From aab1c2bb3280125137eb74d1a46ceecccb0f2bef Mon Sep 17 00:00:00 2001
From: Tawan Sierek <tawan.sierek@gmail.com>
Date: Tue, 26 Nov 2013 11:54:50 +0100
Subject: [PATCH] Make overwritting of access filters optional.

In some cases it is convenient to combine access filters to
a certain action of a controller. This was not possible
since an access filter for the same action would overwrite
any access filter to this action which had been defined earlier.

Make this behavior optional but default to overwitting.
---
 .../in_controller.rb                          | 13 ++++++----
 test/controller_test.rb                       | 24 ++++++++++++++++++-
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/lib/declarative_authorization/in_controller.rb b/lib/declarative_authorization/in_controller.rb
index 3d954db9..1d6ad13b 100644
--- a/lib/declarative_authorization/in_controller.rb
+++ b/lib/declarative_authorization/in_controller.rb
@@ -281,7 +281,9 @@ module ClassMethods
       #   Example demonstrating the default behavior:
       #     filter_access_to :show, :attribute_check => true,
       #                      :load_method => lambda { User.find(params[:id]) }
-      # 
+      # [:+overwrite+]
+      #   Specifify if this filter will overwrite any access filter for the actions
+      #   they have in common. Defaults to +true+.
       
       def filter_access_to (*args, &filter_block)
         options = args.last.is_a?(Hash) ? args.pop : {}
@@ -290,7 +292,8 @@ def filter_access_to (*args, &filter_block)
           :context => nil,
           :attribute_check => false,
           :model => nil,
-          :load_method => nil
+          :load_method => nil,
+          :overwrite => true
         }.merge!(options)
         privilege = options[:require]
         context = options[:context]
@@ -300,8 +303,10 @@ def filter_access_to (*args, &filter_block)
         skip_before_filter :filter_access_filter
         before_filter :filter_access_filter
         
-        filter_access_permissions.each do |perm|
-          perm.remove_actions(actions)
+        if options[:overwrite]
+          filter_access_permissions.each do |perm|
+            perm.remove_actions(actions)
+          end
         end
         filter_access_permissions << 
           ControllerPermission.new(actions, privilege, context,
diff --git a/test/controller_test.rb b/test/controller_test.rb
index 3cbe678c..9414f685 100644
--- a/test/controller_test.rb
+++ b/test/controller_test.rb
@@ -334,7 +334,9 @@ class AccessOverwritesController < MocksController
   filter_access_to :test_action, :test_action_2, 
     :require => :test, :context => :permissions_2
   filter_access_to :test_action, :require => :test, :context => :permissions
-  define_action_methods :test_action, :test_action_2
+  filter_access_to :test_action_3, :require => :test_2, :context => :permissions
+  filter_access_to :test_action_3, :require => :test, :context => :permissions, :overwrite => false
+  define_action_methods :test_action, :test_action_2, :test_action_3
 end
 class AccessOverwritesControllerTest < ActionController::TestCase
   def test_filter_access_overwrite
@@ -352,6 +354,26 @@ def test_filter_access_overwrite
     request!(MockUser.new(:test_role), "test_action", reader)
     assert @controller.authorized?
   end
+
+  def test_filter_access_overwrite_disabled
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :permissions, :to => :test
+        end
+
+        role :test_role_2 do
+          has_permission_on :permissions, :to => [ :test, :test_2 ]
+        end
+      end
+    }
+    request!(MockUser.new(:test_role), "test_action_3", reader)
+    assert !@controller.authorized?
+
+    request!(MockUser.new(:test_role_2), "test_action_3", reader)
+    assert @controller.authorized?
+  end
 end