From 0f34f15df8d3ad12aaac55469722d05a03c9219e Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Wed, 7 Dec 2022 16:34:24 -0500 Subject: [PATCH] Allow subclasses to match on superclass subject if Bicycle < Vehicle, and you have a policy `can :read, Vehicle`, then already `can?(:read, Vehicle.new)` and `can?(:read, Bicycle.new)` are both true. `can?(:read, Vehicle)` is also true. I believe `can?(:read, Bicycle)` should also be true, it should respect the subclass. Bicycle is a kind of Vehicle, so if they have been granted permission to read all Vehicles, that applies to all Bicycles too. Closes #55, see more there. --- lib/access-granted/permission.rb | 4 +++- spec/permission_spec.rb | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/access-granted/permission.rb b/lib/access-granted/permission.rb index a1f909b..745d436 100644 --- a/lib/access-granted/permission.rb +++ b/lib/access-granted/permission.rb @@ -17,7 +17,9 @@ def matches_action?(action) end def matches_subject?(subject) - subject == @subject || subject.class <= @subject + subject == @subject || + (subject.is_a?(Class) && @subject.is_a?(Class) && subject <= @subject) || + subject.class <= @subject end def matches_conditions?(subject) diff --git a/spec/permission_spec.rb b/spec/permission_spec.rb index fe744e6..ab6a070 100644 --- a/spec/permission_spec.rb +++ b/spec/permission_spec.rb @@ -49,6 +49,11 @@ expect(perm.matches_subject? String).to eq(true) end + it "matches if superclass of class object is equal to subject" do + perm = subject.new(true, :read, Exception) + expect(perm.matches_subject? StandardError).to eq(true) + end + it "matches if class is equal to subject" do perm = subject.new(true, :read, String) expect(perm.matches_subject? "test").to eq(true)