lockdown 2.0.1 → 2.0.2

data/lib/lockdown.rb

@@ -24,7 +24,7 @@ module Lockdown
 
     # @return the version string for the library.
     def version
-      '2.0.1'
+      '2.0.2'
     end
 
     def rails_mixin

data/lib/lockdown/configuration.rb

@@ -182,7 +182,11 @@ module Lockdown
           end
         end
 
-        authenticated_access + "|" + access_rights_for_permissions(*permission_names)
+        if permission_names.empty?
+          authenticated_access
+        else
+          authenticated_access + "|" + access_rights_for_permissions(*permission_names)
+        end
       end
 
       # @param [Array(String)] names permission names

data/lib/lockdown/delivery.rb

@@ -5,8 +5,6 @@ module Lockdown
     class << self
       # @return [true|false] if the given path is allowed
       def allowed?(path, access_rights = nil)
-        return true if path == '/'
-
         begin
           ::Authorization.configure
         rescue NameError
@@ -19,7 +17,11 @@ module Lockdown
         path += "/" unless path =~ /\/$/
         path = "/" + path unless path =~ /^\//
         
-        access_rights_regex =~ path ? true : false
+        if access_rights_regex =~ path 
+          return true 
+        end
+
+        return false
       end
     end # class block
   end # Delivery

data/lib/lockdown/frameworks/rails/controller.rb

@@ -54,6 +54,14 @@ module Lockdown
               return true 
             end
 
+            path_parts = path.split('/')
+
+            if path_parts.last == "index"
+              path_parts.pop
+              new_path = path_parts.join('/')
+              return Lockdown::Delivery.allowed?(new_path, session[:access_rights])
+            end
+
             begin
               if ::Rails.respond_to?(:application)
                 router = ::Rails.application.routes
@@ -72,11 +80,15 @@ module Lockdown
             end
 
             # Mailto link
-            return true if url =~ /^mailto:/
+            if url =~ /^mailto:/
+              return true 
+            end
 
             # Public file
             file = File.join(::Rails.root, 'public', url)
-            return true if File.exists?(file)
+            if File.exists?(file)
+              return true 
+            end
 
             # Passing in different domain
             return remote_url?(url_parts[2])

data/lockdown.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{lockdown}
-  s.version = "2.0.1"
+  s.version = "2.0.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andrew Stone"]
-  s.date = %q{2010-09-07}
+  s.date = %q{2010-09-21}
   s.description = %q{Restrict access to your controller actions. }
   s.email = %q{andy@stonean.com}
   s.extra_rdoc_files = [
@@ -43,8 +43,7 @@ Gem::Specification.new do |s|
      "test/lockdown/test_permission.rb",
      "test/lockdown/test_resource.rb",
      "test/lockdown/test_session.rb",
-     "test/lockdown/test_user_group.rb",
-     "test/test_lockdown.rb"
+     "test/lockdown/test_user_group.rb"
   ]
   s.homepage = %q{http://stonean.com/wiki/lockdown}
   s.rdoc_options = ["--charset=UTF-8"]
@@ -61,8 +60,7 @@ Gem::Specification.new do |s|
      "test/lockdown/test_permission.rb",
      "test/lockdown/test_helper.rb",
      "test/lockdown/test_resource.rb",
-     "test/helper.rb",
-     "test/test_lockdown.rb"
+     "test/helper.rb"
   ]
 
   if s.respond_to? :specification_version then

data/test/lockdown/test_delivery.rb

@@ -112,6 +112,7 @@ class TestLockdown < MiniTest::Unit::TestCase
     end
     Authorization.public_access :posts
 
+
     assert_equal true, Lockdown::Delivery.allowed?('/posts/update')
 
     assert_equal true, Lockdown::Delivery.allowed?('/posts/update/')
@@ -124,6 +125,7 @@ class TestLockdown < MiniTest::Unit::TestCase
 
     assert_equal true, Lockdown::Delivery.allowed?('/posts/show/')
 
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/')
   end
 
   def test_it_denies_uri_access_to_destroy
@@ -159,5 +161,32 @@ class TestLockdown < MiniTest::Unit::TestCase
 
     assert_equal false, Lockdown::Delivery.allowed?('/users/destroy')
   end
-end
 
+  def test_it_denies_index_access_to_resource_assigned_to_administrators
+    Authorization.permission :register_account do
+      resource :users do
+        only :new, :create
+      end
+    end
+    Authorization.public_access :register_account
+
+    Authorization.permission :my_account do
+      resource :users do
+        only :show, :update
+      end
+    end
+    Authorization.protected_access :my_account
+
+    Authorization.permission 'users'
+    Authorization.user_group 'Administrators', 'users'
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users/new')
+    assert_equal true, Lockdown::Delivery.allowed?('/users/create')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/', Lockdown::Configuration.authenticated_access)
+    assert_equal false, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
+
+  end
+end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 2
   - 0
-  - 1
-  version: 2.0.1
+  - 2
+  version: 2.0.2
 platform: ruby
 authors: 
 - Andrew Stone
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-07 00:00:00 -04:00
+date: 2010-09-21 00:00:00 -04:00
 default_executable: 
 dependencies: []
 
@@ -55,7 +55,6 @@ files:
 - test/lockdown/test_resource.rb
 - test/lockdown/test_session.rb
 - test/lockdown/test_user_group.rb
-- test/test_lockdown.rb
 has_rdoc: true
 homepage: http://stonean.com/wiki/lockdown
 licenses: []
@@ -98,4 +97,3 @@ test_files:
 - test/lockdown/test_helper.rb
 - test/lockdown/test_resource.rb
 - test/helper.rb
-- test/test_lockdown.rb

data/test/test_lockdown.rb

@@ -1,11 +0,0 @@
-# encoding: utf-8
-
-require 'helper'
-
-class TestLockdown < MiniTest::Unit::TestCase
-
-  def test_version
-    assert_equal '2.0.0', Lockdown.version
-  end
-
-end