[Bps-public-commit] jifty-plugin-recordhistory branch, master, updated. 0.03-4-g4859986

Shawn Moore sartak at bestpractical.com
Fri Feb 18 17:30:20 EST 2011

The branch, master has been updated
       via  4859986b56cfa6603d6d0443cbfe7988c23ec66d (commit)
      from  b4025a281f9eb30713e18ecc87c8de651c1e11f9 (commit)

Summary of changes:
 lib/Jifty/Plugin/RecordHistory.pm              |   11 +++++++++++
 lib/Jifty/Plugin/RecordHistory/Model/Change.pm |    6 ++++++
 2 files changed, 17 insertions(+), 0 deletions(-)

- Log -----------------------------------------------------------------
commit 4859986b56cfa6603d6d0443cbfe7988c23ec66d
Author: Shawn M Moore <sartak at bestpractical.com>
Date:   Fri Feb 18 17:30:04 2011 -0500

    Implement and document current_user_can_for_change
    Don't love the name, but eh.

diff --git a/lib/Jifty/Plugin/RecordHistory.pm b/lib/Jifty/Plugin/RecordHistory.pm
index 3b0e16a..4307e9f 100644
--- a/lib/Jifty/Plugin/RecordHistory.pm
+++ b/lib/Jifty/Plugin/RecordHistory.pm
@@ -81,6 +81,17 @@ Alternatively, if you want to extend the default templates, you can subclass
 L<Jifty::Plugin::RecordHistory::View> in the same way as
+=head2 Access control
+By default, we delegate
+L<Jifty::Plugin::RecordHistory::Model::Change/current_user_can> and
+L<Jifty::Plugin::RecordHistory::Model::ChangeField/current_user_can> to the
+record class. The logic is if you can read the record, you can read its changes
+and its change fields. If you can change the record you can create, update, and
+delete changes and their change fields. If you want more fine-grained control
+over this, you can implement a C<current_user_can_for_change> method in your
+record class which, if present, we will use instead of this logic.
 =head1 SEE ALSO
diff --git a/lib/Jifty/Plugin/RecordHistory/Model/Change.pm b/lib/Jifty/Plugin/RecordHistory/Model/Change.pm
index 9d4647e..a17b5a1 100644
--- a/lib/Jifty/Plugin/RecordHistory/Model/Change.pm
+++ b/lib/Jifty/Plugin/RecordHistory/Model/Change.pm
@@ -76,6 +76,12 @@ sub delegate_current_user_can {
     my $right = shift;
     my %args  = @_;
+    my $record = $self->__record(%args);
+    if ($record->can('current_user_can_for_change')) {
+        return $record->current_user_can_for_change($right, %args, change => $self);
+    }
     $right = 'update' if $right ne 'read';
     return $self->__record(%args)->current_user_can($right);


More information about the Bps-public-commit mailing list