lockdown 0.5.1 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +3 -0
- data/lib/lockdown/helper.rb +21 -13
- data/lib/lockdown/system.rb +22 -17
- data/lib/lockdown/version.rb +1 -1
- data/website/generator.html +1 -1
- data/website/index.html +1 -1
- metadata +2 -2
data/History.txt
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
== 0.5.2 2008-05-26
|
2
|
+
* Fixed: make call to Dependencies.clear after inspecting controllers. Using Dependencies.require_or_load is not sufficient it seems.
|
3
|
+
|
1
4
|
== 0.5.1 2008-05-25
|
2
5
|
* Fixed: bug with namespaced access having identical standard access. e.g. /users and /admin/users
|
3
6
|
|
data/lib/lockdown/helper.rb
CHANGED
@@ -14,13 +14,13 @@ module Lockdown
|
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
17
|
+
def lockdown_string(value)
|
18
|
+
if value.respond_to?(:name)
|
19
|
+
string_name(value.name)
|
20
|
+
else
|
21
|
+
string_name(value)
|
22
|
+
end
|
23
|
+
end
|
24
24
|
|
25
25
|
def lockdown_symbol(value)
|
26
26
|
if value.respond_to?(:name)
|
@@ -41,16 +41,24 @@ module Lockdown
|
|
41
41
|
Array.new(len){||chars[rand(chars.size)]}.join
|
42
42
|
end
|
43
43
|
|
44
|
-
|
45
|
-
|
44
|
+
def administrator_group_string
|
45
|
+
string_name(:administrators)
|
46
46
|
end
|
47
47
|
|
48
|
-
|
49
|
-
|
48
|
+
def administrator_group_symbol
|
49
|
+
:administrators
|
50
50
|
end
|
51
51
|
|
52
52
|
private
|
53
53
|
|
54
|
+
def string_name(str_sym)
|
55
|
+
str_sym.is_a?(Symbol) ? convert_reference_name(str_sym) : str_sym
|
56
|
+
end
|
57
|
+
|
58
|
+
def symbol_name(str_sym)
|
59
|
+
str_sym.is_a?(String) ? convert_reference_name(str_sym) : str_sym
|
60
|
+
end
|
61
|
+
|
54
62
|
def titleize(str)
|
55
63
|
humanize(underscore(str)).gsub(/\b([a-z])/) { $1.capitalize }
|
56
64
|
end
|
@@ -67,11 +75,11 @@ module Lockdown
|
|
67
75
|
end
|
68
76
|
|
69
77
|
if Lockdown.rails_app?
|
70
|
-
def
|
78
|
+
def controller_class_name(str)
|
71
79
|
"#{str}Controller"
|
72
80
|
end
|
73
81
|
else
|
74
|
-
def
|
82
|
+
def controller_class_name(str)
|
75
83
|
str
|
76
84
|
end
|
77
85
|
end
|
data/lib/lockdown/system.rb
CHANGED
@@ -15,13 +15,15 @@ module Lockdown
|
|
15
15
|
|
16
16
|
# Future functionality:
|
17
17
|
# :private_access will restrict access to model data to their creators.
|
18
|
-
# attr_accessor :private_access
|
18
|
+
# attr_accessor :private_access
|
19
19
|
|
20
20
|
attr_accessor :controller_classes #:nodoc:
|
21
21
|
|
22
22
|
def configure(&block)
|
23
23
|
set_defaults
|
24
|
+
|
24
25
|
instance_eval(&block)
|
26
|
+
|
25
27
|
if options[:use_db_models] && options[:sync_init_rb_with_db]
|
26
28
|
sync_with_db
|
27
29
|
end
|
@@ -71,7 +73,7 @@ module Lockdown
|
|
71
73
|
elsif ug.responds_to?(:name)
|
72
74
|
# This user group was defined in the database
|
73
75
|
ug.permissions.each do |perm|
|
74
|
-
perm_sym =
|
76
|
+
perm_sym = lockdown_symbol(perm.name)
|
75
77
|
unless permission_exists?(perm_sym)
|
76
78
|
raise SecurityError, "Permission associated to User Group is invalid: #{perm_sym}"
|
77
79
|
end
|
@@ -132,7 +134,7 @@ module Lockdown
|
|
132
134
|
# Delete a user group record from the database
|
133
135
|
#
|
134
136
|
def delete_user_group(str_sym)
|
135
|
-
ug = UserGroup.find(:first, :conditions => ["name = ?",
|
137
|
+
ug = UserGroup.find(:first, :conditions => ["name = ?",lockdown_string(str_sym)])
|
136
138
|
ug.destroy unless ug.nil?
|
137
139
|
end
|
138
140
|
|
@@ -181,7 +183,7 @@ module Lockdown
|
|
181
183
|
def permissions_assignable_for_user(usr)
|
182
184
|
return [] if usr.nil?
|
183
185
|
if administrator?(usr)
|
184
|
-
@permissions.keys.collect{|k| Permission.find_by_name(
|
186
|
+
@permissions.keys.collect{|k| Permission.find_by_name(lockdown_string(k)) }.compact
|
185
187
|
else
|
186
188
|
groups = user_groups_assignable_for_user(usr)
|
187
189
|
groups.collect{|g| g.permissions}.flatten.compact
|
@@ -205,14 +207,14 @@ module Lockdown
|
|
205
207
|
end
|
206
208
|
|
207
209
|
def fetch_controller_class(str)
|
208
|
-
@controller_classes[
|
210
|
+
@controller_classes[lockdown_class_name(str)]
|
209
211
|
end
|
210
212
|
|
211
213
|
protected
|
212
214
|
|
213
215
|
def set_defaults
|
214
216
|
load_controller_classes
|
215
|
-
|
217
|
+
|
216
218
|
@permissions = {}
|
217
219
|
@user_groups = {}
|
218
220
|
|
@@ -246,7 +248,7 @@ module Lockdown
|
|
246
248
|
|
247
249
|
def load_controller_classes
|
248
250
|
@controller_classes = {}
|
249
|
-
|
251
|
+
|
250
252
|
maybe_load_framework_controller_parent
|
251
253
|
|
252
254
|
Dir.chdir("#{Lockdown.project_root}/app/controllers") do
|
@@ -255,17 +257,21 @@ module Lockdown
|
|
255
257
|
lockdown_load(c)
|
256
258
|
end
|
257
259
|
end
|
260
|
+
|
261
|
+
if Lockdown.rails_app?
|
262
|
+
Dependencies.clear
|
263
|
+
end
|
258
264
|
end
|
259
265
|
|
260
|
-
def
|
266
|
+
def lockdown_class_name_from_file(str)
|
261
267
|
str.split(".")[0].split("/").collect{|s| camelize(s) }.join("::")
|
262
268
|
end
|
263
269
|
|
264
|
-
def
|
270
|
+
def lockdown_class_name(str)
|
265
271
|
if str.include?("__")
|
266
|
-
|
272
|
+
controller_class_name(str.split("__").collect{|p| camelize(p)}.join("::"))
|
267
273
|
else
|
268
|
-
|
274
|
+
controller_class_name(camelize(str))
|
269
275
|
end
|
270
276
|
end
|
271
277
|
|
@@ -273,13 +279,12 @@ module Lockdown
|
|
273
279
|
if Lockdown.rails_app?
|
274
280
|
Dependencies.require_or_load("application.rb")
|
275
281
|
else
|
276
|
-
#just default to Merb for now as the only alternative
|
277
282
|
load("application.rb") unless const_defined?("Application")
|
278
283
|
end
|
279
284
|
end
|
280
285
|
|
281
286
|
def lockdown_load(file)
|
282
|
-
klass =
|
287
|
+
klass = lockdown_class_name_from_file(file)
|
283
288
|
if Lockdown.rails_app?
|
284
289
|
Dependencies.require_or_load(file)
|
285
290
|
else
|
@@ -316,7 +321,7 @@ module Lockdown
|
|
316
321
|
# Create permissions not found in the database
|
317
322
|
get_permissions.each do |key|
|
318
323
|
next if permission_assigned_automatically?(key)
|
319
|
-
str =
|
324
|
+
str = lockdown_string(key)
|
320
325
|
p = Permission.find(:first, :conditions => ["name = ?", str])
|
321
326
|
unless p
|
322
327
|
puts ">> Lockdown: Permission not found in db: #{str}, creating."
|
@@ -330,7 +335,7 @@ module Lockdown
|
|
330
335
|
db_perms = Permission.find(:all).dup
|
331
336
|
perm_keys = get_permissions
|
332
337
|
db_perms.each do |dbp|
|
333
|
-
unless perm_keys.include?(
|
338
|
+
unless perm_keys.include?(lockdown_symbol(dbp.name))
|
334
339
|
puts ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
|
335
340
|
Lockdown.database_execute("delete from permissions_user_groups where permission_id = #{dbp.id}")
|
336
341
|
dbp.destroy
|
@@ -339,14 +344,14 @@ module Lockdown
|
|
339
344
|
|
340
345
|
# Create user groups not found in the database
|
341
346
|
get_user_groups.each do |key|
|
342
|
-
str =
|
347
|
+
str = lockdown_string(key)
|
343
348
|
ug = UserGroup.find(:first, :conditions => ["name = ?", str])
|
344
349
|
unless ug
|
345
350
|
puts ">> Lockdown: UserGroup not in the db: #{str}, creating."
|
346
351
|
ug = UserGroup.create(:name => str)
|
347
352
|
#Inefficient, definitely, but shouldn't have any issues across orms.
|
348
353
|
permissions_for_user_group(key) do |perm|
|
349
|
-
p = Permission.find(:first, :conditions => ["name = ?",
|
354
|
+
p = Permission.find(:first, :conditions => ["name = ?", lockdown_string(perm)])
|
350
355
|
Lockdown.database_execute <<-SQL
|
351
356
|
insert into permissions_user_groups(permission_id, user_group_id)
|
352
357
|
values(#{p.id}, #{ug.id})
|
data/lib/lockdown/version.rb
CHANGED
data/website/generator.html
CHANGED
@@ -33,7 +33,7 @@
|
|
33
33
|
<h1>Lockdown</h1>
|
34
34
|
<div id="version" class="clickable" onclick='document.location = "http://rubyforge.org/projects/lockdown"; return false'>
|
35
35
|
<p>Get Version</p>
|
36
|
-
<a href="http://rubyforge.org/projects/lockdown" class="numbers">0.5.
|
36
|
+
<a href="http://rubyforge.org/projects/lockdown" class="numbers">0.5.2</a>
|
37
37
|
</div>
|
38
38
|
<h2>What</h2>
|
39
39
|
|
data/website/index.html
CHANGED
@@ -33,7 +33,7 @@
|
|
33
33
|
<h1>Lockdown</h1>
|
34
34
|
<div id="version" class="clickable" onclick='document.location = "http://rubyforge.org/projects/lockdown"; return false'>
|
35
35
|
<p>Get Version</p>
|
36
|
-
<a href="http://rubyforge.org/projects/lockdown" class="numbers">0.5.
|
36
|
+
<a href="http://rubyforge.org/projects/lockdown" class="numbers">0.5.2</a>
|
37
37
|
</div>
|
38
38
|
<h2>What</h2>
|
39
39
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lockdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Stone
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-05-
|
12
|
+
date: 2008-05-26 00:00:00 -04:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|