Now in assertion we can get instance of UserIdentity

StyleT · StyleT · commit 1d11c66d05a8 · 2015-09-05T20:47:01.000+03:00
diff --git a/dist/acl.js b/dist/acl.js
@@ -31,8 +31,8 @@ angular.module('stylet.acl', []);
  * privileges, respectively.
  *
  * @callback AclAssertion
- * @param {Object|string} role
- * @param {Object|string} resource
+ * @param {AclRoleInterface|string} role
+ * @param {AclResourceInterface|string} resource
  * @param {string} privilege
  */
 
@@ -71,6 +71,7 @@ angular.module('stylet.acl').service('AclService', ["AclRegistryService", functi
         byResourceId: {}
     };
     var _isAllowedResource = null;
+    var _isAllowedRole = null;
 
     /**
      * @returns {{AclRoleInterface|null}}
@@ -111,7 +112,7 @@ angular.module('stylet.acl').service('AclService', ["AclRegistryService", functi
      * @param {string} [privilege=null] privilege
      * @returns {boolean}
      */
-    this.can = function (resource /*null*/, privilege /*null*/) {
+    this.can = function (resource, privilege) {
         resource = typeof resource === 'undefined' ? null : resource;
         privilege = typeof privilege === 'undefined' ? null : privilege;
 
@@ -227,9 +228,11 @@ angular.module('stylet.acl').service('AclService', ["AclRegistryService", functi
         var result, ruleTypeAllPrivileges;
 
         // reset role & resource to null
+        _isAllowedRole = null;
         _isAllowedResource = null;
 
         if (role !== null) {
+            _isAllowedRole = role;
             role = self.getRole(role);
         }
         if (resource !== null) {
@@ -249,8 +252,6 @@ angular.module('stylet.acl').service('AclService', ["AclRegistryService", functi
                 var rules;
                 if ((rules = getRules(resource, null)) !== null) {
                     for (privilege in rules.byPrivilegeId) {
-                        var rule = rules.byPrivilegeId[privilege];
-
                         if (self.TYPE_DENY === getRuleType(resource, null, privilege)) {
                             return false;
                         }
@@ -959,7 +960,7 @@ angular.module('stylet.acl').service('AclService', ["AclRegistryService", functi
             var assertion = rule.assert;
             assertionValue = assertion.call(
                 self,
-                role,
+                _isAllowedRole === self.USER_IDENTITY_ROLE && self.getUserIdentity() !== null ? self.getUserIdentity() : role,
                 _isAllowedResource !== null ? _isAllowedResource : resource,
                 privilege
             );
diff --git a/src/acl-service.js b/src/acl-service.js
@@ -30,8 +30,8 @@
  * privileges, respectively.
  *
  * @callback AclAssertion
- * @param {Object|string} role
- * @param {Object|string} resource
+ * @param {AclRoleInterface|string} role
+ * @param {AclResourceInterface|string} resource
  * @param {string} privilege
  */
 
@@ -70,6 +70,7 @@ angular.module('stylet.acl').service('AclService', function (AclRegistryService)
         byResourceId: {}
     };
     var _isAllowedResource = null;
+    var _isAllowedRole = null;
 
     /**
      * @returns {{AclRoleInterface|null}}
@@ -110,7 +111,7 @@ angular.module('stylet.acl').service('AclService', function (AclRegistryService)
      * @param {string} [privilege=null] privilege
      * @returns {boolean}
      */
-    this.can = function (resource /*null*/, privilege /*null*/) {
+    this.can = function (resource, privilege) {
         resource = typeof resource === 'undefined' ? null : resource;
         privilege = typeof privilege === 'undefined' ? null : privilege;
 
@@ -226,9 +227,11 @@ angular.module('stylet.acl').service('AclService', function (AclRegistryService)
         var result, ruleTypeAllPrivileges;
 
         // reset role & resource to null
+        _isAllowedRole = null;
         _isAllowedResource = null;
 
         if (role !== null) {
+            _isAllowedRole = role;
             role = self.getRole(role);
         }
         if (resource !== null) {
@@ -956,7 +959,7 @@ angular.module('stylet.acl').service('AclService', function (AclRegistryService)
             var assertion = rule.assert;
             assertionValue = assertion.call(
                 self,
-                role,
+                _isAllowedRole === self.USER_IDENTITY_ROLE && self.getUserIdentity() !== null ? self.getUserIdentity() : role,
                 _isAllowedResource !== null ? _isAllowedResource : resource,
                 privilege
             );
diff --git a/test/acl-service.js b/test/acl-service.js
@@ -127,6 +127,36 @@ describe('ncAclService', function () {
 
     });
 
+    describe('can()', function () {
+
+        it('should work with user with multiple roles', function () {
+            AclService.addRole('User');
+            AclService.addRole('Manager');
+            AclService.addResource('Posts');
+            AclService.allow('Manager', 'Posts');
+
+            userIdentityStub.roles = ['User', 'Manager'];
+            AclService.setUserIdentity(userIdentityStub);
+
+            expect(AclService.can('Posts')).toBeTruthy();
+        });
+
+        it('should work with assertions', function () {
+            AclService.addRole('User');
+            AclService.addResource('Posts');
+            AclService.allow('User', 'Posts', null, function (role, resource, privilege) {
+                return role.name === 'Dezmond' && resource === 'Posts';
+            });
+
+            userIdentityStub.roles = ['User'];
+            userIdentityStub.name = 'Dezmond';
+            AclService.setUserIdentity(userIdentityStub);
+
+            expect(AclService.can('Posts')).toBeTruthy();
+        });
+
+    });
+
     describe('isAllowed()', function () {
 
         it('should work with role & resource inheritance', function () {
