lockdown 0.4.3 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +3 -0
- data/lib/lockdown/controller.rb +18 -16
- data/lib/lockdown/version.rb +1 -1
- data/lib/lockdown/view.rb +7 -15
- metadata +1 -1
data/History.txt
CHANGED
data/lib/lockdown/controller.rb
CHANGED
|
@@ -104,9 +104,11 @@ module Lockdown
|
|
|
104
104
|
return true if current_user_is_admin?
|
|
105
105
|
|
|
106
106
|
# See if path is known
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
107
|
+
if path_allowed?(path)
|
|
108
|
+
true
|
|
109
|
+
else
|
|
110
|
+
false
|
|
111
|
+
end
|
|
110
112
|
end
|
|
111
113
|
|
|
112
114
|
# Can log Error => e if desired, I don't desire to now.
|
|
@@ -157,33 +159,33 @@ module Lockdown
|
|
|
157
159
|
request.request_uri
|
|
158
160
|
end
|
|
159
161
|
|
|
160
|
-
def authorized?(
|
|
162
|
+
def authorized?(url)
|
|
161
163
|
return true if current_user_is_admin?
|
|
162
164
|
|
|
163
|
-
url_parts = URI::split
|
|
165
|
+
url_parts = URI::split(url)
|
|
164
166
|
|
|
165
167
|
path = url_parts[5]
|
|
166
168
|
|
|
167
169
|
# See if path is known
|
|
168
170
|
return true if path_allowed?(path)
|
|
169
171
|
|
|
170
|
-
if options.is_a?(String)
|
|
171
|
-
# Test for a named routed
|
|
172
|
-
begin
|
|
173
|
-
hsh = ActionController::Routing::Routes.recognize_path(options)
|
|
174
|
-
return true if path_allowed?(path_from_hash(hsh)) unless hsh.nil?
|
|
175
|
-
rescue Exception => e
|
|
176
|
-
# continue on
|
|
177
|
-
end
|
|
178
|
-
end
|
|
179
|
-
|
|
180
172
|
# Test to see if url contains id
|
|
181
173
|
parts = path.split("/").collect{|p| p unless p =~ /\A\d+\z/}.compact
|
|
182
174
|
new_path = parts.join("/")
|
|
183
175
|
|
|
184
176
|
return true if path_allowed?(new_path)
|
|
185
177
|
|
|
186
|
-
|
|
178
|
+
# Test for a named routed
|
|
179
|
+
begin
|
|
180
|
+
hsh = ActionController::Routing::Routes.recognize_path(url)
|
|
181
|
+
unless hsh.nil?
|
|
182
|
+
return true if path_allowed?(path_from_hash(hsh))
|
|
183
|
+
end
|
|
184
|
+
rescue Exception => e
|
|
185
|
+
# continue on
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
false
|
|
187
189
|
end
|
|
188
190
|
|
|
189
191
|
def access_denied(e)
|
data/lib/lockdown/version.rb
CHANGED
data/lib/lockdown/view.rb
CHANGED
|
@@ -23,7 +23,7 @@ module Lockdown
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def link_to_or_show(name, url = '', options = {})
|
|
26
|
-
lnk = link_to(name,
|
|
26
|
+
lnk = link_to(name, url , options)
|
|
27
27
|
lnk.length == 0 ? name : lnk
|
|
28
28
|
end
|
|
29
29
|
end # Merb
|
|
@@ -39,8 +39,8 @@ module Lockdown
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
def link_to_secured(name, options = {}, html_options = nil)
|
|
42
|
-
# Don't want to go through the
|
|
43
|
-
url =
|
|
42
|
+
# Don't want to go through the url_for twice
|
|
43
|
+
url = url_for(options)
|
|
44
44
|
if authorized? test_path(url, html_options)
|
|
45
45
|
return link_to_open(name, url, html_options)
|
|
46
46
|
end
|
|
@@ -53,25 +53,17 @@ module Lockdown
|
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
def button_to_secured(name, options = {}, html_options = nil)
|
|
56
|
-
url =
|
|
57
|
-
if authorized? test_path(url,html_options)
|
|
58
|
-
return button_to_open(name,url,html_options)
|
|
56
|
+
url = url_for(options)
|
|
57
|
+
if authorized? test_path(url, html_options)
|
|
58
|
+
return button_to_open(name, url, html_options)
|
|
59
59
|
end
|
|
60
60
|
return ""
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
private
|
|
64
64
|
|
|
65
|
-
def real_url(options, html_options = {})
|
|
66
|
-
unless options.respond_to?(:new_record?)
|
|
67
|
-
options
|
|
68
|
-
else
|
|
69
|
-
polymorphic_path(options)
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
|
|
73
65
|
def test_path(url, html_options)
|
|
74
|
-
if url.split("/").last
|
|
66
|
+
if url.split("/").last =~ /\A\d+\z/
|
|
75
67
|
url += "/show"
|
|
76
68
|
elsif html_options.is_a?(Hash) && html_options[:method] == :delete
|
|
77
69
|
url += "/destroy"
|