fix correct node lookup when authorize object uses plugin userModel setting, fixes #2464

lib/Cake/Model/AclNode.php

@@ -120,11 +120,12 @@ class AclNode extends AppModel {
 				return false;
 			}
 		} elseif (is_object($ref) && is_a($ref, 'Model')) {
-			$ref = array('model' => $ref->alias, 'foreign_key' => $ref->id);
+			$ref = array('model' => $ref->name, 'foreign_key' => $ref->id);
 		} elseif (is_array($ref) && !(isset($ref['model']) && isset($ref['foreign_key']))) {
 			$name = key($ref);
+			list($plugin, $alias) = pluginSplit($name);
 
-			$model = ClassRegistry::init(array('class' => $name, 'alias' => $name));
+			$model = ClassRegistry::init(array('class' => $name, 'alias' => $alias));
 
 			if (empty($model)) {
 				trigger_error(__d('cake_dev', "Model class '%s' not found in AclNode::node() when trying to bind %s object", $type, $this->alias), E_USER_WARNING);
@@ -136,7 +137,7 @@ class AclNode extends AppModel {
 				$tmpRef = $model->bindNode($ref);
 			}
 			if (empty($tmpRef)) {
-				$ref = array('model' => $name, 'foreign_key' => $ref[$name][$model->primaryKey]);
+				$ref = array('model' => $alias, 'foreign_key' => $ref[$name][$model->primaryKey]);
 			} else {
 				if (is_string($tmpRef)) {
 					return $this->node($tmpRef);

lib/Cake/Test/Case/Controller/Component/Auth/ActionsAuthorizeTest.php

@@ -111,6 +111,36 @@ class ActionsAuthorizeTest extends CakeTestCase {
 	}
 
 /**
+ * testAuthorizeSettings
+ *
+ * @return void
+ */
+	public function testAuthorizeSettings() {
+		$request = new CakeRequest('/posts/index', false);
+		$request->addParams(array(
+			'plugin' => null,
+			'controller' => 'posts',
+			'action' => 'index'
+		));
+
+		$this->_mockAcl();
+
+		$this->auth->settings['userModel'] = 'TestPlugin.TestPluginAuthUser';
+		$user = array(
+			'id' => 1,
+			'user' => 'mariano'
+		);
+
+		$expected = array('TestPlugin.TestPluginAuthUser' => array('id' => 1, 'user' => 'mariano'));
+		$this->Acl->expects($this->once())
+			->method('check')
+			->with($expected, '/controllers/Posts/index')
+			->will($this->returnValue(true));
+
+		$this->assertTrue($this->auth->authorize($user, $request));
+	}
+
+/**
  * test action()
  *
  * @return void

lib/Cake/Test/Case/Model/DbAclTest.php

@@ -316,7 +316,8 @@ class AclNodeTest extends CakeTestCase {
 		$expected = array(4);
 		$this->assertEquals($expected, $result);
 	}
-	/**
+
+/**
  * testNodeObjectFind method
  *
  * @return void
@@ -359,4 +360,29 @@ class AclNodeTest extends CakeTestCase {
 		);
 		$this->assertEquals($expected, $result);
 	}
+
+/**
+ * testNodeActionAuthorize method
+ *
+ * @return void
+ */
+	public function testNodeActionAuthorize() {
+		App::build(array(
+			'plugins' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'Plugin' . DS)
+		), App::RESET);
+		CakePlugin::load('TestPlugin');
+
+		$Aro = new DbAroTest();
+		$Aro->create();
+		$Aro->save(array('model' => 'TestPluginAuthUser', 'foreign_key' => 1));
+		$result = $Aro->id;
+		$expected = 5;
+		$this->assertEquals($expected, $result);
+
+		$node = $Aro->node(array('TestPlugin.TestPluginAuthUser' => array('id' => 1, 'user' => 'mariano')));
+		$result = Set::extract($node, '0.DbAroTest.id');
+		$expected = $Aro->id;
+		$this->assertEquals($expected, $result);
+		CakePlugin::unload('TestPlugin');
+	}
 }