Skip to content

Instantly share code, notes, and snippets.

@steveklabnik

steveklabnik/privacy_filter.rb

Created December 12, 2011 04:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save steveklabnik/1464751 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save steveklabnik/1464751 to your computer and use it in GitHub Desktop.
Download ZIP
A spec for a filter
Raw
privacy_filter.rb
class PrivacyFilter
def self.filter(controller)
[:first_article?,
:authenticate_administrator!,
:authenticate_user!
].find do |m|
controller.send(m)
end
end
end
Raw
privacy_filter_spec.rb
require "app/models/privacy_filter"
describe PrivacyFilter do
let(:controller) do
double(:first_article? => false,
:authenticate_administrator! => false,
:authenticate_user! => false)
end
it "allows access to the root article" do
controller.should_receive(:first_article?).and_return(true)
PrivacyFilter.filter(controller).should be_true
end
it "allows access for administrators" do
controller.should_receive(:authenticate_administrator!).and_return(true)
PrivacyFilter.filter(controller).should be_true
end
it "allows access to users" do
controller.should_receive(:authenticate_user!).and_return(true)
PrivacyFilter.filter(controller).should be_true
end
it "denies all others" do
PrivacyFilter.filter(controller).should be_false
end
end
@dkubb
Copy link

dkubb commented Dec 12, 2011

Hmm, now that I see this here it might be overkill ;) All well, just another pov to consider.

@svenfuchs
Copy link

svenfuchs commented Dec 12, 2011

... what dkubb said :)

@steveklabnik
Copy link
Author

steveklabnik commented Dec 12, 2011

@dkubb I wouldn't even make it a singleton, if the Rails API wasn't that self.filter is how this stuff gets called. I ended up moving the first_article? method into the controller, so that I just straight-up delegate, which seems to be the right way to do it.

@dennyabraham
Copy link

dennyabraham commented Dec 12, 2011

do the !bang methods raise errors?

also, is it completely unacceptable to use a one liner? there's not a lot of inherent complexity to what this filter does right now, so is there a great need to add cognitive complexity to the code?

@steveklabnik
Copy link
Author

steveklabnik commented Dec 12, 2011

@dennyabraham I don't think so. They're just standard Devise stuff. I think the bang is because they can redirect.

I'm torn between what's more readable, a one liner, or this.

@steveklabnik
Copy link
Author

steveklabnik commented Dec 12, 2011

Now that I'm thinking about it, that might mean that this won't even work, as a user will hit the admin filter, which will redirect to admin login...

I should really be using CanCan for this, I guess.

@garybernhardt
Copy link

garybernhardt commented Dec 17, 2011

Late to the party, but I really want this to be AccessPolicy.has_access?(user, article). (Raptor will let you write exactly this and specify it directly in a route... some day. garybernhardt/raptor@3e1b48e ;)

@steveklabnik
Copy link
Author

steveklabnik commented Dec 17, 2011

Yeah, that seems like the right API. Rails makes it awkward.

For the app, I just ended up using cancan, which is the Right Way anywaay...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment