RubyGems - revo-lockdown - Versions diffs - 1.6.2 → 1.6.2.1 - Mend

revo-lockdown 1.6.2 → 1.6.2.1

Files changed (3) hide show

data/lib/lockdown/frameworks/rails/view.rb +36 -20
data/spec/lockdown/frameworks/rails/view_spec.rb +72 -3
metadata +125 -126

data/lib/lockdown/frameworks/rails/view.rb CHANGED Viewed

@@ -7,37 +7,36 @@ module Lockdown
             alias_method :link_to_open, :link_to
             alias_method :link_to, :link_to_secured
+            alias_method :link_to_remote_open, :link_to_remote
+            alias_method :link_to_remote, :link_to_remote_secured
             alias_method :button_to_open, :button_to
             alias_method :button_to, :button_to_secured
-          end
-        end
-        def link_to_secured(name, options = {}, html_options = nil)
-          url = url_for(options)
-          method = html_options ? html_options[:method] : :get
-         url_to_authorize = remove_subdirectory(url)
+            alias_method :button_to_remote_open, :button_to_remote
+            alias_method :button_to_remote, :button_to_secured
-         if authorized?(url_to_authorize, method)
-            return link_to_open(name, url, html_options)
           end
-          return ""
         end
-        def button_to_secured(name, options = {}, html_options = nil)
-          url = url_for(options)
+        def link_to_secured(name, options = {}, html_options = nil)
+          secured_link_for(:link_to_open, name, options, html_options)
+        end
-          method = html_options ? html_options[:method] : :get
+        def link_to_remote_secured(name, options = {}, html_options = nil)
+          secured_link_for(:link_to_remote_open, name, options, html_options)
+        end
-          url_to_authorize = remove_subdirectory(url)
-          if authorized?(url_to_authorize, method)
-            return button_to_open(name, url, html_options)
-          end
-          return ""
+        def button_to_secured(name, options = {}, html_options = nil)
+          secured_link_for(:button_to_open, name, options, html_options)
+        end
+        def button_to_remote_secured(name, options = {}, html_options = nil)
+          secured_link_for(:button_to_remote_open, name, options, html_options)
         end
         def link_to_or_show(name, options = {}, html_options = nil)
           lnk = link_to(name, options, html_options)
           lnk.length == 0 ? name : lnk
@@ -49,12 +48,29 @@ module Lockdown
           rvalue.join( Lockdown::System.fetch(:link_separator) )
         end
+        def secured_link_for(link_method_name, name, options, html_options)
+          url = url_from(options)
+          method = html_options ? html_options[:method] : :get
+          url_to_authorize = remove_subdirectory(url)
+          if authorized?(url_to_authorize, method)
+            return send(link_method_name, name, options, html_options)
+          end
+          return ""
+        end
         def remove_subdirectory(url)
           subdir = Lockdown::System.fetch(:subdirectory)
           subdir ? url.gsub(/^\/?#{subdir}/,'') : url
         end
+        def url_from(options)
+          url = options.is_a?(Hash) ? options[:url] || options : options
+          url_for(url)
+        end
+        private :remove_subdirectory
       end # View
     end # Rails
   end # Frameworks

data/spec/lockdown/frameworks/rails/view_spec.rb CHANGED Viewed

@@ -9,6 +9,14 @@ class TestAView
     "button_to"
   end
+  def link_to_remote
+    "link_to_remote"
+  end
+  def button_to_remote
+    "button_to_remote"
+  end
   include Lockdown::Frameworks::Rails::View
 end
@@ -43,7 +51,26 @@ describe Lockdown::Frameworks::Rails::Controller do
   end
+  describe "#link_to_remote_secured" do
+    it "should return the link if authorized" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:authorized?).and_return(true)
+      @view.stub!(:link_to_remote_open).and_return(link)
+      @view.link_to_remote_secured("my link", @options).should == link
+    end
+    it "should return an empty string if authorized" do
+      @view.stub!(:authorized?).and_return(false)
+      @view.link_to_remote_secured("my link", @options).should == ""
+    end
+    it "should attempt to remove a subdirectory if it exists" do
+      @view.should_receive(:remove_subdirectory).once
+      @view.stub!(:authorized?).and_return(false)
+      @view.link_to_remote_secured("my link", @options).should == ""
+    end
+  end
   describe "#button_to_secured" do
@@ -70,6 +97,28 @@ describe Lockdown::Frameworks::Rails::Controller do
   end
+  describe "#button_to_remote_secured" do
+    it "should return the link if authorized" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:authorized?).and_return(true)
+      @view.stub!(:button_to_remote_open).and_return(link)
+      @view.button_to_remote_secured("my link", @options).should == link
+    end
+    it "should return an empty string if authorized" do
+      @view.stub!(:authorized?).and_return(false)
+      @view.button_to_remote_secured("my link", @options).should == ""
+    end
+    it "should attempt to remove a subdirectory if it exists" do
+      @view.should_receive(:remove_subdirectory).once
+      @view.stub!(:authorized?).and_return(false)
+      @view.button_to_remote_secured("my link", @options).should == ""
+    end
+  end
   describe "#link_to_or_show" do
     it "should return the name if link_to returned an empty string" do
       @view.stub!(:link_to).and_return('')
@@ -108,18 +157,38 @@ describe Lockdown::Frameworks::Rails::Controller do
     end
     it "should remove subdirectory /test" do
-      @view.remove_subdirectory('/test/posts/new').should == '/posts/new'
+      @view.send(:remove_subdirectory,'/test/posts/new').should == '/posts/new'
     end
     it "should remove subdirectory 'test' without a leading /" do
-      @view.remove_subdirectory('test/posts/new').should == '/posts/new'
+      @view.send(:remove_subdirectory,'test/posts/new').should == '/posts/new'
     end
     it "should leave the url untouched" do
-      @view.remove_subdirectory('/posts/new').should == '/posts/new'
+      @view.send(:remove_subdirectory,'/posts/new').should == '/posts/new'
     end
   end
+  describe "#url_from" do
+    it "should derive the path from the :url if given with options" do
+      options = { :url => 'test/test' }
+      @view.should_receive(:url_for).with(options[:url])
+      @view.should_not_receive(:url_for).with(options)
+      @view.url_from(options)
+    end
+    it "should derive the path from the options hash if no :url is given" do
+      options = { :controller => 'test', :action => 'index' }
+      @view.should_receive(:url_for).with(options)
+      @view.url_from(options)
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,139 +1,138 @@
 --- !ruby/object:Gem::Specification
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: "0"
-  version:
-email: andy@stonean.com
-cert_chain: []
-summary: Authorization system for Rails 2.x
-post_install_message:
-extra_rdoc_files:
-- README.txt
-homepage: http://stonean.com/wiki/lockdown
-signing_key:
 name: revo-lockdown
-rdoc_options:
-- --charset=UTF-8
-rubyforge_project: lockdown
+version: !ruby/object:Gem::Version
+  version: 1.6.2.1
+platform: ruby
+authors:
+  - Andrew Stone
+  - Revo Pty. Ltd.
 autorequire:
-licenses: []
+bindir: bin
+cert_chain: []
+date: 2009-12-11 00:00:00 +11:00
+default_executable:
+dependencies:
+  - !ruby/object:Gem::Dependency
+    name: rspec
+    type: :development
+    version_requirement:
+    version_requirements: !ruby/object:Gem::Requirement
+      requirements:
+        - - ">="
+          - !ruby/object:Gem::Version
+            version: "0"
+      version:
+description: Restrict access to your controller actions.  Supports basic model level restrictions as well
+email: andy@stonean.com
 executables: []
-description: Restrict access to your controller actions.  Supports basic model level
-  restrictions as well
-specification_version: 3
-default_executable:
+extensions: []
+extra_rdoc_files:
+  - README.txt
 files:
-- .gitignore
-- README.txt
-- Rakefile
-- lib/lockdown.rb
-- lib/lockdown/context.rb
-- lib/lockdown/database.rb
-- lib/lockdown/errors.rb
-- lib/lockdown/frameworks/rails.rb
-- lib/lockdown/frameworks/rails/controller.rb
-- lib/lockdown/frameworks/rails/view.rb
-- lib/lockdown/helper.rb
-- lib/lockdown/orms/active_record.rb
-- lib/lockdown/permission.rb
-- lib/lockdown/references.rb
-- lib/lockdown/rspec_helper.rb
-- lib/lockdown/rules.rb
-- lib/lockdown/session.rb
-- lib/lockdown/system.rb
-- rails_generators/lockdown/lockdown_generator.rb
-- rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
-- rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
-- rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
-- rails_generators/lockdown/templates/app/controllers/users_controller.rb
-- rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
-- rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
-- rails_generators/lockdown/templates/app/helpers/users_helper.rb
-- rails_generators/lockdown/templates/app/models/permission.rb
-- rails_generators/lockdown/templates/app/models/profile.rb
-- rails_generators/lockdown/templates/app/models/user.rb
-- rails_generators/lockdown/templates/app/models/user_group.rb
-- rails_generators/lockdown/templates/app/views/permissions/index.html.erb
-- rails_generators/lockdown/templates/app/views/permissions/show.html.erb
-- rails_generators/lockdown/templates/app/views/sessions/new.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
-- rails_generators/lockdown/templates/app/views/users/edit.html.erb
-- rails_generators/lockdown/templates/app/views/users/index.html.erb
-- rails_generators/lockdown/templates/app/views/users/new.html.erb
-- rails_generators/lockdown/templates/app/views/users/show.html.erb
-- rails_generators/lockdown/templates/config/initializers/lockit.rb
-- rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
-- rails_generators/lockdown/templates/db/migrate/create_permissions.rb
-- rails_generators/lockdown/templates/db/migrate/create_profiles.rb
-- rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
-- rails_generators/lockdown/templates/db/migrate/create_users.rb
-- rails_generators/lockdown/templates/lib/lockdown/README
-- rails_generators/lockdown/templates/lib/lockdown/init.rb
-- spec/lockdown/context_spec.rb
-- spec/lockdown/database_spec.rb
-- spec/lockdown/frameworks/rails/controller_spec.rb
-- spec/lockdown/frameworks/rails/view_spec.rb
-- spec/lockdown/frameworks/rails_spec.rb
-- spec/lockdown/permission_spec.rb
-- spec/lockdown/rspec_helper_spec.rb
-- spec/lockdown/rules_spec.rb
-- spec/lockdown/session_spec.rb
-- spec/lockdown/system_spec.rb
-- spec/lockdown_spec.rb
-- spec/rcov.opts
-- spec/spec.opts
-- spec/spec_helper.rb
+  - .gitignore
+  - README.txt
+  - Rakefile
+  - lib/lockdown.rb
+  - lib/lockdown/context.rb
+  - lib/lockdown/database.rb
+  - lib/lockdown/errors.rb
+  - lib/lockdown/frameworks/rails.rb
+  - lib/lockdown/frameworks/rails/controller.rb
+  - lib/lockdown/frameworks/rails/view.rb
+  - lib/lockdown/helper.rb
+  - lib/lockdown/orms/active_record.rb
+  - lib/lockdown/permission.rb
+  - lib/lockdown/references.rb
+  - lib/lockdown/rspec_helper.rb
+  - lib/lockdown/rules.rb
+  - lib/lockdown/session.rb
+  - lib/lockdown/system.rb
+  - rails_generators/lockdown/lockdown_generator.rb
+  - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
+  - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
+  - rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
+  - rails_generators/lockdown/templates/app/controllers/users_controller.rb
+  - rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
+  - rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
+  - rails_generators/lockdown/templates/app/helpers/users_helper.rb
+  - rails_generators/lockdown/templates/app/models/permission.rb
+  - rails_generators/lockdown/templates/app/models/profile.rb
+  - rails_generators/lockdown/templates/app/models/user.rb
+  - rails_generators/lockdown/templates/app/models/user_group.rb
+  - rails_generators/lockdown/templates/app/views/permissions/index.html.erb
+  - rails_generators/lockdown/templates/app/views/permissions/show.html.erb
+  - rails_generators/lockdown/templates/app/views/sessions/new.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
+  - rails_generators/lockdown/templates/app/views/users/edit.html.erb
+  - rails_generators/lockdown/templates/app/views/users/index.html.erb
+  - rails_generators/lockdown/templates/app/views/users/new.html.erb
+  - rails_generators/lockdown/templates/app/views/users/show.html.erb
+  - rails_generators/lockdown/templates/config/initializers/lockit.rb
+  - rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
+  - rails_generators/lockdown/templates/db/migrate/create_permissions.rb
+  - rails_generators/lockdown/templates/db/migrate/create_profiles.rb
+  - rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
+  - rails_generators/lockdown/templates/db/migrate/create_users.rb
+  - rails_generators/lockdown/templates/lib/lockdown/README
+  - rails_generators/lockdown/templates/lib/lockdown/init.rb
+  - spec/lockdown/context_spec.rb
+  - spec/lockdown/database_spec.rb
+  - spec/lockdown/frameworks/rails/controller_spec.rb
+  - spec/lockdown/frameworks/rails/view_spec.rb
+  - spec/lockdown/frameworks/rails_spec.rb
+  - spec/lockdown/permission_spec.rb
+  - spec/lockdown/rspec_helper_spec.rb
+  - spec/lockdown/rules_spec.rb
+  - spec/lockdown/session_spec.rb
+  - spec/lockdown/system_spec.rb
+  - spec/lockdown_spec.rb
+  - spec/rcov.opts
+  - spec/spec.opts
+  - spec/spec_helper.rb
+has_rdoc: true
+homepage: http://stonean.com/wiki/lockdown
+licenses: []
+post_install_message:
+rdoc_options:
+  - --charset=UTF-8
+require_paths:
+  - lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
+  version:
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: "0"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
   version:
-extensions: []
-rubygems_version: 1.3.5
 requirements: []
-authors:
-- Andrew Stone
-- Revo Pty. Ltd.
-date: 2009-12-10 13:00:00 +00:00
-platform: ruby
+rubyforge_project: lockdown
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: Authorization system for Rails 2.x
 test_files:
-- spec/lockdown_spec.rb
-- spec/spec_helper.rb
-- spec/lockdown/rules_spec.rb
-- spec/lockdown/rspec_helper_spec.rb
-- spec/lockdown/context_spec.rb
-- spec/lockdown/permission_spec.rb
-- spec/lockdown/system_spec.rb
-- spec/lockdown/database_spec.rb
-- spec/lockdown/session_spec.rb
-- spec/lockdown/frameworks/rails_spec.rb
-- spec/lockdown/frameworks/rails/view_spec.rb
-- spec/lockdown/frameworks/rails/controller_spec.rb
-version: !ruby/object:Gem::Version
-  version: 1.6.2
-require_paths:
-- lib
-dependencies:
-- !ruby/object:Gem::Dependency
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: "0"
-    version:
-  type: :development
-  version_requirement:
-  name: rspec
-bindir: bin
-has_rdoc: true
+  - spec/lockdown_spec.rb
+  - spec/spec_helper.rb
+  - spec/lockdown/rules_spec.rb
+  - spec/lockdown/rspec_helper_spec.rb
+  - spec/lockdown/context_spec.rb
+  - spec/lockdown/permission_spec.rb
+  - spec/lockdown/system_spec.rb
+  - spec/lockdown/database_spec.rb
+  - spec/lockdown/session_spec.rb
+  - spec/lockdown/frameworks/rails_spec.rb
+  - spec/lockdown/frameworks/rails/view_spec.rb
+  - spec/lockdown/frameworks/rails/controller_spec.rb