RubyGems - revo-lockdown - Versions diffs - 1.6.2 → 1.6.2.1 - Mend

revo-lockdown 1.6.2 → 1.6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

data/lib/lockdown/frameworks/rails/view.rb +36 -20
data/spec/lockdown/frameworks/rails/view_spec.rb +72 -3
metadata +125 -126

data/lib/lockdown/frameworks/rails/view.rb CHANGED Viewed

@@ -7,37 +7,36 @@ module Lockdown
             alias_method :link_to_open, :link_to
             alias_method :link_to, :link_to_secured
+            alias_method :link_to_remote_open, :link_to_remote
+            alias_method :link_to_remote, :link_to_remote_secured
             alias_method :button_to_open, :button_to
             alias_method :button_to, :button_to_secured
-          end
-        end
-        def link_to_secured(name, options = {}, html_options = nil)
-          url = url_for(options)
-          method = html_options ? html_options[:method] : :get
-         url_to_authorize = remove_subdirectory(url)
+            alias_method :button_to_remote_open, :button_to_remote
+            alias_method :button_to_remote, :button_to_secured
-         if authorized?(url_to_authorize, method)
-            return link_to_open(name, url, html_options)
           end
-          return ""
         end
-        def button_to_secured(name, options = {}, html_options = nil)
-          url = url_for(options)
+        def link_to_secured(name, options = {}, html_options = nil)
+          secured_link_for(:link_to_open, name, options, html_options)
+        end
-          method = html_options ? html_options[:method] : :get
+        def link_to_remote_secured(name, options = {}, html_options = nil)
+          secured_link_for(:link_to_remote_open, name, options, html_options)
+        end
-          url_to_authorize = remove_subdirectory(url)
-          if authorized?(url_to_authorize, method)
-            return button_to_open(name, url, html_options)
-          end
-          return ""
+        def button_to_secured(name, options = {}, html_options = nil)
+          secured_link_for(:button_to_open, name, options, html_options)
+        end
+        def button_to_remote_secured(name, options = {}, html_options = nil)
+          secured_link_for(:button_to_remote_open, name, options, html_options)
         end
         def link_to_or_show(name, options = {}, html_options = nil)
           lnk = link_to(name, options, html_options)
           lnk.length == 0 ? name : lnk
@@ -49,12 +48,29 @@ module Lockdown
           rvalue.join( Lockdown::System.fetch(:link_separator) )
         end
+        def secured_link_for(link_method_name, name, options, html_options)
+          url = url_from(options)
+          method = html_options ? html_options[:method] : :get
+          url_to_authorize = remove_subdirectory(url)
+          if authorized?(url_to_authorize, method)
+            return send(link_method_name, name, options, html_options)
+          end
+          return ""
+        end
         def remove_subdirectory(url)
           subdir = Lockdown::System.fetch(:subdirectory)
           subdir ? url.gsub(/^\/?#{subdir}/,'') : url
         end
+        def url_from(options)
+          url = options.is_a?(Hash) ? options[:url] || options : options
+          url_for(url)
+        end
+        private :remove_subdirectory
       end # View
     end # Rails
   end # Frameworks

data/spec/lockdown/frameworks/rails/view_spec.rb CHANGED Viewed

@@ -9,6 +9,14 @@ class TestAView
     "button_to"
   end
+  def link_to_remote
+    "link_to_remote"
+  end
+  def button_to_remote
+    "button_to_remote"
+  end
   include Lockdown::Frameworks::Rails::View
 end
@@ -43,7 +51,26 @@ describe Lockdown::Frameworks::Rails::Controller do
   end
+  describe "#link_to_remote_secured" do
+    it "should return the link if authorized" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:authorized?).and_return(true)
+      @view.stub!(:link_to_remote_open).and_return(link)
+      @view.link_to_remote_secured("my link", @options).should == link
+    end
+    it "should return an empty string if authorized" do
+      @view.stub!(:authorized?).and_return(false)
+      @view.link_to_remote_secured("my link", @options).should == ""
+    end
+    it "should attempt to remove a subdirectory if it exists" do
+      @view.should_receive(:remove_subdirectory).once
+      @view.stub!(:authorized?).and_return(false)
+      @view.link_to_remote_secured("my link", @options).should == ""
+    end
+  end
   describe "#button_to_secured" do
@@ -70,6 +97,28 @@ describe Lockdown::Frameworks::Rails::Controller do
   end
+  describe "#button_to_remote_secured" do
+    it "should return the link if authorized" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:authorized?).and_return(true)
+      @view.stub!(:button_to_remote_open).and_return(link)
+      @view.button_to_remote_secured("my link", @options).should == link
+    end
+    it "should return an empty string if authorized" do
+      @view.stub!(:authorized?).and_return(false)
+      @view.button_to_remote_secured("my link", @options).should == ""
+    end
+    it "should attempt to remove a subdirectory if it exists" do
+      @view.should_receive(:remove_subdirectory).once
+      @view.stub!(:authorized?).and_return(false)
+      @view.button_to_remote_secured("my link", @options).should == ""
+    end
+  end
   describe "#link_to_or_show" do
     it "should return the name if link_to returned an empty string" do
       @view.stub!(:link_to).and_return('')
@@ -108,18 +157,38 @@ describe Lockdown::Frameworks::Rails::Controller do
     end
     it "should remove subdirectory /test" do
-      @view.remove_subdirectory('/test/posts/new').should == '/posts/new'
+      @view.send(:remove_subdirectory,'/test/posts/new').should == '/posts/new'
     end
     it "should remove subdirectory 'test' without a leading /" do
-      @view.remove_subdirectory('test/posts/new').should == '/posts/new'
+      @view.send(:remove_subdirectory,'test/posts/new').should == '/posts/new'
     end
     it "should leave the url untouched" do
-      @view.remove_subdirectory('/posts/new').should == '/posts/new'
+      @view.send(:remove_subdirectory,'/posts/new').should == '/posts/new'
     end
   end
+  describe "#url_from" do
+    it "should derive the path from the :url if given with options" do
+      options = { :url => 'test/test' }
+      @view.should_receive(:url_for).with(options[:url])
+      @view.should_not_receive(:url_for).with(options)
+      @view.url_from(options)
+    end
+    it "should derive the path from the options hash if no :url is given" do
+      options = { :controller => 'test', :action => 'index' }
+      @view.should_receive(:url_for).with(options)
+      @view.url_from(options)
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,139 +1,138 @@
 --- !ruby/object:Gem::Specification
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: "0"
-  version:
-email: andy@stonean.com
-cert_chain: []
-summary: Authorization system for Rails 2.x
-post_install_message:
-extra_rdoc_files:
-- README.txt
-homepage: http://stonean.com/wiki/lockdown
-signing_key:
 name: revo-lockdown
-rdoc_options:
-- --charset=UTF-8
-rubyforge_project: lockdown
+version: !ruby/object:Gem::Version
+  version: 1.6.2.1
+platform: ruby
+authors:
+  - Andrew Stone
+  - Revo Pty. Ltd.
 autorequire:
-licenses: []
+bindir: bin
+cert_chain: []
+date: 2009-12-11 00:00:00 +11:00
+default_executable:
+dependencies:
+  - !ruby/object:Gem::Dependency
+    name: rspec
+    type: :development
+    version_requirement:
+    version_requirements: !ruby/object:Gem::Requirement
+      requirements:
+        - - ">="
+          - !ruby/object:Gem::Version
+            version: "0"
+      version:
+description: Restrict access to your controller actions.  Supports basic model level restrictions as well
+email: andy@stonean.com
 executables: []
-description: Restrict access to your controller actions.  Supports basic model level
-  restrictions as well
-specification_version: 3
-default_executable:
+extensions: []
+extra_rdoc_files:
+  - README.txt
 files:
-- .gitignore
-- README.txt
-- Rakefile
-- lib/lockdown.rb
-- lib/lockdown/context.rb
-- lib/lockdown/database.rb
-- lib/lockdown/errors.rb
-- lib/lockdown/frameworks/rails.rb
-- lib/lockdown/frameworks/rails/controller.rb
-- lib/lockdown/frameworks/rails/view.rb
-- lib/lockdown/helper.rb
-- lib/lockdown/orms/active_record.rb
-- lib/lockdown/permission.rb
-- lib/lockdown/references.rb
-- lib/lockdown/rspec_helper.rb
-- lib/lockdown/rules.rb
-- lib/lockdown/session.rb
-- lib/lockdown/system.rb
-- rails_generators/lockdown/lockdown_generator.rb
-- rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
-- rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
-- rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
-- rails_generators/lockdown/templates/app/controllers/users_controller.rb
-- rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
-- rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
-- rails_generators/lockdown/templates/app/helpers/users_helper.rb
-- rails_generators/lockdown/templates/app/models/permission.rb
-- rails_generators/lockdown/templates/app/models/profile.rb
-- rails_generators/lockdown/templates/app/models/user.rb
-- rails_generators/lockdown/templates/app/models/user_group.rb
-- rails_generators/lockdown/templates/app/views/permissions/index.html.erb
-- rails_generators/lockdown/templates/app/views/permissions/show.html.erb
-- rails_generators/lockdown/templates/app/views/sessions/new.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
-- rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
-- rails_generators/lockdown/templates/app/views/users/edit.html.erb
-- rails_generators/lockdown/templates/app/views/users/index.html.erb
-- rails_generators/lockdown/templates/app/views/users/new.html.erb
-- rails_generators/lockdown/templates/app/views/users/show.html.erb
-- rails_generators/lockdown/templates/config/initializers/lockit.rb
-- rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
-- rails_generators/lockdown/templates/db/migrate/create_permissions.rb
-- rails_generators/lockdown/templates/db/migrate/create_profiles.rb
-- rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
-- rails_generators/lockdown/templates/db/migrate/create_users.rb
-- rails_generators/lockdown/templates/lib/lockdown/README
-- rails_generators/lockdown/templates/lib/lockdown/init.rb
-- spec/lockdown/context_spec.rb
-- spec/lockdown/database_spec.rb
-- spec/lockdown/frameworks/rails/controller_spec.rb
-- spec/lockdown/frameworks/rails/view_spec.rb
-- spec/lockdown/frameworks/rails_spec.rb
-- spec/lockdown/permission_spec.rb
-- spec/lockdown/rspec_helper_spec.rb
-- spec/lockdown/rules_spec.rb
-- spec/lockdown/session_spec.rb
-- spec/lockdown/system_spec.rb
-- spec/lockdown_spec.rb
-- spec/rcov.opts
-- spec/spec.opts
-- spec/spec_helper.rb
+  - .gitignore
+  - README.txt
+  - Rakefile
+  - lib/lockdown.rb
+  - lib/lockdown/context.rb
+  - lib/lockdown/database.rb
+  - lib/lockdown/errors.rb
+  - lib/lockdown/frameworks/rails.rb
+  - lib/lockdown/frameworks/rails/controller.rb
+  - lib/lockdown/frameworks/rails/view.rb
+  - lib/lockdown/helper.rb
+  - lib/lockdown/orms/active_record.rb
+  - lib/lockdown/permission.rb
+  - lib/lockdown/references.rb
+  - lib/lockdown/rspec_helper.rb
+  - lib/lockdown/rules.rb
+  - lib/lockdown/session.rb
+  - lib/lockdown/system.rb
+  - rails_generators/lockdown/lockdown_generator.rb
+  - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
+  - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
+  - rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
+  - rails_generators/lockdown/templates/app/controllers/users_controller.rb
+  - rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
+  - rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
+  - rails_generators/lockdown/templates/app/helpers/users_helper.rb
+  - rails_generators/lockdown/templates/app/models/permission.rb
+  - rails_generators/lockdown/templates/app/models/profile.rb
+  - rails_generators/lockdown/templates/app/models/user.rb
+  - rails_generators/lockdown/templates/app/models/user_group.rb
+  - rails_generators/lockdown/templates/app/views/permissions/index.html.erb
+  - rails_generators/lockdown/templates/app/views/permissions/show.html.erb
+  - rails_generators/lockdown/templates/app/views/sessions/new.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
+  - rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
+  - rails_generators/lockdown/templates/app/views/users/edit.html.erb
+  - rails_generators/lockdown/templates/app/views/users/index.html.erb
+  - rails_generators/lockdown/templates/app/views/users/new.html.erb
+  - rails_generators/lockdown/templates/app/views/users/show.html.erb
+  - rails_generators/lockdown/templates/config/initializers/lockit.rb
+  - rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
+  - rails_generators/lockdown/templates/db/migrate/create_permissions.rb
+  - rails_generators/lockdown/templates/db/migrate/create_profiles.rb
+  - rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
+  - rails_generators/lockdown/templates/db/migrate/create_users.rb
+  - rails_generators/lockdown/templates/lib/lockdown/README
+  - rails_generators/lockdown/templates/lib/lockdown/init.rb
+  - spec/lockdown/context_spec.rb
+  - spec/lockdown/database_spec.rb
+  - spec/lockdown/frameworks/rails/controller_spec.rb
+  - spec/lockdown/frameworks/rails/view_spec.rb
+  - spec/lockdown/frameworks/rails_spec.rb
+  - spec/lockdown/permission_spec.rb
+  - spec/lockdown/rspec_helper_spec.rb
+  - spec/lockdown/rules_spec.rb
+  - spec/lockdown/session_spec.rb
+  - spec/lockdown/system_spec.rb
+  - spec/lockdown_spec.rb
+  - spec/rcov.opts
+  - spec/spec.opts
+  - spec/spec_helper.rb
+has_rdoc: true
+homepage: http://stonean.com/wiki/lockdown
+licenses: []
+post_install_message:
+rdoc_options:
+  - --charset=UTF-8
+require_paths:
+  - lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
+  version:
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: "0"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
   version:
-extensions: []
-rubygems_version: 1.3.5
 requirements: []
-authors:
-- Andrew Stone
-- Revo Pty. Ltd.
-date: 2009-12-10 13:00:00 +00:00
-platform: ruby
+rubyforge_project: lockdown
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: Authorization system for Rails 2.x
 test_files:
-- spec/lockdown_spec.rb
-- spec/spec_helper.rb
-- spec/lockdown/rules_spec.rb
-- spec/lockdown/rspec_helper_spec.rb
-- spec/lockdown/context_spec.rb
-- spec/lockdown/permission_spec.rb
-- spec/lockdown/system_spec.rb
-- spec/lockdown/database_spec.rb
-- spec/lockdown/session_spec.rb
-- spec/lockdown/frameworks/rails_spec.rb
-- spec/lockdown/frameworks/rails/view_spec.rb
-- spec/lockdown/frameworks/rails/controller_spec.rb
-version: !ruby/object:Gem::Version
-  version: 1.6.2
-require_paths:
-- lib
-dependencies:
-- !ruby/object:Gem::Dependency
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: "0"
-    version:
-  type: :development
-  version_requirement:
-  name: rspec
-bindir: bin
-has_rdoc: true
+  - spec/lockdown_spec.rb
+  - spec/spec_helper.rb
+  - spec/lockdown/rules_spec.rb
+  - spec/lockdown/rspec_helper_spec.rb
+  - spec/lockdown/context_spec.rb
+  - spec/lockdown/permission_spec.rb
+  - spec/lockdown/system_spec.rb
+  - spec/lockdown/database_spec.rb
+  - spec/lockdown/session_spec.rb
+  - spec/lockdown/frameworks/rails_spec.rb
+  - spec/lockdown/frameworks/rails/view_spec.rb
+  - spec/lockdown/frameworks/rails/controller_spec.rb