.id
end

where, @silo is set in a before_filter.

I’ve also added in some code to check if the passed in scoping is a
method. If it is, the method is called with the class as a parameter.
This allows for more DRY code.

I’m new here and do not know if this is the right place to post patches.
Please let me know if it is not.

The patch follows:

— old-vendor/plugins/scoped_access/lib/scoped_access.rb
2006-06-27 19:00:26.755869000 -0700
+++ vendor/plugins/scoped_access/lib/scoped_access.rb 2006-06-27
18:33:57.297418000 -0700
@@ -114,12 +114,20 @@
end

 def before (controller)
  •  @scoping  = controller.instance_eval(@scoping.to_s) if 
    

@scoping.is_a?(Symbol)

  •  constrain = self.class.generate_constrain(@klass, @scoping, 
    

:table_name =>@klass.table_name)

  •  if @scoping.is_a? Symbol
    
  •   meth = controller.method @scoping
    
  •   if meth.arity.zero?
    
  •     scope = controller.instance_eval(@scoping.to_s)
    
  •   else
    
  •     scope = controller.instance_eval("#{@scoping}(#{@klass})")
    
  •   end
    
  •  end
    
  •  constrain = self.class.generate_constrain(@klass, scope, 
    

:table_name =>@klass.table_name)
@klass.logger.debug(“ScopedAccessFilter#before (called from
%s):\n\t[%s] scope becomes %s” %
[controller.class, @klass,
constrain.inspect])
@klass.instance_eval do

Cheers,
Nikhil.

On 28-jun-2006, at 4:42, Nikhil Kasinadhuni wrote:

I’ve also added in some code to check if the passed in scoping is a
method. If it is, the method is called with the class as a parameter.
This allows for more DRY code.

Be aware that after_filters are NOT guaranteed to fire, so use scoped
access with caution (you might get an enormous stack of scoped
conditions a couple of days after you started your app server).

Julian ‘Julik’ Tarkhanov
please send all personal mail to
me at julik.nl

On Jun 27, 2006, at 7:42 PM, Nikhil Kasinadhuni wrote:

I found that scoped_access does not re-evaluate the filters on every
run. If you are filtering access based on parameters, this can be bad.
The scope is set on the first request and then further requests use
the
last generated scoping.

   @klass.instance_eval do

Cheers,
Nikhil.

Hey Nikhil-

You should post your patch to the rails track ticket system. Make

sure to include a description of what the patch does and why its
needed. Also it has a way better chance of being accepted and applied
if you include a few test cases that cover the patch.

http://dev.rubyonrails.org/newticket

Cheers-
-Ezra

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs