RubyGems - admin_data - Versions diffs - 1.0.2 → 1.0.3 - Mend

admin_data 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

data/History.txt CHANGED Viewed

@@ -1,3 +1,13 @@
+=== 2010-08-17 v1.0.3
+* added more tests
+* fixed a bug related to :is_allowed_to_view_klass
+=== 2010-08-16
+* released as a gem
+* version 1.0.2
+* only works with rails3
 === 2010-04-14
 * JavaScript code refactoring

data/app/controllers/admin_data/base_controller.rb CHANGED Viewed

@@ -8,10 +8,9 @@ class AdminData::BaseController < ApplicationController
   include AdminData::Chelper
-  before_filter :rails3_hack, :build_klasses, :build_drop_down_for_klasses, :check_page_parameter, :prepare_drop_down_klasses
+  before_filter :build_klasses, :build_drop_down_for_klasses, :check_page_parameter, :prepare_drop_down_klasses
-  attr_reader :klass
-  attr_reader :model
+  attr_reader :klass, :model
   private
@@ -24,8 +23,8 @@ class AdminData::BaseController < ApplicationController
     render :text => '<h2>not authorized</h2>', :status => :unauthorized unless admin_data_is_allowed_to_view?
   end
-  def ensure_is_allowed_to_view_model
-    render :text => 'not authorized', :status => :unauthorized unless admin_data_is_allowed_to_view_model?
+  def ensure_is_allowed_to_view_klass
+    render :text => 'not authorized', :status => :unauthorized unless admin_data_is_allowed_to_view_klass?
   end
   def ensure_is_allowed_to_update
@@ -58,20 +57,18 @@ class AdminData::BaseController < ApplicationController
       model_names = Dir.chdir(model_dir) { Dir["**/*.rb"] }
       klasses = get_klass_names(model_names)
       filtered_klasses = remove_klasses_without_table(klasses).sort_by {|r| r.name.underscore}
-      klasses_with_security_clearance = filtered_klasses.select do |klass_local|
+      klasses_with_security_clearance = filtered_klasses.compact.select do |klass_local|
         @klass = klass_local
-        admin_data_is_allowed_to_view_model?
+        admin_data_is_allowed_to_view_klass?
       end
       #TODO remove global constant. it is not thread safe
       $admin_data_klasses = klasses_with_security_clearance
-      puts $admin_data_klasses.inspect
     end
     @klasses = $admin_data_klasses
   end
   def remove_klasses_without_table(klasses)
-    klasses.select { |k| k.ancestors.include?(ActiveRecord::Base) &&
-    k.connection.table_exists?(k.table_name) }
+    klasses.select { |k| k.ancestors.include?(ActiveRecord::Base) && k.connection.table_exists?(k.table_name) }
   end
   def get_klass_names(model_names)
@@ -98,7 +95,8 @@ class AdminData::BaseController < ApplicationController
   end
   def check_page_parameter
-    # Got hoptoad error because of url like http://localhost:3000/admin_data/User/advance_search?page=http://201.134.249.164/intranet/on.txt?
+    # Got hoptoad error because of url like
+    # http://localhost:3000/admin_data/User/advance_search?page=http://201.134.249.164/intranet/on.txt?
     if params[:page].blank? || (params[:page] =~ /\A\d+\z/)
       # proceed
     else
@@ -106,9 +104,4 @@ class AdminData::BaseController < ApplicationController
     end
   end
-  def rails3_hack
-    #require_dependency File.join(Rails.root, 'vendor', 'plugins', 'admin_data', 'lib', 'admin_data', 'settings.rb')
-    #AdminData::Config.initialize_defaults
-  end
 end

data/app/controllers/admin_data/feed_controller.rb CHANGED Viewed

@@ -5,7 +5,7 @@ class AdminData::FeedController < AdminData::BaseController
   before_filter :ensure_is_allowed_to_view_feed
   def index
-    render :text => "usage: http://localhost:3000/admin_data/feed/user" and return if params[:klasss].blank?
+    render :text => "Usage: http://localhost:3000/admin_data/feed/<model name>" and return if params[:klasss].blank?
     begin
       @klass = AdminData::Util.camelize_constantize(params[:klasss])

data/app/controllers/admin_data/main_controller.rb CHANGED Viewed

@@ -8,7 +8,7 @@ class AdminData::MainController  < AdminData::BaseController
   before_filter :get_model_and_verify_it, :only => [:destroy, :del, :edit, :update, :show]
-  before_filter :ensure_is_allowed_to_view_model, :except => [:all_models, :index]
+  before_filter :ensure_is_allowed_to_view_klass, :except => [:all_models, :index]
   before_filter :ensure_is_allowed_to_update, :only => [:destroy, :del, :edit, :update, :create]
@@ -110,13 +110,9 @@ class AdminData::MainController  < AdminData::BaseController
     conditional_id = params[:id] =~ /^(\d+)-.*/ ? params[:id].to_i : params[:id]
     condition = {primary_key => conditional_id}
-    # http://neerajdotname.github.com/admin_data/#override_find_condition
-    find_conditions_proc = AdminData::Config.setting[:find_conditions] ?  AdminData::Config.setting[:find_conditions][@klass.name] : nil
-    if find_conditions_proc && find_conditions = find_conditions_proc.call(params)
-      if find_conditions.has_key?(:conditions)
-        condition = find_conditions.fetch(:conditions)
-      end
+    _proc = AdminData::Config.setting[:find_conditions] ?  AdminData::Config.setting[:find_conditions][@klass.name] : nil
+    if _proc && find_conditions = _proc.call(params)
+      condition = find_conditions.fetch(:conditions) if find_conditions.has_key?(:conditions)
     end
     @model = @klass.send('find', :first, :conditions => condition)

data/app/controllers/admin_data/search_controller.rb CHANGED Viewed

@@ -8,7 +8,7 @@ class AdminData::SearchController  < AdminData::BaseController
   before_filter :get_class_from_params
   before_filter :ensure_is_allowed_to_view
-  before_filter :ensure_is_allowed_to_view_model
+  before_filter :ensure_is_allowed_to_view_klass
   before_filter :ensure_valid_children_klass, :only => [:quick_search]
   before_filter :ensure_is_authorized_for_update_opration, :only => [:advance_search]
   before_filter :set_collection_of_columns, :only => [:advance_search]

data/app/views/admin_data/main/new.html.erb CHANGED Viewed

@@ -13,7 +13,9 @@
     <div class="content rounded">
       <div class="inner umbrella">
         <h1>Create a new record</h1>
-        <%= form_for @model, :as => @klass.name.underscore.to_sym, :url  => admin_data_on_k_index_path(:klass => @klass.name), :html => {:class => 'form', :method => :post} do |f| %>
+        <%= form_for @model,  :as => @klass.name.underscore.to_sym,
+                              :url  => admin_data_on_k_index_path(:klass => @klass.name),
+                              :html => {:class => 'form', :method => :post} do |f| %>
           <%= render 'admin_data/shared/flash_message', :model => @model %>
           <%= render 'admin_data/main/misc/form', :klass => @klass, :f => f %>
         <% end %>

data/app/views/admin_data/search/search/_errors.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <div>
-   <% errors.each do |error| %>
-      <p class='error'><%= error %></p>
-   <% end %>
+  <% errors.each do |error| %>
+    <p class='error'><%= error %></p>
+  <% end %>
 </div>

data/app/views/admin_data/search/search/_listing.html.erb CHANGED Viewed

@@ -37,4 +37,3 @@
 </div>
 <div class='clear'></div>

data/lib/admin_data/chelper.rb CHANGED Viewed

@@ -9,9 +9,9 @@ module AdminData::Chelper
     AdminData::Config.setting[:is_allowed_to_view].call(self)
   end
-  def admin_data_is_allowed_to_view_model?
+  def admin_data_is_allowed_to_view_klass?
     return true if Rails.env.development?
-    AdminData::Config.setting[:is_allowed_to_view_model].call(self)
+    AdminData::Config.setting[:is_allowed_to_view_klass].call(self)
   end
   def admin_data_is_allowed_to_update?

data/lib/admin_data/railtie.rb CHANGED Viewed

@@ -14,8 +14,7 @@ module AdminData
     end
     rake_tasks do
-      load 'tasks/admin_data_tasks.rake'
-      load 'tasks/validate_models_bg.rake'
+      #
     end
   end
-end
+end

data/lib/admin_data/settings.rb CHANGED Viewed

@@ -12,7 +12,7 @@ class AdminData::Config
     is_allowed_to_view_feed
     feed_authentication_user_id
     feed_authentication_password
-    is_allowed_to_view_model
+    is_allowed_to_view_klass
     is_allowed_to_update
     is_allowed_to_update_model
     column_settings
@@ -49,7 +49,7 @@ class AdminData::Config
       :is_allowed_to_update         => lambda {|controller| return true if Rails.env.development? },
-      :is_allowed_to_view_model     => lambda {|controller| return true  },
+      :is_allowed_to_view_klass     => lambda {|controller| return true  },
       :is_allowed_to_update_model   => lambda {|controller| return true  },

data/lib/admin_data/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AdminData
-  VERSION = '1.0.2'
+  VERSION = '1.0.3'
 end

data/lib/admin_data.rb CHANGED Viewed

@@ -23,7 +23,9 @@ else
   raise "Please see documentation at http://neerajdotname.github.com/admin_data to find out how to use this plugin with rails 2.3"
 end
+# move date_validation to inside admin_data
 require 'admin_data_date_validation'
 require 'admin_data/helpers'
 require 'admin_data/chelper'
 require 'admin_data/compatibility'

data/test/functional/main_controller_authorization_test.rb ADDED Viewed

@@ -0,0 +1,96 @@
+require 'test_helper'
+pwd = File.dirname(__FILE__)
+f = File.join(pwd, '..', '..', 'app', 'views')
+AdminData::MainController.prepend_view_path(f)
+class AdminData::MainControllerAuthorizationTest < ActionController::TestCase
+  def setup
+    @controller = AdminData::MainController.new
+    @request = ActionController::TestRequest.new
+    @response = ActionController::TestResponse.new
+    @article = Factory(:article)
+    @car = Factory(:car, :year => 2000, :brand => 'bmw')
+    grant_read_only_access
+    grant_update_access
+  end
+  context 'is not allowed to view' do
+    setup do
+      revoke_read_only_access
+      get :table_structure, {:klass => Article.name.underscore}
+    end
+    should_respond_with(401)
+    should 'have text index' do
+      assert_tag(:content => 'not authorized')
+    end
+  end
+  context 'is allowed to view klass' do
+    context 'negative case' do
+      setup do
+        AdminData::Config.set = {
+          :is_allowed_to_view_klass => lambda {|controller| controller.instance_variable_get('@klass').name != 'Article' }
+        }
+        get :show, {:id => @article.id, :klass => Article.name.underscore }
+      end
+      should_respond_with(401)
+      should 'have text index' do
+        assert_tag(:content => 'not authorized')
+      end
+    end
+    context 'positive case' do
+      setup do
+        AdminData::Config.set = {
+          :is_allowed_to_view_klass => lambda {|controller| controller.instance_variable_get('@klass').name == 'Article' }
+        }
+        get :show, {:id => @article.id, :klass => Article.name.underscore }
+      end
+      should_respond_with :success
+    end
+  end
+  context 'is allowed to update' do
+    context 'for edit' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        get :edit, {:id => @article.id, :klass => @article.class.name, :attr => 'title', :data => 'Hello World' }
+      end
+      should_respond_with(401)
+    end
+    context 'for destroy' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        delete :destroy, {:id => @article.id, :klass => @article.class.name.underscore}
+      end
+      should_respond_with(401)
+    end
+    context 'for delete' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        delete :del, {:id => @article.id, :klass => @article.class.name.underscore }
+      end
+      should_respond_with(401)
+    end
+    context 'for update' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        post :update, { :klass => Article.name.underscore, :id => @article, :article => {:title => 'new title'}}
+      end
+      should_respond_with(401)
+    end
+    context 'for create' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        post :create, { :klass => Article.name.underscore, 'article' => {:title => 'hello', :body => 'hello world'}}
+      end
+      should_respond_with(401)
+    end
+  end
+end

data/test/functional/main_controller_test.rb CHANGED Viewed

@@ -16,8 +16,6 @@ class AdminData::MainControllerTest < ActionController::TestCase
     grant_update_access
   end
-  #TODO write tests for all before filters
   context 'get table_structure' do
     setup do
       get :table_structure, {:klass => Article.name.underscore}

data/test/rails_root/db/test.sqlite3 ADDED Viewed

Binary file