RubyGems - qm-acts-as-generic-controller - Versions diffs - 0.1.6 → 0.1.7 - Mend

qm-acts-as-generic-controller 0.1.6 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

data/Rakefile +1 -1
data/lib/qm-acts-as-generic-controller-controller.rb +7 -2
metadata +4 -4

data/Rakefile CHANGED Viewed

@@ -9,7 +9,7 @@ begin
     gemspec.email = "marcin@saepia.net"
     gemspec.homepage = "http://q.saepia.net"
     gemspec.authors = ["Marcin Lewandowski"]
-    gemspec.version = "0.1.6"
+    gemspec.version = "0.1.7"
     gemspec.files = Rake::FileList.new [ "MIT-LICENSE", "Rakefile", "lib/*", "app/views/generic_controller/*" ]
     gemspec.add_dependency "qui-common-helpers", ">= 0.0.8"
     gemspec.add_dependency "qui-index-table", ">= 0.0.8"

data/lib/qm-acts-as-generic-controller-controller.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module QM
             end
           end
-          before_filter :check_generic_privileges
+          before_filter :check_generic_privileges, :only => [ :index, :show, :create, :edit, :update, :destroy ]
           before_filter :check_limit_for_user, :only => [ :show, :edit, :update, :destroy ]
           END
@@ -156,7 +156,10 @@ module QM
           if defined?(current_user) and current_user.respond_to? :privileged_attributes
             params[singular_variable(true)].keys.each do |key|
-              params[singular_variable(true)].delete key unless current_user.privileged_attributes(model, :write).include? key
+              unless current_user.privileged_attributes(model, :write).include? key
+                logger.info "Security warning: Deleting key '#{key}' from params hash, because user #{current_user.login} has not enough privileges to modify that attribute"
+                params[singular_variable(true)].delete key
+              end
             end
           end
           instance_variable_get(singular_variable).update_attributes params[singular_variable(true)]
@@ -227,6 +230,8 @@ module QM
                 :index_any
               when :show
                 :show_any
+              when :edit
+                :update_any
               when :update
                 :update_any
               when :create

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: qm-acts-as-generic-controller
 version: !ruby/object:Gem::Version
-  hash: 23
+  hash: 21
   prerelease: false
   segments:
   - 0
   - 1
-  - 6
-  version: 0.1.6
+  - 7
+  version: 0.1.7
 platform: ruby
 authors:
 - Marcin Lewandowski
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-11-09 00:00:00 +01:00
+date: 2010-11-10 00:00:00 +01:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency