model_security_generator 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -92,7 +92,7 @@ public
92
92
  # it!
93
93
  def logout
94
94
  User.sign_off
95
- session[:user_id] = nil
95
+ reset_session
96
96
  session[:skip_user_setup] = true
97
97
  redirect_to :action => 'login'
98
98
  end
@@ -114,7 +114,7 @@ public
114
114
  @user.save
115
115
  User.sign_on_by_session(1)
116
116
  session[:user_id] = 1
117
- render :file => 'app/views/user/admin_created.rhtml'
117
+ render :action => 'admin_created'
118
118
  # Mail the user instructions on how to activate their account.
119
119
  else
120
120
  url_params = {
@@ -125,7 +125,8 @@ public
125
125
  }
126
126
  url = url_for(url_params)
127
127
  UserMailer.deliver_new_user(p, url, @user.token_expiry)
128
- render :file => 'app/views/user/created.rhtml'
128
+ @email = p['email']
129
+ render :action => 'created'
129
130
  end
130
131
  else
131
132
  flash['notice'] = 'Creation of new user failed.'
@@ -5,7 +5,7 @@ create table users (
5
5
  admin integer(1) not null default 0,
6
6
  activated integer(1) not null default 0,
7
7
  email varchar(80) not null,
8
- cypher varchar(512) not null,
8
+ cypher text not null,
9
9
  salt char(40) not null,
10
10
  token char(10) not null,
11
11
  token_expiry timestamp not null,
@@ -278,9 +278,6 @@ private
278
278
  # *attribute* is the name of the attribute upon which an access is
279
279
  # being attempted.
280
280
  #
281
- # FIX: Is exception information displayed in production mode? I put a lot
282
- # of sensitive data in this exception.
283
- #
284
281
  def security_error(permission, attribute)
285
282
  global = nil
286
283
  local = nil
@@ -345,7 +342,6 @@ public
345
342
  def write_attribute(name, value)
346
343
  if not writable?(name)
347
344
  security_error(:let_write, name)
348
- raise SecurityError
349
345
  end
350
346
  old_write_attribute(name, value)
351
347
  end
@@ -22,18 +22,33 @@ module UserSupport
22
22
  end
23
23
 
24
24
 
25
+ # FIX: This only works for require_login and require_admin for now, because
26
+ # I'm not passing the block across invocations.
27
+ #
28
+ # This is meant to be used as a before_filter.
29
+ # A condition that is dependent on the user's login is in the block.
30
+ # If the condition isn't true, a login panel is put up, and the explanation
31
+ # that is passed as an argument may (or may not) be presented to the user,
32
+ # depending on whether we're using HTTP authentication or not.
33
+ # Once the condition is met, it resumes the action it was protecting.
34
+ def require_condition(e)
35
+ if yield
36
+ return true
37
+ else
38
+ if controller_name != 'user' and (action_name != 'login' and action_name != 'login_admin')
39
+ store_location
40
+ end
41
+ redirect_to :controller => 'user', :action => 'login', :explanation => e
42
+ return false
43
+ end
44
+ end
45
+
25
46
  # This is meant to be used as a before_filter. It requires an
26
47
  # administrative login, putting up a login panel if the administrator
27
48
  # isn't currently logged in. Once the administrator logs in, it resumes
28
49
  # the action it was protecting.
29
50
  def require_admin
30
- if admin?
31
- return true
32
- else
33
- store_location
34
- redirect_to :controller => 'user', :action => 'login_admin'
35
- return false
36
- end
51
+ require_condition("Administrative user required.") { admin? }
37
52
  end
38
53
 
39
54
  # This is meant to be used as a before_filter. It requires a
@@ -41,13 +56,7 @@ module UserSupport
41
56
  # logged in. Once a user logs in, it resumes the action it was
42
57
  # protecting.
43
58
  def require_login
44
- if User.current
45
- true
46
- else
47
- store_location
48
- redirect_to :controller => 'user', :action => 'login'
49
- false
50
- end
59
+ require_condition("Login required.") { User.current }
51
60
  end
52
61
 
53
62
  # This is a before filter for the entire application, used to set up the
@@ -140,7 +140,7 @@ private
140
140
 
141
141
 
142
142
  # The security token can only be changed if we're the special "login" user.
143
- let_write :activated, :password, :token, :token_expiry, :if => :logging_in?
143
+ let_write :activated, :token, :token_expiry, :if => :logging_in?
144
144
 
145
145
  public
146
146
  attr_accessor :password, :password_confirmation, :old_password
metadata CHANGED
@@ -3,8 +3,8 @@ rubygems_version: 0.8.4
3
3
  specification_version: 1
4
4
  name: model_security_generator
5
5
  version: !ruby/object:Gem::Version
6
- version: 0.0.5
7
- date: 2005-10-04
6
+ version: 0.0.6
7
+ date: 2005-10-10
8
8
  summary: "[Rails] Model security and authentication generator."
9
9
  require_paths:
10
10
  - "."