Skip to content
This repository has been archived by the owner on Jul 8, 2020. It is now read-only.

add test and fix for anyone functionality #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dylancwood
Copy link

Thanks for making this useful repo available!

Background

When assigning permissions to models, it is possible to use .anyone instead of assigning permissions to a specific (type of) user. Example:

var Post = backbone.Model.extend();
Post.authorize.anyone.to.read.when(function(user) {
  //return true if the user is friends with the author
  return user.get(friends).indexOf(this.author) >= 0;
}

This works very well when multiple user-types get limited access to a resource based on the same criteria.

Problem

When anyone is used in the authorization chain, then no rules are ever matched for any users. Here is a screenshot of the results from a test that I added to test/integration/can.js
screen shot 2015-04-15 at 5 54 41 pm

Cause

resolver.js filters out roles that do not have the same user as the current user.

Solution

allow rules to be matched if the rule's user is the same as the current user, or if it not truthy.

Discussion

I've also added a couple of tests to illustrate the problem and solution.

@bendrucker
Copy link
Member

PR is much appreciated. This lib could definitely use some love and a 1.0. Will look at getting this merged this week and then touching up everything else as well.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants