challah 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG.md CHANGED
@@ -1,4 +1,8 @@
1
- ## Challah 0.4.0 (Unreleased)
1
+ ## Challah 0.4.1
2
+
3
+ * Added User#protect_attributes to allow for the addition of app-specific protected attributes in User
4
+
5
+ ## Challah 0.4.0
2
6
 
3
7
  * Enabled api key access. Passing ?key=xxxx into any URL will authenticate a user for a single page load. This option is turned off by default in new apps and can be enabled using `Challah.options[:api_key_enabled]`.
4
8
  * Updated tests for API key access
@@ -6,9 +6,9 @@ module Challah
6
6
  extend ClassMethods
7
7
  end
8
8
 
9
- const_set(:PROTECTED_ATTRIBUTES, %w(api_key created_by crypted_password failed_login_count id last_login_at login_count permissions permissions_attributes permission_users permission_users_attributes persistence_token role_id updated_by))
10
-
11
9
  class_eval do
10
+ cattr_accessor :protected_attributes
11
+
12
12
  validates_presence_of :first_name, :last_name, :email, :role_id, :username
13
13
  validates_uniqueness_of :email, :username
14
14
  validate :validate_new_password
@@ -23,8 +23,9 @@ module Challah
23
23
  scope :inactive, where(:active => false).order('users.first_name, users.last_name')
24
24
  scope :with_role, lambda { |role| where([ "users.role_id = ?", role ]) }
25
25
  scope :search, lambda { |q| where([ 'users.first_name like ? OR users.last_name like ? OR users.email like ? OR users.username LIKE ?', "%#{q}%", "%#{q}%", "%#{q}%", "%#{q}%" ]) }
26
-
27
26
  after_save :save_permission_keys
27
+
28
+ protect_attributes :api_key, :created_by, :crypted_password, :failed_login_count, :id, :last_login_at, :login_count, :permissions, :permissions_attributes, :permission_users, :permission_users_attributes, :persistence_token, :role_id, :updated_by
28
29
  end
29
30
  end
30
31
 
@@ -46,6 +47,11 @@ module Challah
46
47
 
47
48
  result
48
49
  end
50
+
51
+ def protect_attributes(*args)
52
+ self.protected_attributes ||= []
53
+ self.protected_attributes << args.collect(&:to_s)
54
+ end
49
55
  end
50
56
 
51
57
  # Instance methods to be included once authable_user is set up.
@@ -168,11 +174,8 @@ module Challah
168
174
  #
169
175
  # All attributes on the user model can be updated, except for the ones listed below.
170
176
  def update_account_attributes(attributes_to_update = {})
171
- protected_attributes = self.class.const_get(:PROTECTED_ATTRIBUTES)
172
-
173
- attributes_to_update
174
- attributes_to_update.keys.each { |key| attributes_to_update.delete(key) if protected_attributes.include?(key.to_s) }
175
-
177
+ protected_attributes = self.class.protected_attributes.clone.flatten
178
+ attributes_to_update.keys.each { |key| attributes_to_update.delete(key) if protected_attributes.include?(key.to_s) }
176
179
  self.update_attributes(attributes_to_update)
177
180
  end
178
181
 
@@ -185,7 +188,7 @@ module Challah
185
188
  #
186
189
  # Override this method if you need to check for a particular configuration on each page request.
187
190
  def valid_session?
188
- true
191
+ self.active?
189
192
  end
190
193
 
191
194
  # Allow dynamic checking for permissions
@@ -213,7 +216,7 @@ module Challah
213
216
  self.persistence_token = ::Challah::Random.token(125) if self.persistence_token.to_s.blank?
214
217
  self.api_key = ::Challah::Random.token(50) if self.api_key.to_s.blank?
215
218
  end
216
-
219
+
217
220
  # Saves any updated permission keys to the database for this user.
218
221
  # Any permission keys that are specifically given to this user and are also in the
219
222
  # user's role will be removed. So, the only permission keys added here will be those
@@ -1,3 +1,3 @@
1
1
  module Challah
2
- VERSION = "0.4.0" unless defined?(::Challah::VERSION)
2
+ VERSION = "0.4.1" unless defined?(::Challah::VERSION)
3
3
  end
data/test/user_test.rb CHANGED
@@ -34,6 +34,14 @@ class UserTest < ActiveSupport::TestCase
34
34
  assert_equal nil, User.find_for_session(' ')
35
35
  assert_equal nil, User.find_for_session('not-existing')
36
36
  end
37
+
38
+ should "have protected attributes" do
39
+ assert Array === User.protected_attributes
40
+
41
+ assert_difference 'User.protected_attributes.size', 1 do
42
+ User.protect_attributes :blah
43
+ end
44
+ end
37
45
  end
38
46
 
39
47
  context "A user instance" do
@@ -66,10 +74,12 @@ class UserTest < ActiveSupport::TestCase
66
74
  user.active = true
67
75
  assert_equal true, user.active
68
76
  assert_equal true, user.active?
77
+ assert_equal true, user.valid_session?
69
78
 
70
79
  user.active = false
71
80
  assert_equal false, user.active
72
81
  assert_equal false, user.active?
82
+ assert_equal false, user.valid_session?
73
83
  end
74
84
 
75
85
  should "not allow updating of certain protected attributes" do
@@ -214,6 +224,6 @@ class UserTest < ActiveSupport::TestCase
214
224
  assert_difference 'user.failed_auth_count', 1 do
215
225
  user.failed_authentication!
216
226
  end
217
- end
227
+ end
218
228
  end
219
229
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: challah
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-02-08 00:00:00.000000000Z
12
+ date: 2012-02-09 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: highline
16
- requirement: &70244762031040 !ruby/object:Gem::Requirement
16
+ requirement: &70149861857320 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70244762031040
24
+ version_requirements: *70149861857320
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rails
27
- requirement: &70244762124220 !ruby/object:Gem::Requirement
27
+ requirement: &70149861950500 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: '3.1'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70244762124220
35
+ version_requirements: *70149861950500
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: rake
38
- requirement: &70244762123720 !ruby/object:Gem::Requirement
38
+ requirement: &70149861950000 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: 0.9.2
44
44
  type: :runtime
45
45
  prerelease: false
46
- version_requirements: *70244762123720
46
+ version_requirements: *70149861950000
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: bcrypt-ruby
49
- requirement: &70244762123260 !ruby/object:Gem::Requirement
49
+ requirement: &70149861949540 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
@@ -54,7 +54,7 @@ dependencies:
54
54
  version: '0'
55
55
  type: :runtime
56
56
  prerelease: false
57
- version_requirements: *70244762123260
57
+ version_requirements: *70149861949540
58
58
  description: A simple ruby gem for authentication, users, roles and permissions.
59
59
  email:
60
60
  - john@johntornow.com