lockdown 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
@@ -24,7 +24,7 @@ module Lockdown
24
24
 
25
25
  # @return the version string for the library.
26
26
  def version
27
- '2.0.1'
27
+ '2.0.2'
28
28
  end
29
29
 
30
30
  def rails_mixin
@@ -182,7 +182,11 @@ module Lockdown
182
182
  end
183
183
  end
184
184
 
185
- authenticated_access + "|" + access_rights_for_permissions(*permission_names)
185
+ if permission_names.empty?
186
+ authenticated_access
187
+ else
188
+ authenticated_access + "|" + access_rights_for_permissions(*permission_names)
189
+ end
186
190
  end
187
191
 
188
192
  # @param [Array(String)] names permission names
@@ -5,8 +5,6 @@ module Lockdown
5
5
  class << self
6
6
  # @return [true|false] if the given path is allowed
7
7
  def allowed?(path, access_rights = nil)
8
- return true if path == '/'
9
-
10
8
  begin
11
9
  ::Authorization.configure
12
10
  rescue NameError
@@ -19,7 +17,11 @@ module Lockdown
19
17
  path += "/" unless path =~ /\/$/
20
18
  path = "/" + path unless path =~ /^\//
21
19
 
22
- access_rights_regex =~ path ? true : false
20
+ if access_rights_regex =~ path
21
+ return true
22
+ end
23
+
24
+ return false
23
25
  end
24
26
  end # class block
25
27
  end # Delivery
@@ -54,6 +54,14 @@ module Lockdown
54
54
  return true
55
55
  end
56
56
 
57
+ path_parts = path.split('/')
58
+
59
+ if path_parts.last == "index"
60
+ path_parts.pop
61
+ new_path = path_parts.join('/')
62
+ return Lockdown::Delivery.allowed?(new_path, session[:access_rights])
63
+ end
64
+
57
65
  begin
58
66
  if ::Rails.respond_to?(:application)
59
67
  router = ::Rails.application.routes
@@ -72,11 +80,15 @@ module Lockdown
72
80
  end
73
81
 
74
82
  # Mailto link
75
- return true if url =~ /^mailto:/
83
+ if url =~ /^mailto:/
84
+ return true
85
+ end
76
86
 
77
87
  # Public file
78
88
  file = File.join(::Rails.root, 'public', url)
79
- return true if File.exists?(file)
89
+ if File.exists?(file)
90
+ return true
91
+ end
80
92
 
81
93
  # Passing in different domain
82
94
  return remote_url?(url_parts[2])
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{lockdown}
8
- s.version = "2.0.1"
8
+ s.version = "2.0.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Andrew Stone"]
12
- s.date = %q{2010-09-07}
12
+ s.date = %q{2010-09-21}
13
13
  s.description = %q{Restrict access to your controller actions. }
14
14
  s.email = %q{andy@stonean.com}
15
15
  s.extra_rdoc_files = [
@@ -43,8 +43,7 @@ Gem::Specification.new do |s|
43
43
  "test/lockdown/test_permission.rb",
44
44
  "test/lockdown/test_resource.rb",
45
45
  "test/lockdown/test_session.rb",
46
- "test/lockdown/test_user_group.rb",
47
- "test/test_lockdown.rb"
46
+ "test/lockdown/test_user_group.rb"
48
47
  ]
49
48
  s.homepage = %q{http://stonean.com/wiki/lockdown}
50
49
  s.rdoc_options = ["--charset=UTF-8"]
@@ -61,8 +60,7 @@ Gem::Specification.new do |s|
61
60
  "test/lockdown/test_permission.rb",
62
61
  "test/lockdown/test_helper.rb",
63
62
  "test/lockdown/test_resource.rb",
64
- "test/helper.rb",
65
- "test/test_lockdown.rb"
63
+ "test/helper.rb"
66
64
  ]
67
65
 
68
66
  if s.respond_to? :specification_version then
@@ -112,6 +112,7 @@ class TestLockdown < MiniTest::Unit::TestCase
112
112
  end
113
113
  Authorization.public_access :posts
114
114
 
115
+
115
116
  assert_equal true, Lockdown::Delivery.allowed?('/posts/update')
116
117
 
117
118
  assert_equal true, Lockdown::Delivery.allowed?('/posts/update/')
@@ -124,6 +125,7 @@ class TestLockdown < MiniTest::Unit::TestCase
124
125
 
125
126
  assert_equal true, Lockdown::Delivery.allowed?('/posts/show/')
126
127
 
128
+ assert_equal false, Lockdown::Delivery.allowed?('/posts/')
127
129
  end
128
130
 
129
131
  def test_it_denies_uri_access_to_destroy
@@ -159,5 +161,32 @@ class TestLockdown < MiniTest::Unit::TestCase
159
161
 
160
162
  assert_equal false, Lockdown::Delivery.allowed?('/users/destroy')
161
163
  end
162
- end
163
164
 
165
+ def test_it_denies_index_access_to_resource_assigned_to_administrators
166
+ Authorization.permission :register_account do
167
+ resource :users do
168
+ only :new, :create
169
+ end
170
+ end
171
+ Authorization.public_access :register_account
172
+
173
+ Authorization.permission :my_account do
174
+ resource :users do
175
+ only :show, :update
176
+ end
177
+ end
178
+ Authorization.protected_access :my_account
179
+
180
+ Authorization.permission 'users'
181
+ Authorization.user_group 'Administrators', 'users'
182
+
183
+ assert_equal true, Lockdown::Delivery.allowed?('/users/new')
184
+ assert_equal true, Lockdown::Delivery.allowed?('/users/create')
185
+
186
+ assert_equal false, Lockdown::Delivery.allowed?('/users/')
187
+
188
+ assert_equal false, Lockdown::Delivery.allowed?('/users/', Lockdown::Configuration.authenticated_access)
189
+ assert_equal false, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
190
+
191
+ end
192
+ end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 2
7
7
  - 0
8
- - 1
9
- version: 2.0.1
8
+ - 2
9
+ version: 2.0.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - Andrew Stone
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-09-07 00:00:00 -04:00
17
+ date: 2010-09-21 00:00:00 -04:00
18
18
  default_executable:
19
19
  dependencies: []
20
20
 
@@ -55,7 +55,6 @@ files:
55
55
  - test/lockdown/test_resource.rb
56
56
  - test/lockdown/test_session.rb
57
57
  - test/lockdown/test_user_group.rb
58
- - test/test_lockdown.rb
59
58
  has_rdoc: true
60
59
  homepage: http://stonean.com/wiki/lockdown
61
60
  licenses: []
@@ -98,4 +97,3 @@ test_files:
98
97
  - test/lockdown/test_helper.rb
99
98
  - test/lockdown/test_resource.rb
100
99
  - test/helper.rb
101
- - test/test_lockdown.rb
@@ -1,11 +0,0 @@
1
- # encoding: utf-8
2
-
3
- require 'helper'
4
-
5
- class TestLockdown < MiniTest::Unit::TestCase
6
-
7
- def test_version
8
- assert_equal '2.0.0', Lockdown.version
9
- end
10
-
11
- end