lockdown 0.9.5 → 0.9.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. data/lib/lockdown/frameworks/rails/controller.rb +5 -3
  2. data/lib/lockdown/frameworks/rails.rb +2 -2
  3. data/lib/lockdown/rules.rb +39 -7
  4. data/lib/lockdown.rb +1 -1
  5. data/spec/lockdown/frameworks/rails/controller_spec.rb +1 -0
  6. data/spec/lockdown/frameworks/rails_spec.rb +5 -0
  7. data/tasks/setup.rb +1 -1
  8. data/tasks/zentest.rake +36 -0
  9. metadata +8 -5
data/lib/lockdown/frameworks/rails/controller.rb CHANGED
@@ -69,17 +69,19 @@ module Lockdown
69
69
 
70
70
  url_parts = URI::split(url.strip)
71
71
 
72
- url = url_parts[5]
72
+ path = url_parts[5]
73
73
 
74
- return true if path_allowed?(url)
74
+ return true if path_allowed?(path)
75
75
 
76
76
  begin
77
- hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
77
+ hash = ActionController::Routing::Routes.recognize_path(path, :method => method)
78
78
  return path_allowed?(path_from_hash(hash)) if hash
79
79
  rescue Exception
80
80
  # continue on
81
81
  end
82
82
 
83
+ return true if url =~ /^mailto:/
84
+
83
85
  # Passing in different domain
84
86
  return remote_url?(url_parts[2])
85
87
  end
data/lib/lockdown/frameworks/rails.rb CHANGED
@@ -55,11 +55,11 @@ module Lockdown
55
55
  end
56
56
 
57
57
  def controller_parent
58
- ActionController::Base
58
+ ::ActionController::Base
59
59
  end
60
60
 
61
61
  def view_helper
62
- ActionView::Base
62
+ ::ActionView::Base
63
63
  end
64
64
 
65
65
  def controller_class_name(str)
data/lib/lockdown/rules.rb CHANGED
@@ -263,18 +263,50 @@ module Lockdown
263
263
  def parse_permissions
264
264
  permission_objects.each do |name, perm|
265
265
  @permissions[perm.name] ||= []
266
- perm.controllers.each do |name, controller|
267
- @permissions[perm.name] |= controller.access_methods
268
266
 
269
- if perm.public_access?
270
- @public_access |= controller.access_methods
271
- elsif perm.protected_access?
272
- @protected_access |= controller.access_methods
273
- end
267
+ set_controller_access(perm)
268
+
269
+ set_model_access(perm)
270
+ end
271
+ end
272
+
273
+ def set_controller_access(perm)
274
+ perm.controllers.each do |name, controller|
275
+ @permissions[perm.name] |= controller.access_methods
276
+
277
+ if perm.public_access?
278
+ @public_access |= controller.access_methods
279
+ elsif perm.protected_access?
280
+ @protected_access |= controller.access_methods
274
281
  end
275
282
  end
276
283
  end
277
284
 
285
+ def set_model_access(perm)
286
+ perm.models.each do |model|
287
+ # Create inherited method on Lockdown.orm_parent that
288
+ # will create a list of controller/actions the model
289
+ end
290
+
291
+ # Create method to access that list for link_to call validation
292
+ #Lockdown.orm_parent.instance_eval <<-RUBY, __FILE__,__LINE__ + 1
293
+ # def self.inherited(klass)
294
+ # super
295
+ #
296
+ # end
297
+ #RUBY
298
+
299
+ # Create inherited method on Lockdown.controller_parent that
300
+ # will setup before_filter
301
+ #Lockdown.controller_parent.instance_eval <<-RUBY, __FILE__,__LINE__ + 1
302
+ # def self.inherited(klass)
303
+ # super
304
+ #
305
+ # end
306
+ #RUBY
307
+ end
308
+
309
+
278
310
  def validate_user_groups
279
311
  user_groups.each do |user_group, perms|
280
312
  perms.each do |perm|
data/lib/lockdown.rb CHANGED
@@ -3,7 +3,7 @@ require File.join(File.dirname(__FILE__), "lockdown", "helper")
3
3
  module Lockdown
4
4
  extend Lockdown::Helper
5
5
 
6
- VERSION = '0.9.5'
6
+ VERSION = '0.9.7'
7
7
 
8
8
  # Returns the version string for the library.
9
9
  def self.version
data/spec/lockdown/frameworks/rails/controller_spec.rb CHANGED
@@ -133,6 +133,7 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
133
133
 
134
134
  request = mock("request")
135
135
  request.stub!(:method).and_return(:get)
136
+ @controller.stub!(:params).and_return({})
136
137
  @controller.stub!(:request).and_return(request)
137
138
 
138
139
  stonean_parts = ["http", nil, "stonean.com", nil, nil, "posts/index", nil, nil, nil]
data/spec/lockdown/frameworks/rails_spec.rb CHANGED
@@ -30,6 +30,11 @@ describe Lockdown::Frameworks::Rails do
30
30
 
31
31
  ActionView::Base.should_receive(:class_eval)
32
32
 
33
+ ActionController::Base.should_receive(:helper_method)
34
+ ActionController::Base.should_receive(:before_filter)
35
+ ActionController::Base.should_receive(:filter_parameter_logging)
36
+ ActionController::Base.should_receive(:rescue_from)
37
+
33
38
  ActionController::Base.should_receive(:class_eval)
34
39
 
35
40
  Lockdown::System.should_receive(:class_eval)
data/tasks/setup.rb CHANGED
@@ -147,7 +147,7 @@ RCOV = "#{RUBY} -S rcov"
147
147
  RDOC = "#{RUBY} -S rdoc"
148
148
  GEM = "#{RUBY} -S gem"
149
149
 
150
- %w(rcov spec/rake/spectask rubyforge bones facets/ansicode).each do |lib|
150
+ %w(rcov spec/rake/spectask rubyforge bones facets/ansicode zentest).each do |lib|
151
151
  begin
152
152
  require lib
153
153
  Object.instance_eval {const_set "HAVE_#{lib.tr('/','_').upcase}", true}
data/tasks/zentest.rake ADDED
@@ -0,0 +1,36 @@
1
+ if HAVE_ZENTEST
2
+
3
+ # --------------------------------------------------------------------------
4
+ if test(?e, PROJ.test.file) or not PROJ.test.files.to_a.empty?
5
+ require 'autotest'
6
+
7
+ namespace :test do
8
+ task :autotest do
9
+ Autotest.run
10
+ end
11
+ end
12
+
13
+ desc "Run the autotest loop"
14
+ task :autotest => 'test:autotest'
15
+
16
+ end # if test
17
+
18
+ # --------------------------------------------------------------------------
19
+ if HAVE_SPEC_RAKE_SPECTASK and not PROJ.spec.files.to_a.empty?
20
+ require 'autotest/rspec'
21
+
22
+ namespace :spec do
23
+ task :autotest do
24
+ load '.autotest' if test(?f, '.autotest')
25
+ Autotest::Rspec.run
26
+ end
27
+ end
28
+
29
+ desc "Run the autotest loop"
30
+ task :autotest => 'spec:autotest'
31
+
32
+ end # if rspec
33
+
34
+ end # if HAVE_ZENTEST
35
+
36
+ # EOF
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lockdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.5
4
+ version: 0.9.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-03-26 00:00:00 -04:00
12
+ date: 2009-06-06 00:00:00 -04:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 2.4.2
23
+ version: 2.5.1
24
24
  version:
25
25
  description: Lockdown is an authorization system for RubyOnRails (ver >= 2.1).
26
26
  email: andy@stonean.com
@@ -102,8 +102,11 @@ files:
102
102
  - tasks/spec.rake
103
103
  - tasks/svn.rake
104
104
  - tasks/test.rake
105
+ - tasks/zentest.rake
105
106
  has_rdoc: true
106
107
  homepage: http://stonean.com/wiki/lockdown
108
+ licenses: []
109
+
107
110
  post_install_message:
108
111
  rdoc_options:
109
112
  - --main
@@ -125,9 +128,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
125
128
  requirements: []
126
129
 
127
130
  rubyforge_project: lockdown
128
- rubygems_version: 1.3.1
131
+ rubygems_version: 1.3.3
129
132
  signing_key:
130
- specification_version: 2
133
+ specification_version: 3
131
134
  summary: Lockdown is an authorization system for RubyOnRails (ver >= 2
132
135
  test_files: []
133
136