RubyGems - lockdown - Versions diffs - 1.3.2 → 1.5.0 - Mend

lockdown 1.3.2 → 1.5.0

Files changed (8) hide show

data/VERSION +1 -1
data/lib/lockdown/frameworks/rails/controller.rb +2 -1
data/lib/lockdown/rules.rb +3 -0
data/lib/lockdown/system.rb +6 -0
data/lib/lockdown.rb +12 -8
metadata +2 -4
data/History.txt +0 -195
data/lockdown.gemspec +0 -119

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.3.2
1	+ 1.5.0

data/lib/lockdown/frameworks/rails/controller.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Lockdown
         module Lock
           def configure_lockdown
+            Lockdown.maybe_parse_init
             check_session_expiry
             store_location
           end
@@ -94,7 +95,7 @@ module Lockdown
           def ld_access_denied(e)
-            RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
+            Lockdown.logger.info "Access denied: #{e}"
             if Lockdown::System.fetch(:logout_on_access_violation)
               reset_session

data/lib/lockdown/rules.rb CHANGED Viewed

@@ -86,6 +86,9 @@ module Lockdown
     def set_user_group(name, *perms)
       user_groups[name] ||= []
       perms.each do |perm|
+        if permission_assigned_automatically?(perm)
+          raise Lockdown::InvalidPermissionAssignment, "Permission is assigned automatically.  Please remove it from #{name} user group"
+        end
         user_groups[name].push(perm)
       end
     end

data/lib/lockdown/system.rb CHANGED Viewed

@@ -12,6 +12,12 @@ module Lockdown
       process_rules
       Lockdown::Database.sync_with_db unless skip_sync?
+      @initialized = true
+    end
+    def self.initialized?
+      @initialized
     end
     def self.fetch(key)

data/lib/lockdown.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Lockdown
   extend Lockdown::References
   extend Lockdown::Helper
-  VERSION = '1.3.2'
+  VERSION = '1.4.0'
   class << self
     attr_accessor :logger
@@ -44,18 +44,22 @@ module Lockdown
         unless mixin_resource?("orms")
           raise NotImplementedError, "ORM unknown to Lockdown!"
         end
-        if File.exists?(Lockdown.init_file)
-          Lockdown.logger.info "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
-          require Lockdown.init_file
-        else
-          Lockdown.logger.info "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
-        end
       else
         Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
       end
     end # mixin
+    def maybe_parse_init
+      return if Lockdown::System.initialized?
+      if File.exists?(Lockdown.init_file)
+        Lockdown.logger.info "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
+        require Lockdown.init_file
+      else
+        Lockdown.logger.info "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
+      end
+    end
     private
     def mixin_resource?(str)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lockdown
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.5.0
 platform: ruby
 authors:
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-10-17 00:00:00 -04:00
+date: 2009-11-06 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -32,7 +32,6 @@ extra_rdoc_files:
 - README.txt
 files:
 - .gitignore
-- History.txt
 - README.txt
 - Rakefile
 - VERSION
@@ -51,7 +50,6 @@ files:
 - lib/lockdown/rules.rb
 - lib/lockdown/session.rb
 - lib/lockdown/system.rb
-- lockdown.gemspec
 - rails_generators/lockdown/lockdown_generator.rb
 - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
 - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb

data/History.txt DELETED Viewed

@@ -1,195 +0,0 @@
-== 0.7.1 2009-01-xx
-* Update init.rb with documentation on how to use admin namespaces
-== 0.7.0 2009-01-xx
-* Removed lockdown as an executable.  Will always go through the generator used by the framework.
-* Removed references to classy inheritance.  Directly coded some of classy inheritance's functionality into User model.
-== 0.6.3 2008-12-02
-* Fixed: Database sync was failing.  Cause of refactor. Apologies
-== 0.6.2 2008-12-01
-* Fixed: Made call to action_methods instead of calculating controller actions
-== 0.6.1 2008-11-21
-* Fixed: Named routes were not being honored in link_to
-== 0.6.0 2008-11-15
-* Big refactor of internals
-== 0.5.22 2008-09-14
-* Update: Add test for future deprecation: Dependencies to be ActiveSupport::Dependencies
-== 0.5.21 2008-09-12
-* Updated lockdown to abide by config.active_record.timestamped_migrations introduced in Rails 2.1.1
-* Fixed: schlick fixed an issue with the user_groups edit.html.erb.  thanks Michael!
-== 0.5.20 2008-08-04
-* Fixed authorized? method to avoid ActionController::Routing::Routes.recognize_path invalid return values
-* Added option[:session_timeout_method]. This method will be called when the session times out.
-== 0.5.19 2008-08-01
-* Modified the lockdown system to account for permissions added/removed from user groups in init.rb.  This will NOT manage user groups defined via the admin screens.
-== 0.5.18 2008-07-23
-* Changed the generator options to simplify things. The default now is to generate all templates.
-== 0.5.17 2008-07-21
-* Updated included classy inheritance library 0.6.1.
-== 0.5.16 2008-07-18
-* Updated included classy inheritance library.
-== 0.5.14 2008-07-18
-* Change: option no_migration to skip-migrations to mimick other generator options
-* Fixed: errant creation of sessions directory in app/controllers
-== 0.5.13 2008-07-10
-* Add: Support for --namespace option on generator.  Use as ./script generate lockdown --all --namespace=admin
-== 0.5.12 2008-07-02
-* Fix: Added production environment conditional to Dependencies.clear.
-== 0.5.11 2008-06-25
-* Update: Classy Inheritance to current version 0.4.4
-== 0.5.10 2008-06-24
-* Modified: Classy Inheritance is now bundled with Lockdown to simplify the user management screens.
-* Fixed: Templates: Use m.template with views to test for rails version for action_name issue
-* Added: Templates: Missing javascript for do_highlight
-* Fixed: Templates: Usage of ul for permissions and user groups.
-* Clean: Templates: Removed unnecessary :locals => {:f => f} attribute in _form partials
-* Clean: Templates: Changed text_field_tag to text_field.
-== 0.5.9 2008-06-19
-* Fixed: Added url.strip! to account for spaces.  URI::split(url) was bombing if url contained spaces.
-== 0.5.8 2008-06-17
-* Fixed: External links are no longer restricted by link_to security.
-* Modified: Name of migration that adds admin user.
-== 0.5.7 2008-06-13
-* Fixed: Change password template, removed ajax usage. Issue: http://stonean.com/issues/show/5
-== 0.5.6 2008-06-05
-* Fixed: Misspelling of respond_to?, for some reason I keep thinking responds_to?
-== 0.5.5 2008-06-05
-* Fixed: Changed request comparison code. Requests that were supposed to be passing were failing.
-== 0.5.4 2008-06-05
-* Fixed: Issue with helpers in Rails 2.1, @action_name is no longer accessible, must call action_name method.
-* Fixed: Issue with users controller, show method not having user_groups_for_user instance variable
-* Modified: The end of the lockdown executable now references stonean.com instead of rubyforge site.
-== 0.5.3 2008-06-01
-* Fixed: Issue with new timestamped based migrations in rails 2.1.  Migration templates created were all done within the same second, therefore having the same timestamp, added a sleep call to the next_migration_string to get around the issue.
-* Fixed: User Groups management template had a bug on the show screen.  Was not getting @all_permissions instance variable set.
-== 0.5.2 2008-05-26
-* Fixed: make call to Dependencies.clear after inspecting controllers.  Using Dependencies.require_or_load is not sufficient it seems.
-== 0.5.1 2008-05-25
-* Fixed: bug with namespaced access having identical standard access.  e.g. /users and /admin/users
-== 0.5.0 2008-05-22
-* Added: new generator options for more control over templates
-* Fixed: sessions_controller successful_login didn't honor Lockdown::System options setting for :successful_login_path
-* Modified: System had [] method which could cause issues in future releases.  Use Lockdown::System.fetch(:option) to retrieve options
-== 0.4.6 2008-05-08
-* Fixed: link_to destroy/show conditionals were in wrong order and therefore not working.
-== 0.4.5 2008-05-08
-* Rubyforge having an issue with the gem, I'm getting 404 errors trying to install 0.4.4 so I'm deploying a new version. no code changes.
-== 0.4.4 2008-05-08
-* Modified: refactored the link_to_secured and authorized? code to be more efficient
-== 0.4.3 2008-05-08
-* Fixed: broken show (and destroy) permission test.  also reduced calls to polymorphic path by generating the url once
-== 0.4.2 2008-05-08
-* Fixed: broken link_to functionality.
-== 0.4.1 2008-05-06
-* Just some minor tabs-to-spaces formatting and removed unnecessary helper included into the user model.
-== 0.4.0 2008-05-04
-* Added: Automatically sync definitions in init.rb with database to remove migrations requirement
-* Added: Improved notification if invalid user group or permission is referenced in init.rb
-* Added: Check in user_groups controller to prevent url hack and modify/destroy user group defined in init.rb
-* Modified: Renamed access_rights_for_perm to access_rights_for_permission for consistency sake.  Change then method call in permissions_helper if you have this installed
-== 0.3.15 2008-05-03
-* Fixed: The controller inspection code was short-circuiting the Dependencies reload mechanism while in development mode.
-== 0.3.14 2008-05-02
-* Fixed:  Session keys to use symbols.  Wasn't correctly expiring the session.
-== 0.3.13 2008-05-02
-* Fixed: The users and user_groups controller templates needed user_groups_for_users and all_permissions (respectively) instance variables set if validation failed on update.
-== 0.3.12 2008-05-02
-* Fixed: The timestamps were being set on created_by and updated_by.
-* Changed: The init.rb and lockdown_all interaction to better define where configurations should be placed.
-== 0.3.11 2008-05-01
-* Modified: Lockdown::System controller inspect to use "load" instead of "require".
-== 0.3.10 2008-05-01
-* Fixed: users_controller management of user_groups was using outdated methods.  this applies only to the stubs produced with the generator
-== 0.3.9 2008-05-01
-* Modify: changed controller_classes from array to hash to speed up access
-== 0.3.8 2008-05-01
-* Fixed: corrected class loader to ensure ObjectSpace is used only once
-== 0.3.7 2008-05-01
-* Fixed: access rights list for permissions. maded modifications to permissions helper as well.
-== 0.3.6 2008-04-30
-* Fixed: The block in init.rb does not take a parameter.  This has been removed from the template.
-== 0.3.5 2008-04-30
-* Added: Basic configuations to config/lockdown/init.rb when using the generator
-== 0.3.4 2008-04-30
-* Fixed: Addition of require 'lockdown/init' to config file
-== 0.3.3 2008-04-30
-* Spoke too soon.  Omitted user_group controller change.
-== 0.3.2 2008-04-30
-* Management screens looking good.  Now moving on to testing with starter application.
-== 0.3.1 2008-04-29
-* Some initital testing done.
-== 0.3.0 2008-04-29
-* Big change in how the system is installed and configured in the project.
-	Introduced lib/lockdown/init.rb.
-	Removed lib/lockdown/access.rb.
-	Now use more of a Rails-ish initializer functionality.  This adds flexibility
-	and places the core code back in the gem, that's what I was after.
-== 0.2.0 2008-04-25
-* First full implementation of generate script "lockdown_all".  Warranted a bump up of the minor version.
-== 0.1.4 2008-04-25
-* Uncommented line in config/hoe.rb to hopefully resolved rubigen dependency issue.
-== 0.1.3 2008-04-25
-* Still Don't have correct dependencies. Added in first crack at lockdown_all generator.
-== 0.1.2 2008-04-25
-* Didn't have correct dependencies.
-== 0.1.1 2008-04-24
-* Fixed bug with session cleanup.
-== 0.1.0 2008-04-18
-* Nearing public release status.
-  * In bug testing mode now.
-== 0.0.1 2008-04-18
-* initial add of gem

data/lockdown.gemspec DELETED Viewed

@@ -1,119 +0,0 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
-# -*- encoding: utf-8 -*-
-Gem::Specification.new do |s|
-  s.name = %q{lockdown}
-  s.version = "1.3.2"
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Andrew Stone"]
-  s.date = %q{2009-10-17}
-  s.description = %q{Restrict access to your controller actions.  Supports basic model level restrictions as well}
-  s.email = %q{andy@stonean.com}
-  s.extra_rdoc_files = [
-    "README.txt"
-  ]
-  s.files = [
-    ".gitignore",
-     "History.txt",
-     "README.txt",
-     "Rakefile",
-     "VERSION",
-     "lib/lockdown.rb",
-     "lib/lockdown/context.rb",
-     "lib/lockdown/database.rb",
-     "lib/lockdown/errors.rb",
-     "lib/lockdown/frameworks/rails.rb",
-     "lib/lockdown/frameworks/rails/controller.rb",
-     "lib/lockdown/frameworks/rails/view.rb",
-     "lib/lockdown/helper.rb",
-     "lib/lockdown/orms/active_record.rb",
-     "lib/lockdown/permission.rb",
-     "lib/lockdown/references.rb",
-     "lib/lockdown/rspec_helper.rb",
-     "lib/lockdown/rules.rb",
-     "lib/lockdown/session.rb",
-     "lib/lockdown/system.rb",
-     "lockdown.gemspec",
-     "rails_generators/lockdown/lockdown_generator.rb",
-     "rails_generators/lockdown/templates/app/controllers/permissions_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/sessions_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/users_controller.rb",
-     "rails_generators/lockdown/templates/app/helpers/permissions_helper.rb",
-     "rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb",
-     "rails_generators/lockdown/templates/app/helpers/users_helper.rb",
-     "rails_generators/lockdown/templates/app/models/permission.rb",
-     "rails_generators/lockdown/templates/app/models/profile.rb",
-     "rails_generators/lockdown/templates/app/models/user.rb",
-     "rails_generators/lockdown/templates/app/models/user_group.rb",
-     "rails_generators/lockdown/templates/app/views/permissions/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/permissions/show.html.erb",
-     "rails_generators/lockdown/templates/app/views/sessions/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/show.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/edit.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/show.html.erb",
-     "rails_generators/lockdown/templates/config/initializers/lockit.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_admin_user.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_permissions.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_profiles.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_user_groups.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_users.rb",
-     "rails_generators/lockdown/templates/lib/lockdown/README",
-     "rails_generators/lockdown/templates/lib/lockdown/init.rb",
-     "spec/lockdown/context_spec.rb",
-     "spec/lockdown/database_spec.rb",
-     "spec/lockdown/frameworks/rails/controller_spec.rb",
-     "spec/lockdown/frameworks/rails/view_spec.rb",
-     "spec/lockdown/frameworks/rails_spec.rb",
-     "spec/lockdown/permission_spec.rb",
-     "spec/lockdown/rspec_helper_spec.rb",
-     "spec/lockdown/rules_spec.rb",
-     "spec/lockdown/session_spec.rb",
-     "spec/lockdown/system_spec.rb",
-     "spec/lockdown_spec.rb",
-     "spec/rcov.opts",
-     "spec/spec.opts",
-     "spec/spec_helper.rb"
-  ]
-  s.homepage = %q{http://stonean.com/wiki/lockdown}
-  s.rdoc_options = ["--charset=UTF-8"]
-  s.require_paths = ["lib"]
-  s.rubyforge_project = %q{lockdown}
-  s.rubygems_version = %q{1.3.5}
-  s.summary = %q{Authorization system for Rails 2.x}
-  s.test_files = [
-    "spec/lockdown/context_spec.rb",
-     "spec/lockdown/database_spec.rb",
-     "spec/lockdown/frameworks/rails/controller_spec.rb",
-     "spec/lockdown/frameworks/rails/view_spec.rb",
-     "spec/lockdown/frameworks/rails_spec.rb",
-     "spec/lockdown/permission_spec.rb",
-     "spec/lockdown/rspec_helper_spec.rb",
-     "spec/lockdown/rules_spec.rb",
-     "spec/lockdown/session_spec.rb",
-     "spec/lockdown/system_spec.rb",
-     "spec/lockdown_spec.rb",
-     "spec/spec_helper.rb"
-  ]
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<rspec>, [">= 0"])
-    else
-      s.add_dependency(%q<rspec>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<rspec>, [">= 0"])
-  end
-end