lockdown 0.9.5 → 0.9.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. data/lib/lockdown/frameworks/rails/controller.rb +5 -3
  2. data/lib/lockdown/frameworks/rails.rb +2 -2
  3. data/lib/lockdown/rules.rb +39 -7
  4. data/lib/lockdown.rb +1 -1
  5. data/spec/lockdown/frameworks/rails/controller_spec.rb +1 -0
  6. data/spec/lockdown/frameworks/rails_spec.rb +5 -0
  7. data/tasks/setup.rb +1 -1
  8. data/tasks/zentest.rake +36 -0
  9. metadata +8 -5
data/lib/lockdown/frameworks/rails/controller.rb CHANGED
@@ -69,17 +69,19 @@ module Lockdown
69
69
 
70
70
  url_parts = URI::split(url.strip)
71
71
 
72
- url = url_parts[5]
72
+ path = url_parts[5]
73
73
 
74
- return true if path_allowed?(url)
74
+ return true if path_allowed?(path)
75
75
 
76
76
  begin
77
- hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
77
+ hash = ActionController::Routing::Routes.recognize_path(path, :method => method)
78
78
  return path_allowed?(path_from_hash(hash)) if hash
79
79
  rescue Exception
80
80
  # continue on
81
81
  end
82
82
 
83
+ return true if url =~ /^mailto:/
84
+
83
85
  # Passing in different domain
84
86
  return remote_url?(url_parts[2])
85
87
  end
data/lib/lockdown/frameworks/rails.rb CHANGED
@@ -55,11 +55,11 @@ module Lockdown
55
55
  end
56
56
 
57
57
  def controller_parent
58
- ActionController::Base
58
+ ::ActionController::Base
59
59
  end
60
60
 
61
61
  def view_helper
62
- ActionView::Base
62
+ ::ActionView::Base
63
63
  end
64
64
 
65
65
  def controller_class_name(str)
data/lib/lockdown/rules.rb CHANGED
@@ -263,18 +263,50 @@ module Lockdown
263
263
  def parse_permissions
264
264
  permission_objects.each do |name, perm|
265
265
  @permissions[perm.name] ||= []
266
- perm.controllers.each do |name, controller|
267
- @permissions[perm.name] |= controller.access_methods
268
266
 
269
- if perm.public_access?
270
- @public_access |= controller.access_methods
271
- elsif perm.protected_access?
272
- @protected_access |= controller.access_methods
273
- end
267
+ set_controller_access(perm)
268
+
269
+ set_model_access(perm)
270
+ end
271
+ end
272
+
273
+ def set_controller_access(perm)
274
+ perm.controllers.each do |name, controller|
275
+ @permissions[perm.name] |= controller.access_methods
276
+
277
+ if perm.public_access?
278
+ @public_access |= controller.access_methods
279
+ elsif perm.protected_access?
280
+ @protected_access |= controller.access_methods
274
281
  end
275
282
  end
276
283
  end
277
284
 
285
+ def set_model_access(perm)
286
+ perm.models.each do |model|
287
+ # Create inherited method on Lockdown.orm_parent that
288
+ # will create a list of controller/actions the model
289
+ end
290
+
291
+ # Create method to access that list for link_to call validation
292
+ #Lockdown.orm_parent.instance_eval <<-RUBY, __FILE__,__LINE__ + 1
293
+ # def self.inherited(klass)
294
+ # super
295
+ #
296
+ # end
297
+ #RUBY
298
+
299
+ # Create inherited method on Lockdown.controller_parent that
300
+ # will setup before_filter
301
+ #Lockdown.controller_parent.instance_eval <<-RUBY, __FILE__,__LINE__ + 1
302
+ # def self.inherited(klass)
303
+ # super
304
+ #
305
+ # end
306
+ #RUBY
307
+ end
308
+
309
+
278
310
  def validate_user_groups
279
311
  user_groups.each do |user_group, perms|
280
312
  perms.each do |perm|
data/lib/lockdown.rb CHANGED
@@ -3,7 +3,7 @@ require File.join(File.dirname(__FILE__), "lockdown", "helper")
3
3
  module Lockdown
4
4
  extend Lockdown::Helper
5
5
 
6
- VERSION = '0.9.5'
6
+ VERSION = '0.9.7'
7
7
 
8
8
  # Returns the version string for the library.
9
9
  def self.version
data/spec/lockdown/frameworks/rails/controller_spec.rb CHANGED
@@ -133,6 +133,7 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
133
133
 
134
134
  request = mock("request")
135
135
  request.stub!(:method).and_return(:get)
136
+ @controller.stub!(:params).and_return({})
136
137
  @controller.stub!(:request).and_return(request)
137
138
 
138
139
  stonean_parts = ["http", nil, "stonean.com", nil, nil, "posts/index", nil, nil, nil]
data/spec/lockdown/frameworks/rails_spec.rb CHANGED
@@ -30,6 +30,11 @@ describe Lockdown::Frameworks::Rails do
30
30
 
31
31
  ActionView::Base.should_receive(:class_eval)
32
32
 
33
+ ActionController::Base.should_receive(:helper_method)
34
+ ActionController::Base.should_receive(:before_filter)
35
+ ActionController::Base.should_receive(:filter_parameter_logging)
36
+ ActionController::Base.should_receive(:rescue_from)
37
+
33
38
  ActionController::Base.should_receive(:class_eval)
34
39
 
35
40
  Lockdown::System.should_receive(:class_eval)
data/tasks/setup.rb CHANGED
@@ -147,7 +147,7 @@ RCOV = "#{RUBY} -S rcov"
147
147
  RDOC = "#{RUBY} -S rdoc"
148
148
  GEM = "#{RUBY} -S gem"
149
149
 
150
- %w(rcov spec/rake/spectask rubyforge bones facets/ansicode).each do |lib|
150
+ %w(rcov spec/rake/spectask rubyforge bones facets/ansicode zentest).each do |lib|
151
151
  begin
152
152
  require lib
153
153
  Object.instance_eval {const_set "HAVE_#{lib.tr('/','_').upcase}", true}
data/tasks/zentest.rake ADDED
@@ -0,0 +1,36 @@
1
+ if HAVE_ZENTEST
2
+
3
+ # --------------------------------------------------------------------------
4
+ if test(?e, PROJ.test.file) or not PROJ.test.files.to_a.empty?
5
+ require 'autotest'
6
+
7
+ namespace :test do
8
+ task :autotest do
9
+ Autotest.run
10
+ end
11
+ end
12
+
13
+ desc "Run the autotest loop"
14
+ task :autotest => 'test:autotest'
15
+
16
+ end # if test
17
+
18
+ # --------------------------------------------------------------------------
19
+ if HAVE_SPEC_RAKE_SPECTASK and not PROJ.spec.files.to_a.empty?
20
+ require 'autotest/rspec'
21
+
22
+ namespace :spec do
23
+ task :autotest do
24
+ load '.autotest' if test(?f, '.autotest')
25
+ Autotest::Rspec.run
26
+ end
27
+ end
28
+
29
+ desc "Run the autotest loop"
30
+ task :autotest => 'spec:autotest'
31
+
32
+ end # if rspec
33
+
34
+ end # if HAVE_ZENTEST
35
+
36
+ # EOF
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lockdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.5
4
+ version: 0.9.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-03-26 00:00:00 -04:00
12
+ date: 2009-06-06 00:00:00 -04:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 2.4.2
23
+ version: 2.5.1
24
24
  version:
25
25
  description: Lockdown is an authorization system for RubyOnRails (ver >= 2.1).
26
26
  email: andy@stonean.com
@@ -102,8 +102,11 @@ files:
102
102
  - tasks/spec.rake
103
103
  - tasks/svn.rake
104
104
  - tasks/test.rake
105
+ - tasks/zentest.rake
105
106
  has_rdoc: true
106
107
  homepage: http://stonean.com/wiki/lockdown
108
+ licenses: []
109
+
107
110
  post_install_message:
108
111
  rdoc_options:
109
112
  - --main
@@ -125,9 +128,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
125
128
  requirements: []
126
129
 
127
130
  rubyforge_project: lockdown
128
- rubygems_version: 1.3.1
131
+ rubygems_version: 1.3.3
129
132
  signing_key:
130
- specification_version: 2
133
+ specification_version: 3
131
134
  summary: Lockdown is an authorization system for RubyOnRails (ver >= 2
132
135
  test_files: []
133
136