lockdown 0.4.2 → 0.4.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/History.txt +3 -0
  2. data/lib/lockdown/controller.rb +4 -3
  3. data/lib/lockdown/version.rb +1 -1
  4. data/lib/lockdown/view.rb +21 -14
  5. metadata +1 -1
data/History.txt CHANGED
@@ -1,3 +1,6 @@
1
+ == 0.4.3 2008-05-08
2
+ * Fixed: broken show (and destroy) permission test. also reduced calls to polymorphic path by generating the url once
3
+
1
4
  == 0.4.2 2008-05-08
2
5
  * Fixed: broken link_to functionality.
3
6
 
data/lib/lockdown/controller.rb CHANGED
@@ -177,10 +177,11 @@ module Lockdown
177
177
  end
178
178
  end
179
179
 
180
- # Test to see if using a get method (show)
181
- path += "/show" if path.split("/").last.to_i > 0
180
+ # Test to see if url contains id
181
+ parts = path.split("/").collect{|p| p unless p =~ /\A\d+\z/}.compact
182
+ new_path = parts.join("/")
182
183
 
183
- return true if path_allowed?(path)
184
+ return true if path_allowed?(new_path)
184
185
 
185
186
  return false
186
187
  end
data/lib/lockdown/version.rb CHANGED
@@ -2,7 +2,7 @@ module Lockdown #:nodoc:
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 0
4
4
  MINOR = 4
5
- TINY = 2
5
+ TINY = 3
6
6
 
7
7
  STRING = [MAJOR, MINOR, TINY].join('.')
8
8
  end
data/lib/lockdown/view.rb CHANGED
@@ -39,9 +39,10 @@ module Lockdown
39
39
  end
40
40
 
41
41
  def link_to_secured(name, options = {}, html_options = nil)
42
- url = lock_down_url(options, html_options)
43
- if authorized? url
44
- return link_to_open(name,options,html_options)
42
+ # Don't want to go through the polymorphic test twice
43
+ url = real_url(options, html_options)
44
+ if authorized? test_path(url, html_options)
45
+ return link_to_open(name, url, html_options)
45
46
  end
46
47
  return ""
47
48
  end
@@ -52,24 +53,30 @@ module Lockdown
52
53
  end
53
54
 
54
55
  def button_to_secured(name, options = {}, html_options = nil)
55
- url = lock_down_url(options, html_options)
56
- if authorized? url
57
- return button_to_open(name,options,html_options)
56
+ url = real_url(options, html_options)
57
+ if authorized? test_path(url,html_options)
58
+ return button_to_open(name,url,html_options)
58
59
  end
59
60
  return ""
60
61
  end
61
62
 
62
63
  private
63
64
 
64
- def lock_down_url(options, html_options = {})
65
- return options unless options.respond_to?(:new_record?)
66
- p = polymorphic_path(options)
67
- if html_options.is_a?(Hash) && html_options[:method] == :delete
68
- p += "/destroy"
69
- elsif p.split("/").last.to_i > 0
70
- p += "/show"
65
+ def real_url(options, html_options = {})
66
+ unless options.respond_to?(:new_record?)
67
+ options
68
+ else
69
+ polymorphic_path(options)
70
+ end
71
+ end
72
+
73
+ def test_path(url, html_options)
74
+ if url.split("/").last.to_i > 0
75
+ url += "/show"
76
+ elsif html_options.is_a?(Hash) && html_options[:method] == :delete
77
+ url += "/destroy"
71
78
  end
72
- return p
79
+ url
73
80
  end
74
81
  end # Rails
75
82
  end # View
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lockdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.4.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Stone