lockdown 0.4.2 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +3 -0
- data/lib/lockdown/controller.rb +4 -3
- data/lib/lockdown/version.rb +1 -1
- data/lib/lockdown/view.rb +21 -14
- metadata +1 -1
data/History.txt
CHANGED
data/lib/lockdown/controller.rb
CHANGED
@@ -177,10 +177,11 @@ module Lockdown
|
|
177
177
|
end
|
178
178
|
end
|
179
179
|
|
180
|
-
# Test to see if
|
181
|
-
|
180
|
+
# Test to see if url contains id
|
181
|
+
parts = path.split("/").collect{|p| p unless p =~ /\A\d+\z/}.compact
|
182
|
+
new_path = parts.join("/")
|
182
183
|
|
183
|
-
return true if path_allowed?(
|
184
|
+
return true if path_allowed?(new_path)
|
184
185
|
|
185
186
|
return false
|
186
187
|
end
|
data/lib/lockdown/version.rb
CHANGED
data/lib/lockdown/view.rb
CHANGED
@@ -39,9 +39,10 @@ module Lockdown
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def link_to_secured(name, options = {}, html_options = nil)
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
# Don't want to go through the polymorphic test twice
|
43
|
+
url = real_url(options, html_options)
|
44
|
+
if authorized? test_path(url, html_options)
|
45
|
+
return link_to_open(name, url, html_options)
|
45
46
|
end
|
46
47
|
return ""
|
47
48
|
end
|
@@ -52,24 +53,30 @@ module Lockdown
|
|
52
53
|
end
|
53
54
|
|
54
55
|
def button_to_secured(name, options = {}, html_options = nil)
|
55
|
-
url =
|
56
|
-
if authorized? url
|
57
|
-
return button_to_open(name,
|
56
|
+
url = real_url(options, html_options)
|
57
|
+
if authorized? test_path(url,html_options)
|
58
|
+
return button_to_open(name,url,html_options)
|
58
59
|
end
|
59
60
|
return ""
|
60
61
|
end
|
61
62
|
|
62
63
|
private
|
63
64
|
|
64
|
-
def
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
65
|
+
def real_url(options, html_options = {})
|
66
|
+
unless options.respond_to?(:new_record?)
|
67
|
+
options
|
68
|
+
else
|
69
|
+
polymorphic_path(options)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def test_path(url, html_options)
|
74
|
+
if url.split("/").last.to_i > 0
|
75
|
+
url += "/show"
|
76
|
+
elsif html_options.is_a?(Hash) && html_options[:method] == :delete
|
77
|
+
url += "/destroy"
|
71
78
|
end
|
72
|
-
|
79
|
+
url
|
73
80
|
end
|
74
81
|
end # Rails
|
75
82
|
end # View
|