RubyGems - challah - Versions diffs - 0.4.0 → 0.4.1 - Mend

challah 0.4.0 → 0.4.1

Files changed (5) hide show

data/CHANGELOG.md +5 -1
data/lib/challah/authable/user.rb +13 -10
data/lib/challah/version.rb +1 -1
data/test/user_test.rb +11 -1
metadata +10 -10

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,8 @@
-## Challah 0.4.0 (Unreleased)
+## Challah 0.4.1
+* Added User#protect_attributes to allow for the addition of app-specific protected attributes in User
+## Challah 0.4.0
 * Enabled api key access. Passing ?key=xxxx into any URL will authenticate a user for a single page load. This option is turned off by default in new apps and can be enabled using `Challah.options[:api_key_enabled]`.
 * Updated tests for API key access

data/lib/challah/authable/user.rb CHANGED Viewed

@@ -6,9 +6,9 @@ module Challah
         extend ClassMethods
       end
-      const_set(:PROTECTED_ATTRIBUTES, %w(api_key created_by crypted_password failed_login_count id last_login_at login_count permissions permissions_attributes permission_users permission_users_attributes persistence_token role_id updated_by))
       class_eval do
+        cattr_accessor :protected_attributes
         validates_presence_of :first_name, :last_name, :email, :role_id, :username
         validates_uniqueness_of :email, :username
         validate :validate_new_password
@@ -23,8 +23,9 @@ module Challah
         scope :inactive, where(:active => false).order('users.first_name, users.last_name')
         scope :with_role, lambda { |role| where([ "users.role_id = ?", role ]) }
         scope :search, lambda { |q| where([ 'users.first_name like ? OR users.last_name like ? OR users.email like ? OR users.username LIKE ?', "%#{q}%", "%#{q}%", "%#{q}%", "%#{q}%" ]) }
         after_save :save_permission_keys
+        protect_attributes :api_key, :created_by, :crypted_password, :failed_login_count, :id, :last_login_at, :login_count, :permissions, :permissions_attributes, :permission_users, :permission_users_attributes, :persistence_token, :role_id, :updated_by
       end
     end
@@ -46,6 +47,11 @@ module Challah
         result
       end
+      def protect_attributes(*args)
+        self.protected_attributes ||= []
+        self.protected_attributes << args.collect(&:to_s)
+      end
     end
     # Instance methods to be included once authable_user is set up.
@@ -168,11 +174,8 @@ module Challah
       #
       # All attributes on the user model can be updated, except for the ones listed below.
       def update_account_attributes(attributes_to_update = {})
-        protected_attributes = self.class.const_get(:PROTECTED_ATTRIBUTES)
-        attributes_to_update
-        attributes_to_update.keys.each { |key| attributes_to_update.delete(key) if protected_attributes.include?(key.to_s) }
+        protected_attributes = self.class.protected_attributes.clone.flatten
+        attributes_to_update.keys.each { |key| attributes_to_update.delete(key) if protected_attributes.include?(key.to_s) }
         self.update_attributes(attributes_to_update)
       end
@@ -185,7 +188,7 @@ module Challah
       #
       # Override this method if you need to check for a particular configuration on each page request.
       def valid_session?
-        true
+        self.active?
       end
       # Allow dynamic checking for permissions
@@ -213,7 +216,7 @@ module Challah
           self.persistence_token = ::Challah::Random.token(125) if self.persistence_token.to_s.blank?
           self.api_key = ::Challah::Random.token(50) if self.api_key.to_s.blank?
         end
         # Saves any updated permission keys to the database for this user.
         # Any permission keys that are specifically given to this user and are also in the
         # user's role will be removed. So, the only permission keys added here will be those

data/lib/challah/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Challah
-  VERSION = "0.4.0" unless defined?(::Challah::VERSION)
+  VERSION = "0.4.1" unless defined?(::Challah::VERSION)
 end

data/test/user_test.rb CHANGED Viewed

@@ -34,6 +34,14 @@ class UserTest < ActiveSupport::TestCase
       assert_equal nil, User.find_for_session(' ')
       assert_equal nil, User.find_for_session('not-existing')
     end
+    should "have protected attributes" do
+      assert Array === User.protected_attributes
+      assert_difference 'User.protected_attributes.size', 1 do
+        User.protect_attributes :blah
+      end
+    end
   end
   context "A user instance" do
@@ -66,10 +74,12 @@ class UserTest < ActiveSupport::TestCase
       user.active = true
       assert_equal true, user.active
       assert_equal true, user.active?
+      assert_equal true, user.valid_session?
       user.active = false
       assert_equal false, user.active
       assert_equal false, user.active?
+      assert_equal false, user.valid_session?
     end
     should "not allow updating of certain protected attributes" do
@@ -214,6 +224,6 @@ class UserTest < ActiveSupport::TestCase
       assert_difference 'user.failed_auth_count', 1 do
         user.failed_authentication!
       end
-    end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: challah
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
   prerelease:
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-02-08 00:00:00.000000000Z
+date: 2012-02-09 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: highline
-  requirement: &70244762031040 !ruby/object:Gem::Requirement
+  requirement: &70149861857320 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70244762031040
+  version_requirements: *70149861857320
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70244762124220 !ruby/object:Gem::Requirement
+  requirement: &70149861950500 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '3.1'
   type: :runtime
   prerelease: false
-  version_requirements: *70244762124220
+  version_requirements: *70149861950500
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70244762123720 !ruby/object:Gem::Requirement
+  requirement: &70149861950000 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: 0.9.2
   type: :runtime
   prerelease: false
-  version_requirements: *70244762123720
+  version_requirements: *70149861950000
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
-  requirement: &70244762123260 !ruby/object:Gem::Requirement
+  requirement: &70149861949540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,7 +54,7 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70244762123260
+  version_requirements: *70149861949540
 description: A simple ruby gem for authentication, users, roles and permissions.
 email:
 - john@johntornow.com