lockdown 0.6.3 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/History.txt +4 -0
- data/Manifest.txt +4 -31
- data/README.txt +6 -31
- data/Rakefile +26 -28
- data/lib/lockdown.rb +40 -10
- data/lib/lockdown/controller.rb +2 -5
- data/lib/lockdown/database.rb +1 -2
- data/lib/lockdown/frameworks/merb.rb +14 -4
- data/lib/lockdown/frameworks/merb/controller.rb +7 -3
- data/lib/lockdown/frameworks/merb/view.rb +5 -3
- data/lib/lockdown/frameworks/rails.rb +14 -4
- data/lib/lockdown/frameworks/rails/controller.rb +21 -20
- data/lib/lockdown/frameworks/rails/view.rb +20 -24
- data/lib/lockdown/orms/active_record.rb +4 -2
- data/lib/lockdown/orms/data_mapper.rb +4 -2
- data/lib/lockdown/rights.rb +1 -1
- data/lib/lockdown/system.rb +2 -3
- data/rails_generators/lockdown/lockdown_generator.rb +21 -11
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +1 -4
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -11
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -33
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -76
- data/rails_generators/lockdown/templates/app/models/user.rb +37 -11
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +24 -1
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +29 -2
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +28 -2
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +24 -1
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +46 -1
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +46 -1
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +30 -1
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
- data/{app_generators/lockdown/templates → rails_generators/lockdown/templates/lib/lockdown}/init.rb +0 -1
- data/{app_generators/lockdown/templates → rails_generators/lockdown/templates/lib/lockdown}/session.rb +13 -12
- data/tasks/ann.rake +80 -0
- data/tasks/bones.rake +20 -0
- data/tasks/gem.rake +192 -0
- data/tasks/git.rake +40 -0
- data/tasks/manifest.rake +48 -0
- data/tasks/notes.rake +27 -0
- data/tasks/post_load.rake +39 -0
- data/tasks/rdoc.rake +50 -0
- data/tasks/rubyforge.rake +55 -0
- data/tasks/setup.rb +279 -0
- data/tasks/spec.rake +54 -0
- data/tasks/svn.rake +47 -0
- data/tasks/test.rake +40 -0
- metadata +29 -73
- data/License.txt +0 -20
- data/PostInstall.txt +0 -3
- data/app_generators/lockdown/USAGE +0 -5
- data/app_generators/lockdown/lockdown_generator.rb +0 -25
- data/bin/lockdown +0 -132
- data/lib/lockdown/version.rb +0 -9
- data/rails_generators/lockdown/USAGE +0 -5
- data/rails_generators/lockdown/templates/app/views/permissions/_data.html.erb +0 -13
- data/rails_generators/lockdown/templates/app/views/user_groups/_data.html.erb +0 -68
- data/rails_generators/lockdown/templates/app/views/user_groups/_form.html.erb +0 -11
- data/rails_generators/lockdown/templates/app/views/users/_data.html.erb +0 -87
- data/rails_generators/lockdown/templates/app/views/users/_form.html.erb +0 -12
- data/script/console +0 -10
- data/script/destroy +0 -14
- data/script/generate +0 -14
- data/script/txt2html +0 -82
- data/setup.rb +0 -1585
- data/test/test_generator_helper.rb +0 -29
- data/test/test_helper.rb +0 -2
- data/test/test_lockdown.rb +0 -11
- data/test/test_lockdown_all_generator.rb +0 -43
- data/test/test_lockdown_generator.rb +0 -45
- data/test/test_lockdown_models_generator.rb +0 -43
- data/website/index.html +0 -62
- data/website/index.txt +0 -20
- data/website/javascripts/rounded_corners_lite.inc.js +0 -285
- data/website/model.jpg +0 -0
- data/website/stylesheets/screen.css +0 -138
- data/website/template.html.erb +0 -54
data/History.txt
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
== 0.7.0 2009-01-xx
|
2
|
+
* Removed lockdown as an executable. Will always go through the generator used by the framework.
|
3
|
+
* Removed references to classy inheritance. Directly coded some of classy inheritance's functionality into User model.
|
4
|
+
|
1
5
|
== 0.6.3 2008-12-02
|
2
6
|
* Fixed: Database sync was failing. Cause of refactor. Apologies
|
3
7
|
|
data/Manifest.txt
CHANGED
@@ -1,14 +1,8 @@
|
|
1
|
+
.gitignore
|
1
2
|
History.txt
|
2
|
-
License.txt
|
3
3
|
Manifest.txt
|
4
|
-
PostInstall.txt
|
5
4
|
README.txt
|
6
5
|
Rakefile
|
7
|
-
app_generators/lockdown/USAGE
|
8
|
-
app_generators/lockdown/lockdown_generator.rb
|
9
|
-
app_generators/lockdown/templates/init.rb
|
10
|
-
app_generators/lockdown/templates/session.rb
|
11
|
-
bin/lockdown
|
12
6
|
lib/lockdown.rb
|
13
7
|
lib/lockdown/classy-inheritance.rb
|
14
8
|
lib/lockdown/controller.rb
|
@@ -25,8 +19,6 @@ lib/lockdown/orms/data_mapper.rb
|
|
25
19
|
lib/lockdown/rights.rb
|
26
20
|
lib/lockdown/session.rb
|
27
21
|
lib/lockdown/system.rb
|
28
|
-
lib/lockdown/version.rb
|
29
|
-
rails_generators/lockdown/USAGE
|
30
22
|
rails_generators/lockdown/lockdown_generator.rb
|
31
23
|
rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
|
32
24
|
rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
|
@@ -39,41 +31,22 @@ rails_generators/lockdown/templates/app/models/permission.rb
|
|
39
31
|
rails_generators/lockdown/templates/app/models/profile.rb
|
40
32
|
rails_generators/lockdown/templates/app/models/user.rb
|
41
33
|
rails_generators/lockdown/templates/app/models/user_group.rb
|
42
|
-
rails_generators/lockdown/templates/app/views/permissions/_data.html.erb
|
43
34
|
rails_generators/lockdown/templates/app/views/permissions/index.html.erb
|
44
35
|
rails_generators/lockdown/templates/app/views/permissions/show.html.erb
|
45
36
|
rails_generators/lockdown/templates/app/views/sessions/new.html.erb
|
46
|
-
rails_generators/lockdown/templates/app/views/user_groups/_data.html.erb
|
47
|
-
rails_generators/lockdown/templates/app/views/user_groups/_form.html.erb
|
48
37
|
rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
|
49
38
|
rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
|
50
39
|
rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
|
51
40
|
rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
|
52
|
-
rails_generators/lockdown/templates/app/views/users/_data.html.erb
|
53
|
-
rails_generators/lockdown/templates/app/views/users/_form.html.erb
|
54
41
|
rails_generators/lockdown/templates/app/views/users/edit.html.erb
|
55
42
|
rails_generators/lockdown/templates/app/views/users/index.html.erb
|
56
43
|
rails_generators/lockdown/templates/app/views/users/new.html.erb
|
57
44
|
rails_generators/lockdown/templates/app/views/users/show.html.erb
|
45
|
+
rails_generators/lockdown/templates/config/initializers/lockit.rb
|
58
46
|
rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
|
59
47
|
rails_generators/lockdown/templates/db/migrate/create_permissions.rb
|
60
48
|
rails_generators/lockdown/templates/db/migrate/create_profiles.rb
|
61
49
|
rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
|
62
50
|
rails_generators/lockdown/templates/db/migrate/create_users.rb
|
63
|
-
|
64
|
-
|
65
|
-
script/generate
|
66
|
-
script/txt2html
|
67
|
-
setup.rb
|
68
|
-
test/test_generator_helper.rb
|
69
|
-
test/test_helper.rb
|
70
|
-
test/test_lockdown.rb
|
71
|
-
test/test_lockdown_all_generator.rb
|
72
|
-
test/test_lockdown_generator.rb
|
73
|
-
test/test_lockdown_models_generator.rb
|
74
|
-
website/index.html
|
75
|
-
website/index.txt
|
76
|
-
website/javascripts/rounded_corners_lite.inc.js
|
77
|
-
website/model.jpg
|
78
|
-
website/stylesheets/screen.css
|
79
|
-
website/template.html.erb
|
51
|
+
rails_generators/lockdown/templates/lib/lockdown/init.rb
|
52
|
+
rails_generators/lockdown/templates/lib/lockdown/session.rb
|
data/README.txt
CHANGED
@@ -1,45 +1,20 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
http://stonean.com
|
1
|
+
lockdown
|
2
|
+
by Andrew Stone
|
3
|
+
http://stonean.com
|
4
4
|
|
5
5
|
== DESCRIPTION:
|
6
6
|
|
7
|
-
Lockdown is a authentication/authorization system for RubyOnRails
|
8
|
-
|
9
|
-
For more information please visit stonean.com
|
10
|
-
|
11
|
-
== REQUIREMENTS:
|
12
|
-
|
13
|
-
Lockdown currently supports:
|
14
|
-
|
15
|
-
Frameworks: RubyOnRails
|
16
|
-
|
17
|
-
ORMs: ActiveRecord
|
7
|
+
Lockdown is a authentication/authorization system for RubyOnRails (ver >= 2.1).
|
18
8
|
|
19
9
|
== INSTALL:
|
20
10
|
|
21
|
-
|
22
|
-
|
23
|
-
sudo gem install lockdown
|
24
|
-
|
25
|
-
# Go to your application root directory
|
26
|
-
|
27
|
-
cd <your application>
|
28
|
-
|
29
|
-
# Install lockdown to your application
|
30
|
-
|
31
|
-
lockdown .
|
32
|
-
|
33
|
-
# Modify lib/lockdown/init.rb to set defaults and grant access
|
34
|
-
to your application
|
35
|
-
|
36
|
-
# Modify lib/lockdown/session.rb to add/remove session information
|
11
|
+
sudo gem install lockdown
|
37
12
|
|
38
13
|
== LICENSE:
|
39
14
|
|
40
15
|
(The MIT License)
|
41
16
|
|
42
|
-
Copyright (c)
|
17
|
+
Copyright (c) 2009 Andrew Stone
|
43
18
|
|
44
19
|
Permission is hereby granted, free of charge, to any person obtaining
|
45
20
|
a copy of this software and associated documentation files (the
|
data/Rakefile
CHANGED
@@ -1,28 +1,26 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
# TODO - want other tests/tasks run by default? Add them to the list
|
28
|
-
# task :default => [:spec, :features]
|
1
|
+
# Look in the tasks/setup.rb file for the various options that can be
|
2
|
+
# configured in this Rakefile. The .rake files in the tasks directory
|
3
|
+
# are where the options are used.
|
4
|
+
|
5
|
+
begin
|
6
|
+
require 'bones'
|
7
|
+
Bones.setup
|
8
|
+
rescue LoadError
|
9
|
+
load 'tasks/setup.rb'
|
10
|
+
end
|
11
|
+
|
12
|
+
ensure_in_path 'lib'
|
13
|
+
require 'lockdown'
|
14
|
+
|
15
|
+
task :default => 'spec:run'
|
16
|
+
|
17
|
+
PROJ.name = 'lockdown'
|
18
|
+
PROJ.authors = 'Andrew Stone'
|
19
|
+
PROJ.email = 'andy@stonean.com'
|
20
|
+
PROJ.url = 'http://stonean.com/wiki/lockdown'
|
21
|
+
PROJ.version = Lockdown::VERSION
|
22
|
+
PROJ.rubyforge.name = 'lockdown'
|
23
|
+
|
24
|
+
PROJ.spec.opts << '--color'
|
25
|
+
|
26
|
+
# EOF
|
data/lib/lockdown.rb
CHANGED
@@ -1,34 +1,62 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), "lockdown", "classy-inheritance")
|
2
1
|
require File.join(File.dirname(__FILE__), "lockdown", "helper")
|
3
2
|
|
4
3
|
module Lockdown
|
4
|
+
# :stopdoc:
|
5
|
+
VERSION = '0.7.0'
|
6
|
+
LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
|
7
|
+
PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
|
8
|
+
# :startdoc:
|
9
|
+
|
5
10
|
class << self
|
6
11
|
include Lockdown::Helper
|
7
12
|
|
13
|
+
# Returns the version string for the library.
|
14
|
+
#
|
15
|
+
def version
|
16
|
+
VERSION
|
17
|
+
end
|
18
|
+
|
19
|
+
# Returns the qualified path to the init file
|
20
|
+
#
|
21
|
+
def init_file
|
22
|
+
"#{Dir.pwd}/lib/lockdown/init.rb"
|
23
|
+
end
|
24
|
+
|
25
|
+
# Mixin Lockdown code to the appropriate Controller and ORM
|
26
|
+
#
|
8
27
|
def mixin
|
9
28
|
if mixin_resource?("frameworks")
|
10
29
|
unless mixin_resource?("orms")
|
11
30
|
raise NotImplementedError, "ORM unknown to Lockdown!"
|
12
31
|
end
|
32
|
+
|
33
|
+
if File.exists?(Lockdown.init_file)
|
34
|
+
puts "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
|
35
|
+
require Lockdown.init_file
|
36
|
+
else
|
37
|
+
puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
|
38
|
+
end
|
13
39
|
else
|
14
|
-
|
40
|
+
puts "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
|
15
41
|
end
|
16
|
-
end
|
42
|
+
end # mixin
|
17
43
|
|
44
|
+
# :stopdoc:
|
18
45
|
private
|
19
46
|
|
20
47
|
def mixin_resource?(str)
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
48
|
+
wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' )
|
49
|
+
Dir[wildcard_path].each do |f|
|
50
|
+
require f
|
51
|
+
module_name = File.basename(f).split(".")[0]
|
52
|
+
module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
|
53
|
+
if module_class.use_me?
|
54
|
+
include module_class
|
27
55
|
return true
|
28
56
|
end
|
29
57
|
end
|
30
58
|
false
|
31
|
-
end
|
59
|
+
end # mixin_resource?
|
32
60
|
end # class block
|
33
61
|
end # Lockdown
|
34
62
|
|
@@ -37,4 +65,6 @@ require File.join(File.dirname(__FILE__), "lockdown", "system")
|
|
37
65
|
require File.join(File.dirname(__FILE__), "lockdown", "controller")
|
38
66
|
require File.join(File.dirname(__FILE__), "lockdown", "session")
|
39
67
|
|
68
|
+
puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
|
40
69
|
Lockdown.mixin
|
70
|
+
|
data/lib/lockdown/controller.rb
CHANGED
@@ -22,10 +22,7 @@ module Lockdown
|
|
22
22
|
|
23
23
|
def path_allowed?(url)
|
24
24
|
session[:access_rights] ||= Lockdown::System.public_access
|
25
|
-
session[:access_rights].
|
26
|
-
return true if url == ar
|
27
|
-
end
|
28
|
-
false
|
25
|
+
session[:access_rights].include?(url)
|
29
26
|
end
|
30
27
|
|
31
28
|
def check_session_expiry
|
@@ -64,4 +61,4 @@ module Lockdown
|
|
64
61
|
end
|
65
62
|
end # Core
|
66
63
|
end # Controller
|
67
|
-
end # Lockdown
|
64
|
+
end # Lockdown
|
data/lib/lockdown/database.rb
CHANGED
@@ -17,7 +17,6 @@ module Lockdown
|
|
17
17
|
maintain_user_groups
|
18
18
|
rescue Exception => e
|
19
19
|
puts ">> Lockdown sync failed: #{e}"
|
20
|
-
puts ">> #{e.backtrace.join("\n")}"
|
21
20
|
end
|
22
21
|
|
23
22
|
private
|
@@ -106,4 +105,4 @@ module Lockdown
|
|
106
105
|
|
107
106
|
end # class block
|
108
107
|
end # Database
|
109
|
-
end #Lockdown
|
108
|
+
end #Lockdown
|
@@ -15,9 +15,15 @@ module Lockdown
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def mixin
|
18
|
-
Lockdown.controller_parent.
|
19
|
-
|
20
|
-
|
18
|
+
Lockdown.controller_parent.class_eval do
|
19
|
+
include Lockdown::Frameworks::Merb::Controller::Lock
|
20
|
+
end
|
21
|
+
Lockdown.view_helper.class_eval do
|
22
|
+
include Lockdown::Frameworks::Merb::View
|
23
|
+
end
|
24
|
+
Lockdown::System.class_eval do
|
25
|
+
extend Lockdown::Frameworks::Merb::System
|
26
|
+
end
|
21
27
|
end
|
22
28
|
end # class block
|
23
29
|
|
@@ -47,6 +53,10 @@ module Lockdown
|
|
47
53
|
module System
|
48
54
|
include Lockdown::Frameworks::Merb::Controller
|
49
55
|
|
56
|
+
def skip_sync?
|
57
|
+
Lockdown::System.fetch(:skip_db_sync_in).include?(Merb.environment)
|
58
|
+
end
|
59
|
+
|
50
60
|
def load_controller_classes
|
51
61
|
@controller_classes = {}
|
52
62
|
|
@@ -71,4 +81,4 @@ module Lockdown
|
|
71
81
|
end # System
|
72
82
|
end # Merb
|
73
83
|
end # Frameworks
|
74
|
-
end # Lockdown
|
84
|
+
end # Lockdown
|
@@ -14,7 +14,9 @@ module Lockdown
|
|
14
14
|
# Locking methods
|
15
15
|
module Lock
|
16
16
|
def self.included(base)
|
17
|
-
base.
|
17
|
+
base.class_eval do
|
18
|
+
include Lockdown::Frameworks::Merb::Controller::Lock::InstanceMethods
|
19
|
+
end
|
18
20
|
|
19
21
|
base.before :set_current_user
|
20
22
|
base.before :configure_lockdown
|
@@ -23,7 +25,9 @@ module Lockdown
|
|
23
25
|
|
24
26
|
module InstanceMethods
|
25
27
|
def self.included(base)
|
26
|
-
base.
|
28
|
+
base.class_eval do
|
29
|
+
include Lockdown::Controller::Core
|
30
|
+
end
|
27
31
|
end
|
28
32
|
|
29
33
|
def sent_from_uri
|
@@ -56,4 +60,4 @@ module Lockdown
|
|
56
60
|
end # Controller
|
57
61
|
end # Merb
|
58
62
|
end # Frameworks
|
59
|
-
end # Lockdown
|
63
|
+
end # Lockdown
|
@@ -3,8 +3,10 @@ module Lockdown
|
|
3
3
|
module Merb
|
4
4
|
module View
|
5
5
|
def self.included(base)
|
6
|
-
base.
|
7
|
-
|
6
|
+
base.class_eval do
|
7
|
+
alias_method :link_to_open, :link_to
|
8
|
+
alias_method :link_to, :link_to_secured
|
9
|
+
end
|
8
10
|
end
|
9
11
|
|
10
12
|
def link_to_secured(name, url = '', options = {})
|
@@ -27,4 +29,4 @@ module Lockdown
|
|
27
29
|
end # View
|
28
30
|
end # Merb
|
29
31
|
end # Frameworks
|
30
|
-
end # Lockdown
|
32
|
+
end # Lockdown
|
@@ -15,9 +15,15 @@ module Lockdown
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def mixin
|
18
|
-
Lockdown.controller_parent.
|
19
|
-
|
20
|
-
|
18
|
+
Lockdown.controller_parent.class_eval do
|
19
|
+
include Lockdown::Frameworks::Rails::Controller::Lock
|
20
|
+
end
|
21
|
+
Lockdown.view_helper.class_eval do
|
22
|
+
include Lockdown::Frameworks::Rails::View
|
23
|
+
end
|
24
|
+
Lockdown::System.class_eval do
|
25
|
+
extend Lockdown::Frameworks::Rails::System
|
26
|
+
end
|
21
27
|
end
|
22
28
|
end # class block
|
23
29
|
|
@@ -48,6 +54,10 @@ module Lockdown
|
|
48
54
|
module System
|
49
55
|
include Lockdown::Frameworks::Rails::Controller
|
50
56
|
|
57
|
+
def skip_sync?
|
58
|
+
Lockdown::System.fetch(:skip_db_sync_in).include?(ENV['RAILS_ENV'])
|
59
|
+
end
|
60
|
+
|
51
61
|
def load_controller_classes
|
52
62
|
@controller_classes = {}
|
53
63
|
|
@@ -90,4 +100,4 @@ module Lockdown
|
|
90
100
|
end # System
|
91
101
|
end # Rails
|
92
102
|
end # Frameworks
|
93
|
-
end # Lockdown
|
103
|
+
end # Lockdown
|
@@ -18,7 +18,11 @@ module Lockdown
|
|
18
18
|
# Locking methods
|
19
19
|
module Lock
|
20
20
|
def self.included(base)
|
21
|
-
base.
|
21
|
+
base.class_eval do
|
22
|
+
include Lockdown::Frameworks::Rails::Controller::Lock::InstanceMethods
|
23
|
+
|
24
|
+
helper_method :authorized?
|
25
|
+
end
|
22
26
|
|
23
27
|
base.before_filter do |c|
|
24
28
|
c.set_current_user
|
@@ -26,7 +30,6 @@ module Lockdown
|
|
26
30
|
c.check_request_authorization
|
27
31
|
end
|
28
32
|
|
29
|
-
base.send :helper_method, :authorized?
|
30
33
|
|
31
34
|
base.filter_parameter_logging :password, :password_confirmation
|
32
35
|
|
@@ -35,39 +38,37 @@ module Lockdown
|
|
35
38
|
|
36
39
|
module InstanceMethods
|
37
40
|
def self.included(base)
|
38
|
-
base.
|
41
|
+
base.class_eval do
|
42
|
+
include Lockdown::Controller::Core
|
43
|
+
end
|
39
44
|
end
|
40
45
|
|
41
46
|
def sent_from_uri
|
42
47
|
request.request_uri
|
43
48
|
end
|
44
49
|
|
45
|
-
def authorized?(url)
|
50
|
+
def authorized?(url, method = nil)
|
46
51
|
return false unless url
|
52
|
+
|
47
53
|
return true if current_user_is_admin?
|
48
54
|
|
55
|
+
method ||= request.method
|
56
|
+
|
49
57
|
url_parts = URI::split(url.strip)
|
50
|
-
# remove id from path, e.g.: /users/1/edit to users/edit
|
51
|
-
path = url_parts[5].split("/").collect do |p|
|
52
|
-
p unless p =~ /\A\d+\z/ || p.strip.length == 0
|
53
|
-
end.compact.join("/")
|
54
58
|
|
55
|
-
|
56
|
-
|
59
|
+
url = url_parts[5]
|
60
|
+
|
61
|
+
return true if path_allowed?(url)
|
57
62
|
|
58
|
-
# Test for a named routed
|
59
63
|
begin
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
end
|
64
|
-
rescue Exception
|
64
|
+
hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
|
65
|
+
return path_allowed?(path_from_hash(hash)) if hash
|
66
|
+
rescue Exception
|
65
67
|
# continue on
|
66
68
|
end
|
67
69
|
|
68
70
|
# Passing in different domain
|
69
|
-
return
|
70
|
-
false
|
71
|
+
return remote_url?(url_parts[2])
|
71
72
|
end
|
72
73
|
|
73
74
|
def access_denied(e)
|
@@ -92,8 +93,8 @@ module Lockdown
|
|
92
93
|
end
|
93
94
|
end
|
94
95
|
|
95
|
-
def path_from_hash(
|
96
|
-
|
96
|
+
def path_from_hash(hash)
|
97
|
+
hash[:controller].to_s + "/" + hash[:action].to_s
|
97
98
|
end
|
98
99
|
|
99
100
|
def remote_url?(domain = nil)
|