raygun 0.0.15 → 0.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/CHANGES.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Change Log
2
2
 
3
+ ## 0.0.16 [2013-01-04]
4
+
5
+ * Improved authorization rules so that users can't delete themselves and non-admin can't access users controller :new.
6
+
3
7
  ## 0.0.15 [2012-12-26]
4
8
 
5
9
  * Handle cases where raygun is given a name with dashes (e.g wonder-pets).
@@ -17,7 +17,7 @@ class RegistrationsController < ApplicationController
17
17
  end
18
18
 
19
19
  def activate
20
- if @user = User.load_from_activation_token(params[:token])
20
+ if (@user = User.load_from_activation_token(params[:token]))
21
21
  @user.activate!
22
22
  auto_login @user
23
23
  redirect_to sign_in_path, notice: "Your account has been activated and you're now signed in. Enjoy!"
@@ -5,11 +5,15 @@ class Ability
5
5
  user ||= User.new # guest user (not logged in)
6
6
 
7
7
  if user.admin?
8
- can :manage, User
8
+ can :manage, :all
9
9
  else
10
- can :manage, User, id: user.id
10
+ can [:read, :update], User, id: user.id
11
11
  end
12
12
 
13
+ # No one can destroy themselves.
14
+ cannot :destroy, User, id: user.id
15
+
16
+
13
17
  # Define abilities for the passed in user here. For example:
14
18
  #
15
19
  # user ||= User.new # guest user (not logged in)
@@ -60,7 +60,7 @@ describe UsersController do
60
60
  end
61
61
 
62
62
  it "assigns a newly created user as @user" do
63
- post :create, {user: valid_attributes }, valid_session
63
+ post :create, { user: valid_attributes }, valid_session
64
64
  expect(assigns(:user)).to be_a(User)
65
65
  expect(assigns(:user)).to be_persisted
66
66
  end
@@ -2,33 +2,35 @@ require 'spec_helper'
2
2
  require 'cancan/matchers'
3
3
 
4
4
  describe "User" do
5
+ subject { ability }
6
+ let(:ability) { Ability.new(user) }
7
+ let(:other) { build(:user) { |u| u.id = 2 } }
8
+
5
9
  context "when working with User" do
6
10
  context "as a non-admin" do
7
11
  let(:user) { build(:user) { |u| u.id = 1 } }
8
- subject { Ability.new(user) }
9
12
 
10
13
  context "operating on themselves" do
11
- it { should be_able_to(:manage, user) }
14
+ it { should be_able_to(:read, user) }
15
+ it { should be_able_to(:update, user) }
16
+ it { should_not be_able_to(:destroy, user) }
12
17
  end
13
18
 
14
19
  context "operating on someone else" do
15
- let(:other) { build(:user) { |u| u.id = 2 } }
16
-
17
20
  it { should_not be_able_to(:manage, other) }
21
+ it { should_not be_able_to(:create, User) }
18
22
  end
19
23
  end
20
24
 
21
25
  context "as an admin" do
22
26
  let(:user) { build(:admin) { |u| u.id = 1 } }
23
- subject { Ability.new(user) }
24
27
 
25
28
  context "operating on themselves" do
26
- it { should be_able_to(:manage, user) }
29
+ it { should be_able_to(:manage, user) }
30
+ it { should_not be_able_to(:destroy, user) }
27
31
  end
28
32
 
29
33
  context "operating on someone else" do
30
- let(:other) { build(:user) { |u| u.id = 2 } }
31
-
32
34
  it { should be_able_to(:manage, other) }
33
35
  end
34
36
  end
@@ -1,3 +1,3 @@
1
1
  module Raygun
2
- VERSION = "0.0.15"
2
+ VERSION = "0.0.16"
3
3
  end
data/raygun.gemspec CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |gem|
14
14
  gem.homepage = "https://github.com/carbonfive/raygun"
15
15
 
16
16
  gem.files = `git ls-files`.split($/)
17
- gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
18
18
  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
19
19
  gem.require_paths = ["lib"]
20
20
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: raygun
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.15
4
+ version: 0.0.16
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2012-12-27 00:00:00.000000000 Z
14
+ date: 2013-01-04 00:00:00.000000000 Z
15
15
  dependencies: []
16
16
  description: Carbon Five Rails application generator
17
17
  email: