lockdown 1.0.6 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
data/lib/lockdown/database.rb
CHANGED
@@ -48,7 +48,7 @@ module Lockdown
|
|
48
48
|
# Create user groups not found in the database
|
49
49
|
@user_groups.each do |key|
|
50
50
|
str = Lockdown.get_string(key)
|
51
|
-
unless ug = ::
|
51
|
+
unless ug = Lockdown::System.fetch(:user_group_model).find(:first, :conditions => ["name = ?", str])
|
52
52
|
create_user_group(str, key)
|
53
53
|
else
|
54
54
|
# Remove permissions from user group not found in init.rb
|
@@ -61,8 +61,8 @@ module Lockdown
|
|
61
61
|
end
|
62
62
|
|
63
63
|
def create_user_group(name_str, key)
|
64
|
-
puts ">> Lockdown:
|
65
|
-
ug = ::
|
64
|
+
puts ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
|
65
|
+
ug = Lockdown::System.fetch(:user_group_model).create(:name => name_str)
|
66
66
|
#Inefficient, definitely, but shouldn't have any issues across orms.
|
67
67
|
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
68
68
|
p = ::Permission.find(:first, :conditions => ["name = ?",
|
@@ -15,7 +15,7 @@ module Lockdown
|
|
15
15
|
def link_to_secured(name, options = {}, html_options = nil)
|
16
16
|
url = url_for(options)
|
17
17
|
|
18
|
-
method = html_options ? html_options[:method] :
|
18
|
+
method = html_options ? html_options[:method] : :get
|
19
19
|
|
20
20
|
if authorized?(url, method)
|
21
21
|
return link_to_open(name, url, html_options)
|
@@ -26,7 +26,7 @@ module Lockdown
|
|
26
26
|
def button_to_secured(name, options = {}, html_options = nil)
|
27
27
|
url = url_for(options)
|
28
28
|
|
29
|
-
method = html_options ? html_options[:method] :
|
29
|
+
method = html_options ? html_options[:method] : :get
|
30
30
|
|
31
31
|
if authorized?(url, method)
|
32
32
|
return button_to_open(name, url, html_options)
|
data/lib/lockdown/helper.rb
CHANGED
data/lib/lockdown/rules.rb
CHANGED
@@ -31,7 +31,9 @@ module Lockdown
|
|
31
31
|
:successful_login_path => "/",
|
32
32
|
:subdirectory => nil,
|
33
33
|
:skip_db_sync_in => ["test"],
|
34
|
-
:link_separator => ' | '
|
34
|
+
:link_separator => ' | ',
|
35
|
+
:user_group_model => ::UserGroup,
|
36
|
+
:user_model => ::User
|
35
37
|
}
|
36
38
|
end
|
37
39
|
|
@@ -143,7 +145,8 @@ module Lockdown
|
|
143
145
|
# Pass in a user object to be associated to the administrator user group
|
144
146
|
# The group will be created if it doesn't exist
|
145
147
|
def make_user_administrator(usr)
|
146
|
-
|
148
|
+
user_groups = usr.send(Lockdown.user_groups_hbtm_reference)
|
149
|
+
user_groups << Lockdown::System.fetch(:user_group_model).
|
147
150
|
find_or_create_by_name(Lockdown.administrator_group_string)
|
148
151
|
end
|
149
152
|
|
@@ -160,7 +163,8 @@ module Lockdown
|
|
160
163
|
|
161
164
|
rights = standard_authorized_user_rights
|
162
165
|
|
163
|
-
usr.
|
166
|
+
user_groups = usr.send(Lockdown.user_groups_hbtm_reference)
|
167
|
+
user_groups.each do |grp|
|
164
168
|
permissions_for_user_group(grp).each do |perm|
|
165
169
|
rights += access_rights_for_permission(perm)
|
166
170
|
end
|
@@ -185,7 +189,8 @@ module Lockdown
|
|
185
189
|
|
186
190
|
# Pass in user object and symbol for name of user group
|
187
191
|
def user_has_user_group?(usr, sym)
|
188
|
-
usr.
|
192
|
+
user_groups = usr.send(Lockdown.user_groups_hbtm_reference)
|
193
|
+
user_groups.any? do |ug|
|
189
194
|
Lockdown.convert_reference_name(ug.name) == sym
|
190
195
|
end
|
191
196
|
end
|
@@ -197,11 +202,11 @@ module Lockdown
|
|
197
202
|
return [] if usr.nil?
|
198
203
|
|
199
204
|
if administrator?(usr)
|
200
|
-
|
205
|
+
Lockdown::System.fetch(:user_group_model).find_by_sql <<-SQL
|
201
206
|
select user_groups.* from user_groups order by user_groups.name
|
202
207
|
SQL
|
203
208
|
else
|
204
|
-
|
209
|
+
Lockdown::System.fetch(:user_group_model).find_by_sql <<-SQL
|
205
210
|
select user_groups.* from user_groups, user_groups_users
|
206
211
|
where user_groups.id = user_groups_users.user_group_id
|
207
212
|
and user_groups_users.user_id = #{usr.id}
|
data/lib/lockdown.rb
CHANGED
@@ -5,12 +5,19 @@ Lockdown::System.configure do
|
|
5
5
|
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
6
6
|
# Options with defaults:
|
7
7
|
#
|
8
|
-
#
|
8
|
+
#
|
9
|
+
# Set User model:
|
10
|
+
# options[:user_model] = User
|
11
|
+
#
|
12
|
+
# Set UserGroup model:
|
13
|
+
# options[:user_group_model] = UserGroup
|
14
|
+
#
|
15
|
+
# Set who_did_it method:
|
9
16
|
# This method is used in setting the created_by/updated_by fields and
|
10
17
|
# should be accessible to the controller
|
11
18
|
# options[:who_did_it] = :current_user_id
|
12
19
|
#
|
13
|
-
# Set default_who_did_it
|
20
|
+
# Set default_who_did_it:
|
14
21
|
# When current_user_id returns nil, this is the value to use
|
15
22
|
# options[:default_who_did_it] = 1
|
16
23
|
#
|