lockdown 2.0.5 → 2.0.6

Sign up to get free protection for your applications and to get access to all the features.
@@ -24,7 +24,7 @@ module Lockdown
24
24
 
25
25
  # @return the version string for the library.
26
26
  def version
27
- '2.0.5'
27
+ '2.0.6'
28
28
  end
29
29
 
30
30
  def rails_mixin
@@ -101,7 +101,7 @@ module Lockdown
101
101
  def regexes(permissions)
102
102
  permissions.collect!{|p| p.to_s}
103
103
  perms = Lockdown::Configuration.permissions.select{|p| permissions.include?(p.name)}
104
- perms.collect{|p| p.regex_pattern}.join("|")
104
+ perms.collect{|p| p.regex_pattern}.join(Lockdown::DELIMITER)
105
105
  end
106
106
 
107
107
  end # Access
@@ -49,9 +49,6 @@ module Lockdown
49
49
  # Which environments Lockdown should not sync with db
50
50
  # Default ['test']
51
51
  attr_accessor :skip_db_sync_in
52
- # Slice size for permission regexes
53
- # Default 10
54
- attr_accessor :permission_slice_size
55
52
  # Set defaults.
56
53
  def reset
57
54
  @configured = false
@@ -73,12 +70,11 @@ module Lockdown
73
70
  @user_model = "User"
74
71
 
75
72
  @skip_db_sync_in = ['test']
76
- @permission_slice_size = 10
77
73
  end
78
74
 
79
75
  # @return [String] concatentation of public_access + "|" + protected_access
80
76
  def authenticated_access
81
- public_access + "|" + protected_access
77
+ public_access + Lockdown::DELIMITER + protected_access
82
78
  end
83
79
 
84
80
  # @param [String,Symbol] name permission name
@@ -186,21 +182,17 @@ module Lockdown
186
182
  end
187
183
  end
188
184
 
189
- slice_permission_regexes(authenticated_access, access_rights_for_permissions(*permission_names))
190
- end
191
-
192
- def slice_permission_regexes(authenticated_access, permissions)
193
- result = [authenticated_access]
194
- permissions.each_slice(permission_slice_size) do |permission_slice|
195
- result << permission_slice.join('|')
185
+ if permission_names.empty?
186
+ authenticated_access
187
+ else
188
+ authenticated_access + Lockdown::DELIMITER + access_rights_for_permissions(*permission_names)
196
189
  end
197
- result
198
190
  end
199
191
 
200
192
  # @param [Array(String)] names permission names
201
193
  # @return [String] combination of regex_patterns from permissions
202
194
  def access_rights_for_permissions(*names)
203
- names.collect{|name| "(#{permission(name).regex_pattern})"}
195
+ names.collect{|name| "(#{permission(name).regex_pattern})"}.join(Lockdown::DELIMITER)
204
196
  end
205
197
 
206
198
  def skip_sync?
@@ -10,14 +10,18 @@ module Lockdown
10
10
  rescue NameError
11
11
  end
12
12
 
13
+ access_rights ||= Lockdown::Configuration.public_access
14
+
13
15
  path += "/" unless path =~ /\/$/
14
16
  path = "/" + path unless path =~ /^\//
15
17
 
16
- access_rights ||= [Lockdown::Configuration.public_access]
17
-
18
- return access_rights.any? do |access_rights_group|
19
- (Lockdown.regex(access_rights_group) =~ path) == 0
18
+ access_rights.split(Lockdown::DELIMITER).each do |ar|
19
+ if (Lockdown.regex(ar) =~ path) == 0
20
+ return true
21
+ end
20
22
  end
23
+
24
+ return false
21
25
  end
22
26
  end # class block
23
27
  end # Delivery
@@ -3,6 +3,8 @@
3
3
  require 'active_support/core_ext'
4
4
 
5
5
  module Lockdown
6
+ DELIMITER = '^+^'
7
+
6
8
  module Helper
7
9
  # @return [Regexp] with \A \z boundaries
8
10
  def regex(string)
@@ -1,66 +1,64 @@
1
1
  # Generated by jeweler
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
- # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{lockdown}
8
- s.version = "2.0.5"
8
+ s.version = "2.0.6"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Andrew Stone"]
12
- s.date = %q{2010-10-24}
12
+ s.date = %q{2010-11-20}
13
13
  s.description = %q{Restrict access to your controller actions. }
14
14
  s.email = %q{andy@stonean.com}
15
15
  s.extra_rdoc_files = [
16
16
  "README.md"
17
17
  ]
18
18
  s.files = [
19
- ".gitignore",
20
- "README.md",
21
- "Rakefile",
22
- "lib/lockdown.rb",
23
- "lib/lockdown/access.rb",
24
- "lib/lockdown/configuration.rb",
25
- "lib/lockdown/database.rb",
26
- "lib/lockdown/delivery.rb",
27
- "lib/lockdown/errors.rb",
28
- "lib/lockdown/frameworks/rails.rb",
29
- "lib/lockdown/frameworks/rails/controller.rb",
30
- "lib/lockdown/frameworks/rails/view.rb",
31
- "lib/lockdown/helper.rb",
32
- "lib/lockdown/orms/active_record.rb",
33
- "lib/lockdown/permission.rb",
34
- "lib/lockdown/resource.rb",
35
- "lib/lockdown/session.rb",
36
- "lib/lockdown/user_group.rb",
37
- "lockdown.gemspec",
38
- "test/helper.rb",
39
- "test/lockdown/test_access.rb",
40
- "test/lockdown/test_configuration.rb",
41
- "test/lockdown/test_delivery.rb",
42
- "test/lockdown/test_helper.rb",
43
- "test/lockdown/test_permission.rb",
44
- "test/lockdown/test_resource.rb",
45
- "test/lockdown/test_session.rb",
46
- "test/lockdown/test_user_group.rb"
19
+ "README.md",
20
+ "Rakefile",
21
+ "lib/lockdown.rb",
22
+ "lib/lockdown/access.rb",
23
+ "lib/lockdown/configuration.rb",
24
+ "lib/lockdown/database.rb",
25
+ "lib/lockdown/delivery.rb",
26
+ "lib/lockdown/errors.rb",
27
+ "lib/lockdown/frameworks/rails.rb",
28
+ "lib/lockdown/frameworks/rails/controller.rb",
29
+ "lib/lockdown/frameworks/rails/view.rb",
30
+ "lib/lockdown/helper.rb",
31
+ "lib/lockdown/orms/active_record.rb",
32
+ "lib/lockdown/permission.rb",
33
+ "lib/lockdown/resource.rb",
34
+ "lib/lockdown/session.rb",
35
+ "lib/lockdown/user_group.rb",
36
+ "lockdown.gemspec",
37
+ "test/helper.rb",
38
+ "test/lockdown/test_access.rb",
39
+ "test/lockdown/test_configuration.rb",
40
+ "test/lockdown/test_delivery.rb",
41
+ "test/lockdown/test_helper.rb",
42
+ "test/lockdown/test_permission.rb",
43
+ "test/lockdown/test_resource.rb",
44
+ "test/lockdown/test_session.rb",
45
+ "test/lockdown/test_user_group.rb"
47
46
  ]
48
47
  s.homepage = %q{http://stonean.com/wiki/lockdown}
49
- s.rdoc_options = ["--charset=UTF-8"]
50
48
  s.require_paths = ["lib"]
51
49
  s.rubyforge_project = %q{lockdown}
52
50
  s.rubygems_version = %q{1.3.7}
53
51
  s.summary = %q{Authorization system for Rails}
54
52
  s.test_files = [
55
- "test/lockdown/test_user_group.rb",
56
- "test/lockdown/test_delivery.rb",
57
- "test/lockdown/test_configuration.rb",
58
- "test/lockdown/test_access.rb",
59
- "test/lockdown/test_session.rb",
60
- "test/lockdown/test_permission.rb",
61
- "test/lockdown/test_helper.rb",
62
- "test/lockdown/test_resource.rb",
63
- "test/helper.rb"
53
+ "test/helper.rb",
54
+ "test/lockdown/test_access.rb",
55
+ "test/lockdown/test_configuration.rb",
56
+ "test/lockdown/test_delivery.rb",
57
+ "test/lockdown/test_helper.rb",
58
+ "test/lockdown/test_permission.rb",
59
+ "test/lockdown/test_resource.rb",
60
+ "test/lockdown/test_session.rb",
61
+ "test/lockdown/test_user_group.rb"
64
62
  ]
65
63
 
66
64
  if s.respond_to? :specification_version then
@@ -43,7 +43,7 @@ class TestLockdownAccess < MiniTest::Unit::TestCase
43
43
  public_access :site, :registration, :view_posts
44
44
 
45
45
  assert_equal Lockdown::Configuration.public_access,
46
- "(\/site(\/.*)?)|(\/registration(\/.*)?)|(\/view_posts(\/.*)?)"
46
+ "(\/site(\/.*)?)#{Lockdown::DELIMITER}(\/registration(\/.*)?)#{Lockdown::DELIMITER}(\/view_posts(\/.*)?)"
47
47
  end
48
48
 
49
49
  def test_protected_access
@@ -59,7 +59,7 @@ class TestLockdownAccess < MiniTest::Unit::TestCase
59
59
  protected_access :my_account, :edit_posts
60
60
 
61
61
  assert_equal Lockdown::Configuration.protected_access,
62
- "(\/my_account(\/.*)?)|(\/edit_posts(\/.*)?)"
62
+ "(\/my_account(\/.*)?)#{Lockdown::DELIMITER}(\/edit_posts(\/.*)?)"
63
63
  end
64
64
 
65
65
  def test_user_group
@@ -44,7 +44,7 @@ class TestLockdownConfiguration < MiniTest::Unit::TestCase
44
44
  Authorization.public_access('home', 'faq')
45
45
  Authorization.protected_access('users')
46
46
 
47
- assert_equal "(/home(/.*)?)|(/faq(/.*)?)|(/users(/.*)?)", @config.authenticated_access
47
+ assert_equal "(/home(/.*)?)#{Lockdown::DELIMITER}(/faq(/.*)?)#{Lockdown::DELIMITER}(/users(/.*)?)", @config.authenticated_access
48
48
  end
49
49
 
50
50
  def test_permission
@@ -184,21 +184,10 @@ class TestLockdownConfiguration < MiniTest::Unit::TestCase
184
184
  Authorization.permission('faq')
185
185
  Authorization.permission('about')
186
186
 
187
- assert_equal ["((/home(/.*)?))","((/faq(/.*)?))","((/about(/.*)?))"],
187
+ assert_equal "((/home(/.*)?))#{Lockdown::DELIMITER}((/faq(/.*)?))#{Lockdown::DELIMITER}((/about(/.*)?))",
188
188
  @config.access_rights_for_permissions('home', 'faq', 'about')
189
189
  end
190
190
 
191
- def test_permission_regex_slicing
192
- @config.permission_slice_size = 2
193
-
194
- Authorization.permission('home')
195
- Authorization.permission('faq')
196
- Authorization.permission('about')
197
-
198
- assert_equal ["x","((/home(/.*)?))|((/faq(/.*)?))","((/about(/.*)?))"],
199
- @config.slice_permission_regexes('x', @config.access_rights_for_permissions('home', 'faq', 'about'))
200
- end
201
-
202
191
  def test_skip_sync?
203
192
  assert_equal true, @config.skip_sync?
204
193
  end
@@ -185,8 +185,8 @@ class TestLockdown < MiniTest::Unit::TestCase
185
185
 
186
186
  assert_equal false, Lockdown::Delivery.allowed?('/users/')
187
187
 
188
- assert_equal false, Lockdown::Delivery.allowed?('/users/', [Lockdown::Configuration.authenticated_access])
189
- assert_equal false, Lockdown::Delivery.allowed?('/users', [Lockdown::Configuration.authenticated_access])
188
+ assert_equal false, Lockdown::Delivery.allowed?('/users/', Lockdown::Configuration.authenticated_access)
189
+ assert_equal false, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
190
190
  end
191
191
 
192
192
  def test_it_handles_namespaced_routes_correctly
@@ -203,8 +203,8 @@ class TestLockdown < MiniTest::Unit::TestCase
203
203
 
204
204
  assert_equal false, Lockdown::Delivery.allowed?('/nested/users')
205
205
 
206
- assert_equal true, Lockdown::Delivery.allowed?('/users', [Lockdown::Configuration.authenticated_access])
207
- assert_equal true, Lockdown::Delivery.allowed?('/nested/users', [Lockdown::Configuration.authenticated_access])
206
+ assert_equal true, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
207
+ assert_equal true, Lockdown::Delivery.allowed?('/nested/users', Lockdown::Configuration.authenticated_access)
208
208
  end
209
209
 
210
210
  def test_it_matches_exact_paths_only
@@ -218,7 +218,25 @@ class TestLockdown < MiniTest::Unit::TestCase
218
218
 
219
219
  assert_equal false, Lockdown::Delivery.allowed?('/users_that_should_be_protected')
220
220
 
221
- assert_equal true, Lockdown::Delivery.allowed?('/users', [Lockdown::Configuration.authenticated_access])
222
- assert_equal true, Lockdown::Delivery.allowed?('/users_that_should_be_protected', [Lockdown::Configuration.authenticated_access])
221
+ assert_equal true, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
222
+ assert_equal true, Lockdown::Delivery.allowed?('/users_that_should_be_protected', Lockdown::Configuration.authenticated_access)
223
+ end
224
+
225
+ # Ruby 1.8.7 will throw a 'RegexpError: regular expression too big error' on
226
+ # large regex strings. This is test it to make sure we don't hit that.
227
+ def test_a_large_set_of_regexs
228
+ count = 27
229
+
230
+ ('a'..'z').to_a.each do |letter|
231
+ (1..count).to_a.each do |multiplier|
232
+ Authorization.permission letter * multiplier
233
+ end
234
+ end
235
+
236
+ Authorization.public_access *Lockdown::Configuration.permissions.collect{|p| p.name}
237
+
238
+ (1..count).to_a.each do |multiplier|
239
+ assert_equal true, Lockdown::Delivery.allowed?('/' + 'a'*multiplier)
240
+ end
223
241
  end
224
242
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 2
7
7
  - 0
8
- - 5
9
- version: 2.0.5
8
+ - 6
9
+ version: 2.0.6
10
10
  platform: ruby
11
11
  authors:
12
12
  - Andrew Stone
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-10-24 00:00:00 -04:00
17
+ date: 2010-11-20 00:00:00 -05:00
18
18
  default_executable:
19
19
  dependencies: []
20
20
 
@@ -27,7 +27,6 @@ extensions: []
27
27
  extra_rdoc_files:
28
28
  - README.md
29
29
  files:
30
- - .gitignore
31
30
  - README.md
32
31
  - Rakefile
33
32
  - lib/lockdown.rb
@@ -60,8 +59,8 @@ homepage: http://stonean.com/wiki/lockdown
60
59
  licenses: []
61
60
 
62
61
  post_install_message:
63
- rdoc_options:
64
- - --charset=UTF-8
62
+ rdoc_options: []
63
+
65
64
  require_paths:
66
65
  - lib
67
66
  required_ruby_version: !ruby/object:Gem::Requirement
@@ -88,12 +87,12 @@ signing_key:
88
87
  specification_version: 3
89
88
  summary: Authorization system for Rails
90
89
  test_files:
91
- - test/lockdown/test_user_group.rb
92
- - test/lockdown/test_delivery.rb
93
- - test/lockdown/test_configuration.rb
90
+ - test/helper.rb
94
91
  - test/lockdown/test_access.rb
95
- - test/lockdown/test_session.rb
96
- - test/lockdown/test_permission.rb
92
+ - test/lockdown/test_configuration.rb
93
+ - test/lockdown/test_delivery.rb
97
94
  - test/lockdown/test_helper.rb
95
+ - test/lockdown/test_permission.rb
98
96
  - test/lockdown/test_resource.rb
99
- - test/helper.rb
97
+ - test/lockdown/test_session.rb
98
+ - test/lockdown/test_user_group.rb
data/.gitignore DELETED
@@ -1,7 +0,0 @@
1
- *.DS_Store
2
- *.swp
3
- .yardoc/**
4
- pkg/**
5
- doc/**
6
- email.txt
7
- coverage/**