RubyGems - lockdown - Versions diffs - 1.3.2 → 1.5.0 - Mend

lockdown 1.3.2 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/VERSION +1 -1
data/lib/lockdown/frameworks/rails/controller.rb +2 -1
data/lib/lockdown/rules.rb +3 -0
data/lib/lockdown/system.rb +6 -0
data/lib/lockdown.rb +12 -8
metadata +2 -4
data/History.txt +0 -195
data/lockdown.gemspec +0 -119

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.3.2
1	+ 1.5.0

data/lib/lockdown/frameworks/rails/controller.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Lockdown
         module Lock
           def configure_lockdown
+            Lockdown.maybe_parse_init
             check_session_expiry
             store_location
           end
@@ -94,7 +95,7 @@ module Lockdown
           def ld_access_denied(e)
-            RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
+            Lockdown.logger.info "Access denied: #{e}"
             if Lockdown::System.fetch(:logout_on_access_violation)
               reset_session

data/lib/lockdown/rules.rb CHANGED Viewed

@@ -86,6 +86,9 @@ module Lockdown
     def set_user_group(name, *perms)
       user_groups[name] ||= []
       perms.each do |perm|
+        if permission_assigned_automatically?(perm)
+          raise Lockdown::InvalidPermissionAssignment, "Permission is assigned automatically.  Please remove it from #{name} user group"
+        end
         user_groups[name].push(perm)
       end
     end

data/lib/lockdown/system.rb CHANGED Viewed

@@ -12,6 +12,12 @@ module Lockdown
       process_rules
       Lockdown::Database.sync_with_db unless skip_sync?
+      @initialized = true
+    end
+    def self.initialized?
+      @initialized
     end
     def self.fetch(key)

data/lib/lockdown.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Lockdown
   extend Lockdown::References
   extend Lockdown::Helper
-  VERSION = '1.3.2'
+  VERSION = '1.4.0'
   class << self
     attr_accessor :logger
@@ -44,18 +44,22 @@ module Lockdown
         unless mixin_resource?("orms")
           raise NotImplementedError, "ORM unknown to Lockdown!"
         end
-        if File.exists?(Lockdown.init_file)
-          Lockdown.logger.info "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
-          require Lockdown.init_file
-        else
-          Lockdown.logger.info "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
-        end
       else
         Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
       end
     end # mixin
+    def maybe_parse_init
+      return if Lockdown::System.initialized?
+      if File.exists?(Lockdown.init_file)
+        Lockdown.logger.info "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
+        require Lockdown.init_file
+      else
+        Lockdown.logger.info "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
+      end
+    end
     private
     def mixin_resource?(str)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lockdown
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.5.0
 platform: ruby
 authors:
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-10-17 00:00:00 -04:00
+date: 2009-11-06 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -32,7 +32,6 @@ extra_rdoc_files:
 - README.txt
 files:
 - .gitignore
-- History.txt
 - README.txt
 - Rakefile
 - VERSION
@@ -51,7 +50,6 @@ files:
 - lib/lockdown/rules.rb
 - lib/lockdown/session.rb
 - lib/lockdown/system.rb
-- lockdown.gemspec
 - rails_generators/lockdown/lockdown_generator.rb
 - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
 - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb

data/History.txt DELETED Viewed

@@ -1,195 +0,0 @@
-== 0.7.1 2009-01-xx
-* Update init.rb with documentation on how to use admin namespaces
-== 0.7.0 2009-01-xx
-* Removed lockdown as an executable.  Will always go through the generator used by the framework.
-* Removed references to classy inheritance.  Directly coded some of classy inheritance's functionality into User model.
-== 0.6.3 2008-12-02
-* Fixed: Database sync was failing.  Cause of refactor. Apologies
-== 0.6.2 2008-12-01
-* Fixed: Made call to action_methods instead of calculating controller actions
-== 0.6.1 2008-11-21
-* Fixed: Named routes were not being honored in link_to
-== 0.6.0 2008-11-15
-* Big refactor of internals
-== 0.5.22 2008-09-14
-* Update: Add test for future deprecation: Dependencies to be ActiveSupport::Dependencies
-== 0.5.21 2008-09-12
-* Updated lockdown to abide by config.active_record.timestamped_migrations introduced in Rails 2.1.1
-* Fixed: schlick fixed an issue with the user_groups edit.html.erb.  thanks Michael!
-== 0.5.20 2008-08-04
-* Fixed authorized? method to avoid ActionController::Routing::Routes.recognize_path invalid return values
-* Added option[:session_timeout_method]. This method will be called when the session times out.
-== 0.5.19 2008-08-01
-* Modified the lockdown system to account for permissions added/removed from user groups in init.rb.  This will NOT manage user groups defined via the admin screens.
-== 0.5.18 2008-07-23
-* Changed the generator options to simplify things. The default now is to generate all templates.
-== 0.5.17 2008-07-21
-* Updated included classy inheritance library 0.6.1.
-== 0.5.16 2008-07-18
-* Updated included classy inheritance library.
-== 0.5.14 2008-07-18
-* Change: option no_migration to skip-migrations to mimick other generator options
-* Fixed: errant creation of sessions directory in app/controllers
-== 0.5.13 2008-07-10
-* Add: Support for --namespace option on generator.  Use as ./script generate lockdown --all --namespace=admin
-== 0.5.12 2008-07-02
-* Fix: Added production environment conditional to Dependencies.clear.
-== 0.5.11 2008-06-25
-* Update: Classy Inheritance to current version 0.4.4
-== 0.5.10 2008-06-24
-* Modified: Classy Inheritance is now bundled with Lockdown to simplify the user management screens.
-* Fixed: Templates: Use m.template with views to test for rails version for action_name issue
-* Added: Templates: Missing javascript for do_highlight
-* Fixed: Templates: Usage of ul for permissions and user groups.
-* Clean: Templates: Removed unnecessary :locals => {:f => f} attribute in _form partials
-* Clean: Templates: Changed text_field_tag to text_field.
-== 0.5.9 2008-06-19
-* Fixed: Added url.strip! to account for spaces.  URI::split(url) was bombing if url contained spaces.
-== 0.5.8 2008-06-17
-* Fixed: External links are no longer restricted by link_to security.
-* Modified: Name of migration that adds admin user.
-== 0.5.7 2008-06-13
-* Fixed: Change password template, removed ajax usage. Issue: http://stonean.com/issues/show/5
-== 0.5.6 2008-06-05
-* Fixed: Misspelling of respond_to?, for some reason I keep thinking responds_to?
-== 0.5.5 2008-06-05
-* Fixed: Changed request comparison code. Requests that were supposed to be passing were failing.
-== 0.5.4 2008-06-05
-* Fixed: Issue with helpers in Rails 2.1, @action_name is no longer accessible, must call action_name method.
-* Fixed: Issue with users controller, show method not having user_groups_for_user instance variable
-* Modified: The end of the lockdown executable now references stonean.com instead of rubyforge site.
-== 0.5.3 2008-06-01
-* Fixed: Issue with new timestamped based migrations in rails 2.1.  Migration templates created were all done within the same second, therefore having the same timestamp, added a sleep call to the next_migration_string to get around the issue.
-* Fixed: User Groups management template had a bug on the show screen.  Was not getting @all_permissions instance variable set.
-== 0.5.2 2008-05-26
-* Fixed: make call to Dependencies.clear after inspecting controllers.  Using Dependencies.require_or_load is not sufficient it seems.
-== 0.5.1 2008-05-25
-* Fixed: bug with namespaced access having identical standard access.  e.g. /users and /admin/users
-== 0.5.0 2008-05-22
-* Added: new generator options for more control over templates
-* Fixed: sessions_controller successful_login didn't honor Lockdown::System options setting for :successful_login_path
-* Modified: System had [] method which could cause issues in future releases.  Use Lockdown::System.fetch(:option) to retrieve options
-== 0.4.6 2008-05-08
-* Fixed: link_to destroy/show conditionals were in wrong order and therefore not working.
-== 0.4.5 2008-05-08
-* Rubyforge having an issue with the gem, I'm getting 404 errors trying to install 0.4.4 so I'm deploying a new version. no code changes.
-== 0.4.4 2008-05-08
-* Modified: refactored the link_to_secured and authorized? code to be more efficient
-== 0.4.3 2008-05-08
-* Fixed: broken show (and destroy) permission test.  also reduced calls to polymorphic path by generating the url once
-== 0.4.2 2008-05-08
-* Fixed: broken link_to functionality.
-== 0.4.1 2008-05-06
-* Just some minor tabs-to-spaces formatting and removed unnecessary helper included into the user model.
-== 0.4.0 2008-05-04
-* Added: Automatically sync definitions in init.rb with database to remove migrations requirement
-* Added: Improved notification if invalid user group or permission is referenced in init.rb
-* Added: Check in user_groups controller to prevent url hack and modify/destroy user group defined in init.rb
-* Modified: Renamed access_rights_for_perm to access_rights_for_permission for consistency sake.  Change then method call in permissions_helper if you have this installed
-== 0.3.15 2008-05-03
-* Fixed: The controller inspection code was short-circuiting the Dependencies reload mechanism while in development mode.
-== 0.3.14 2008-05-02
-* Fixed:  Session keys to use symbols.  Wasn't correctly expiring the session.
-== 0.3.13 2008-05-02
-* Fixed: The users and user_groups controller templates needed user_groups_for_users and all_permissions (respectively) instance variables set if validation failed on update.
-== 0.3.12 2008-05-02
-* Fixed: The timestamps were being set on created_by and updated_by.
-* Changed: The init.rb and lockdown_all interaction to better define where configurations should be placed.
-== 0.3.11 2008-05-01
-* Modified: Lockdown::System controller inspect to use "load" instead of "require".
-== 0.3.10 2008-05-01
-* Fixed: users_controller management of user_groups was using outdated methods.  this applies only to the stubs produced with the generator
-== 0.3.9 2008-05-01
-* Modify: changed controller_classes from array to hash to speed up access
-== 0.3.8 2008-05-01
-* Fixed: corrected class loader to ensure ObjectSpace is used only once
-== 0.3.7 2008-05-01
-* Fixed: access rights list for permissions. maded modifications to permissions helper as well.
-== 0.3.6 2008-04-30
-* Fixed: The block in init.rb does not take a parameter.  This has been removed from the template.
-== 0.3.5 2008-04-30
-* Added: Basic configuations to config/lockdown/init.rb when using the generator
-== 0.3.4 2008-04-30
-* Fixed: Addition of require 'lockdown/init' to config file
-== 0.3.3 2008-04-30
-* Spoke too soon.  Omitted user_group controller change.
-== 0.3.2 2008-04-30
-* Management screens looking good.  Now moving on to testing with starter application.
-== 0.3.1 2008-04-29
-* Some initital testing done.
-== 0.3.0 2008-04-29
-* Big change in how the system is installed and configured in the project.
-	Introduced lib/lockdown/init.rb.
-	Removed lib/lockdown/access.rb.
-	Now use more of a Rails-ish initializer functionality.  This adds flexibility
-	and places the core code back in the gem, that's what I was after.
-== 0.2.0 2008-04-25
-* First full implementation of generate script "lockdown_all".  Warranted a bump up of the minor version.
-== 0.1.4 2008-04-25
-* Uncommented line in config/hoe.rb to hopefully resolved rubigen dependency issue.
-== 0.1.3 2008-04-25
-* Still Don't have correct dependencies. Added in first crack at lockdown_all generator.
-== 0.1.2 2008-04-25
-* Didn't have correct dependencies.
-== 0.1.1 2008-04-24
-* Fixed bug with session cleanup.
-== 0.1.0 2008-04-18
-* Nearing public release status.
-  * In bug testing mode now.
-== 0.0.1 2008-04-18
-* initial add of gem

data/lockdown.gemspec DELETED Viewed

@@ -1,119 +0,0 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
-# -*- encoding: utf-8 -*-
-Gem::Specification.new do |s|
-  s.name = %q{lockdown}
-  s.version = "1.3.2"
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Andrew Stone"]
-  s.date = %q{2009-10-17}
-  s.description = %q{Restrict access to your controller actions.  Supports basic model level restrictions as well}
-  s.email = %q{andy@stonean.com}
-  s.extra_rdoc_files = [
-    "README.txt"
-  ]
-  s.files = [
-    ".gitignore",
-     "History.txt",
-     "README.txt",
-     "Rakefile",
-     "VERSION",
-     "lib/lockdown.rb",
-     "lib/lockdown/context.rb",
-     "lib/lockdown/database.rb",
-     "lib/lockdown/errors.rb",
-     "lib/lockdown/frameworks/rails.rb",
-     "lib/lockdown/frameworks/rails/controller.rb",
-     "lib/lockdown/frameworks/rails/view.rb",
-     "lib/lockdown/helper.rb",
-     "lib/lockdown/orms/active_record.rb",
-     "lib/lockdown/permission.rb",
-     "lib/lockdown/references.rb",
-     "lib/lockdown/rspec_helper.rb",
-     "lib/lockdown/rules.rb",
-     "lib/lockdown/session.rb",
-     "lib/lockdown/system.rb",
-     "lockdown.gemspec",
-     "rails_generators/lockdown/lockdown_generator.rb",
-     "rails_generators/lockdown/templates/app/controllers/permissions_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/sessions_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/users_controller.rb",
-     "rails_generators/lockdown/templates/app/helpers/permissions_helper.rb",
-     "rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb",
-     "rails_generators/lockdown/templates/app/helpers/users_helper.rb",
-     "rails_generators/lockdown/templates/app/models/permission.rb",
-     "rails_generators/lockdown/templates/app/models/profile.rb",
-     "rails_generators/lockdown/templates/app/models/user.rb",
-     "rails_generators/lockdown/templates/app/models/user_group.rb",
-     "rails_generators/lockdown/templates/app/views/permissions/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/permissions/show.html.erb",
-     "rails_generators/lockdown/templates/app/views/sessions/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/show.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/edit.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/show.html.erb",
-     "rails_generators/lockdown/templates/config/initializers/lockit.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_admin_user.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_permissions.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_profiles.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_user_groups.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_users.rb",
-     "rails_generators/lockdown/templates/lib/lockdown/README",
-     "rails_generators/lockdown/templates/lib/lockdown/init.rb",
-     "spec/lockdown/context_spec.rb",
-     "spec/lockdown/database_spec.rb",
-     "spec/lockdown/frameworks/rails/controller_spec.rb",
-     "spec/lockdown/frameworks/rails/view_spec.rb",
-     "spec/lockdown/frameworks/rails_spec.rb",
-     "spec/lockdown/permission_spec.rb",
-     "spec/lockdown/rspec_helper_spec.rb",
-     "spec/lockdown/rules_spec.rb",
-     "spec/lockdown/session_spec.rb",
-     "spec/lockdown/system_spec.rb",
-     "spec/lockdown_spec.rb",
-     "spec/rcov.opts",
-     "spec/spec.opts",
-     "spec/spec_helper.rb"
-  ]
-  s.homepage = %q{http://stonean.com/wiki/lockdown}
-  s.rdoc_options = ["--charset=UTF-8"]
-  s.require_paths = ["lib"]
-  s.rubyforge_project = %q{lockdown}
-  s.rubygems_version = %q{1.3.5}
-  s.summary = %q{Authorization system for Rails 2.x}
-  s.test_files = [
-    "spec/lockdown/context_spec.rb",
-     "spec/lockdown/database_spec.rb",
-     "spec/lockdown/frameworks/rails/controller_spec.rb",
-     "spec/lockdown/frameworks/rails/view_spec.rb",
-     "spec/lockdown/frameworks/rails_spec.rb",
-     "spec/lockdown/permission_spec.rb",
-     "spec/lockdown/rspec_helper_spec.rb",
-     "spec/lockdown/rules_spec.rb",
-     "spec/lockdown/session_spec.rb",
-     "spec/lockdown/system_spec.rb",
-     "spec/lockdown_spec.rb",
-     "spec/spec_helper.rb"
-  ]
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<rspec>, [">= 0"])
-    else
-      s.add_dependency(%q<rspec>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<rspec>, [">= 0"])
-  end
-end