Change link_to_if_authorized to allow url paths. (Fixes #6195)

Both url paths (/issues/1234) and params hashes (:controller => 'issues')
are now supported by link_to_if_authorized.  The authorize_for method
requires a controller/action pair so urls need to be parsed against the
routes to find their controller/action.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4064 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 19dd654db9cf94f2372f0992b3ead136c1922334..0fb44a22bfeed3bc6f4f60050ed71d20a962913b 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -32,8 +32,27 @@ module ApplicationHelper
   end
 
   # Display a link if user is authorized
+  #
+  # @param [String] name Anchor text (passed to link_to)
+  # @param [Hash, String] options Hash params or url for the link target (passed to link_to).
+  #        This will checked by authorize_for to see if the user is authorized
+  # @param [optional, Hash] html_options Options passed to link_to
+  # @param [optional, Hash] parameters_for_method_reference Extra parameters for link_to
   def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference)
-    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
+    if options.is_a?(String)
+      begin
+        route = ActionController::Routing::Routes.recognize_path(options.gsub(/\?.*/,''), :method => options[:method] || :get)
+        link_controller = route[:controller]
+        link_action = route[:action]
+      rescue ActionController::RoutingError # Parse failed, not a route
+        link_controller, link_action = nil, nil
+      end
+    else
+      link_controller = options[:controller] || params[:controller]
+      link_action = options[:action]
+    end
+
+    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(link_controller, link_action)
   end
 
   # Display a link to remote if user is authorized

diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb
index 533311b1a00f3ab8d5793ad0333bb487031e72fb..1936a981b8625e1f19f2abe62a25d89e7b27dde5 100644 (file)
--- a/test/unit/helpers/application_helper_test.rb
+++ b/test/unit/helpers/application_helper_test.rb
@@ -30,6 +30,35 @@ class ApplicationHelperTest < ActionView::TestCase
   def setup
     super
   end
+
+  context "#link_to_if_authorized" do
+    context "authorized user" do
+      should "be tested"
+    end
+    
+    context "unauthorized user" do
+      should "be tested"
+    end
+    
+    should "allow using the :controller and :action for the target link" do
+      User.current = User.find_by_login('admin')
+
+      @project = Issue.first.project # Used by helper
+      response = link_to_if_authorized("By controller/action",
+                                       {:controller => 'issues', :action => 'edit', :id => Issue.first.id})
+      assert_match /href/, response
+    end
+    
+    should "allow using the url for the target link" do
+      User.current = User.find_by_login('admin')
+
+      @project = Issue.first.project # Used by helper
+      response = link_to_if_authorized("By url",
+                                       new_issue_move_path(:id => Issue.first.id))
+      assert_match /href/, response
+    end
+
+  end
   
   def test_auto_links
     to_test = {