revo-lockdown 1.6.2 → 1.6.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/lockdown/frameworks/rails/view.rb +36 -20
- data/spec/lockdown/frameworks/rails/view_spec.rb +72 -3
- metadata +125 -126
@@ -7,37 +7,36 @@ module Lockdown
|
|
7
7
|
alias_method :link_to_open, :link_to
|
8
8
|
alias_method :link_to, :link_to_secured
|
9
9
|
|
10
|
+
alias_method :link_to_remote_open, :link_to_remote
|
11
|
+
alias_method :link_to_remote, :link_to_remote_secured
|
12
|
+
|
10
13
|
alias_method :button_to_open, :button_to
|
11
14
|
alias_method :button_to, :button_to_secured
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
def link_to_secured(name, options = {}, html_options = nil)
|
16
|
-
url = url_for(options)
|
17
15
|
|
18
|
-
|
19
|
-
|
20
|
-
url_to_authorize = remove_subdirectory(url)
|
16
|
+
alias_method :button_to_remote_open, :button_to_remote
|
17
|
+
alias_method :button_to_remote, :button_to_secured
|
21
18
|
|
22
|
-
if authorized?(url_to_authorize, method)
|
23
|
-
return link_to_open(name, url, html_options)
|
24
19
|
end
|
25
|
-
return ""
|
26
20
|
end
|
27
21
|
|
28
|
-
def
|
29
|
-
|
22
|
+
def link_to_secured(name, options = {}, html_options = nil)
|
23
|
+
secured_link_for(:link_to_open, name, options, html_options)
|
24
|
+
end
|
30
25
|
|
31
|
-
|
26
|
+
def link_to_remote_secured(name, options = {}, html_options = nil)
|
27
|
+
secured_link_for(:link_to_remote_open, name, options, html_options)
|
28
|
+
end
|
32
29
|
|
33
|
-
url_to_authorize = remove_subdirectory(url)
|
34
30
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
31
|
+
def button_to_secured(name, options = {}, html_options = nil)
|
32
|
+
secured_link_for(:button_to_open, name, options, html_options)
|
33
|
+
end
|
34
|
+
|
35
|
+
def button_to_remote_secured(name, options = {}, html_options = nil)
|
36
|
+
secured_link_for(:button_to_remote_open, name, options, html_options)
|
39
37
|
end
|
40
38
|
|
39
|
+
|
41
40
|
def link_to_or_show(name, options = {}, html_options = nil)
|
42
41
|
lnk = link_to(name, options, html_options)
|
43
42
|
lnk.length == 0 ? name : lnk
|
@@ -49,12 +48,29 @@ module Lockdown
|
|
49
48
|
rvalue.join( Lockdown::System.fetch(:link_separator) )
|
50
49
|
end
|
51
50
|
|
52
|
-
|
51
|
+
def secured_link_for(link_method_name, name, options, html_options)
|
52
|
+
url = url_from(options)
|
53
|
+
method = html_options ? html_options[:method] : :get
|
54
|
+
url_to_authorize = remove_subdirectory(url)
|
55
|
+
if authorized?(url_to_authorize, method)
|
56
|
+
return send(link_method_name, name, options, html_options)
|
57
|
+
end
|
58
|
+
return ""
|
59
|
+
end
|
60
|
+
|
53
61
|
def remove_subdirectory(url)
|
54
62
|
subdir = Lockdown::System.fetch(:subdirectory)
|
55
63
|
subdir ? url.gsub(/^\/?#{subdir}/,'') : url
|
56
64
|
end
|
57
65
|
|
66
|
+
def url_from(options)
|
67
|
+
url = options.is_a?(Hash) ? options[:url] || options : options
|
68
|
+
url_for(url)
|
69
|
+
end
|
70
|
+
|
71
|
+
private :remove_subdirectory
|
72
|
+
|
73
|
+
|
58
74
|
end # View
|
59
75
|
end # Rails
|
60
76
|
end # Frameworks
|
@@ -9,6 +9,14 @@ class TestAView
|
|
9
9
|
"button_to"
|
10
10
|
end
|
11
11
|
|
12
|
+
def link_to_remote
|
13
|
+
"link_to_remote"
|
14
|
+
end
|
15
|
+
|
16
|
+
def button_to_remote
|
17
|
+
"button_to_remote"
|
18
|
+
end
|
19
|
+
|
12
20
|
include Lockdown::Frameworks::Rails::View
|
13
21
|
end
|
14
22
|
|
@@ -43,7 +51,26 @@ describe Lockdown::Frameworks::Rails::Controller do
|
|
43
51
|
|
44
52
|
end
|
45
53
|
|
54
|
+
describe "#link_to_remote_secured" do
|
55
|
+
it "should return the link if authorized" do
|
56
|
+
link = "<a href='http://a.com'>my_link</a>"
|
57
|
+
@view.stub!(:authorized?).and_return(true)
|
58
|
+
@view.stub!(:link_to_remote_open).and_return(link)
|
59
|
+
@view.link_to_remote_secured("my link", @options).should == link
|
60
|
+
end
|
46
61
|
|
62
|
+
it "should return an empty string if authorized" do
|
63
|
+
@view.stub!(:authorized?).and_return(false)
|
64
|
+
@view.link_to_remote_secured("my link", @options).should == ""
|
65
|
+
end
|
66
|
+
|
67
|
+
it "should attempt to remove a subdirectory if it exists" do
|
68
|
+
@view.should_receive(:remove_subdirectory).once
|
69
|
+
@view.stub!(:authorized?).and_return(false)
|
70
|
+
@view.link_to_remote_secured("my link", @options).should == ""
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
47
74
|
|
48
75
|
|
49
76
|
describe "#button_to_secured" do
|
@@ -70,6 +97,28 @@ describe Lockdown::Frameworks::Rails::Controller do
|
|
70
97
|
|
71
98
|
end
|
72
99
|
|
100
|
+
describe "#button_to_remote_secured" do
|
101
|
+
it "should return the link if authorized" do
|
102
|
+
link = "<a href='http://a.com'>my_link</a>"
|
103
|
+
@view.stub!(:authorized?).and_return(true)
|
104
|
+
@view.stub!(:button_to_remote_open).and_return(link)
|
105
|
+
@view.button_to_remote_secured("my link", @options).should == link
|
106
|
+
end
|
107
|
+
|
108
|
+
it "should return an empty string if authorized" do
|
109
|
+
@view.stub!(:authorized?).and_return(false)
|
110
|
+
@view.button_to_remote_secured("my link", @options).should == ""
|
111
|
+
end
|
112
|
+
|
113
|
+
it "should attempt to remove a subdirectory if it exists" do
|
114
|
+
@view.should_receive(:remove_subdirectory).once
|
115
|
+
@view.stub!(:authorized?).and_return(false)
|
116
|
+
@view.button_to_remote_secured("my link", @options).should == ""
|
117
|
+
end
|
118
|
+
|
119
|
+
end
|
120
|
+
|
121
|
+
|
73
122
|
describe "#link_to_or_show" do
|
74
123
|
it "should return the name if link_to returned an empty string" do
|
75
124
|
@view.stub!(:link_to).and_return('')
|
@@ -108,18 +157,38 @@ describe Lockdown::Frameworks::Rails::Controller do
|
|
108
157
|
end
|
109
158
|
|
110
159
|
it "should remove subdirectory /test" do
|
111
|
-
@view.remove_subdirectory
|
160
|
+
@view.send(:remove_subdirectory,'/test/posts/new').should == '/posts/new'
|
112
161
|
end
|
113
162
|
|
114
163
|
it "should remove subdirectory 'test' without a leading /" do
|
115
|
-
@view.remove_subdirectory
|
164
|
+
@view.send(:remove_subdirectory,'test/posts/new').should == '/posts/new'
|
116
165
|
end
|
117
166
|
|
118
167
|
it "should leave the url untouched" do
|
119
|
-
@view.remove_subdirectory
|
168
|
+
@view.send(:remove_subdirectory,'/posts/new').should == '/posts/new'
|
120
169
|
end
|
121
170
|
|
122
171
|
|
123
172
|
end
|
124
173
|
|
174
|
+
describe "#url_from" do
|
175
|
+
|
176
|
+
it "should derive the path from the :url if given with options" do
|
177
|
+
options = { :url => 'test/test' }
|
178
|
+
@view.should_receive(:url_for).with(options[:url])
|
179
|
+
@view.should_not_receive(:url_for).with(options)
|
180
|
+
@view.url_from(options)
|
181
|
+
end
|
182
|
+
|
183
|
+
it "should derive the path from the options hash if no :url is given" do
|
184
|
+
options = { :controller => 'test', :action => 'index' }
|
185
|
+
@view.should_receive(:url_for).with(options)
|
186
|
+
@view.url_from(options)
|
187
|
+
end
|
188
|
+
|
189
|
+
|
190
|
+
end
|
191
|
+
|
192
|
+
|
193
|
+
|
125
194
|
end
|
metadata
CHANGED
@@ -1,139 +1,138 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
3
|
-
requirements:
|
4
|
-
- - '>='
|
5
|
-
- !ruby/object:Gem::Version
|
6
|
-
version: "0"
|
7
|
-
version:
|
8
|
-
email: andy@stonean.com
|
9
|
-
cert_chain: []
|
10
|
-
|
11
|
-
summary: Authorization system for Rails 2.x
|
12
|
-
post_install_message:
|
13
|
-
extra_rdoc_files:
|
14
|
-
- README.txt
|
15
|
-
homepage: http://stonean.com/wiki/lockdown
|
16
|
-
signing_key:
|
17
2
|
name: revo-lockdown
|
18
|
-
|
19
|
-
|
20
|
-
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.6.2.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Andrew Stone
|
8
|
+
- Revo Pty. Ltd.
|
21
9
|
autorequire:
|
22
|
-
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
23
12
|
|
13
|
+
date: 2009-12-11 00:00:00 +11:00
|
14
|
+
default_executable:
|
15
|
+
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: rspec
|
18
|
+
type: :development
|
19
|
+
version_requirement:
|
20
|
+
version_requirements: !ruby/object:Gem::Requirement
|
21
|
+
requirements:
|
22
|
+
- - ">="
|
23
|
+
- !ruby/object:Gem::Version
|
24
|
+
version: "0"
|
25
|
+
version:
|
26
|
+
description: Restrict access to your controller actions. Supports basic model level restrictions as well
|
27
|
+
email: andy@stonean.com
|
24
28
|
executables: []
|
25
29
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
+
extensions: []
|
31
|
+
|
32
|
+
extra_rdoc_files:
|
33
|
+
- README.txt
|
30
34
|
files:
|
31
|
-
- .gitignore
|
32
|
-
- README.txt
|
33
|
-
- Rakefile
|
34
|
-
- lib/lockdown.rb
|
35
|
-
- lib/lockdown/context.rb
|
36
|
-
- lib/lockdown/database.rb
|
37
|
-
- lib/lockdown/errors.rb
|
38
|
-
- lib/lockdown/frameworks/rails.rb
|
39
|
-
- lib/lockdown/frameworks/rails/controller.rb
|
40
|
-
- lib/lockdown/frameworks/rails/view.rb
|
41
|
-
- lib/lockdown/helper.rb
|
42
|
-
- lib/lockdown/orms/active_record.rb
|
43
|
-
- lib/lockdown/permission.rb
|
44
|
-
- lib/lockdown/references.rb
|
45
|
-
- lib/lockdown/rspec_helper.rb
|
46
|
-
- lib/lockdown/rules.rb
|
47
|
-
- lib/lockdown/session.rb
|
48
|
-
- lib/lockdown/system.rb
|
49
|
-
- rails_generators/lockdown/lockdown_generator.rb
|
50
|
-
- rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
|
51
|
-
- rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
|
52
|
-
- rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
|
53
|
-
- rails_generators/lockdown/templates/app/controllers/users_controller.rb
|
54
|
-
- rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
|
55
|
-
- rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
|
56
|
-
- rails_generators/lockdown/templates/app/helpers/users_helper.rb
|
57
|
-
- rails_generators/lockdown/templates/app/models/permission.rb
|
58
|
-
- rails_generators/lockdown/templates/app/models/profile.rb
|
59
|
-
- rails_generators/lockdown/templates/app/models/user.rb
|
60
|
-
- rails_generators/lockdown/templates/app/models/user_group.rb
|
61
|
-
- rails_generators/lockdown/templates/app/views/permissions/index.html.erb
|
62
|
-
- rails_generators/lockdown/templates/app/views/permissions/show.html.erb
|
63
|
-
- rails_generators/lockdown/templates/app/views/sessions/new.html.erb
|
64
|
-
- rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
|
65
|
-
- rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
|
66
|
-
- rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
|
67
|
-
- rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
|
68
|
-
- rails_generators/lockdown/templates/app/views/users/edit.html.erb
|
69
|
-
- rails_generators/lockdown/templates/app/views/users/index.html.erb
|
70
|
-
- rails_generators/lockdown/templates/app/views/users/new.html.erb
|
71
|
-
- rails_generators/lockdown/templates/app/views/users/show.html.erb
|
72
|
-
- rails_generators/lockdown/templates/config/initializers/lockit.rb
|
73
|
-
- rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
|
74
|
-
- rails_generators/lockdown/templates/db/migrate/create_permissions.rb
|
75
|
-
- rails_generators/lockdown/templates/db/migrate/create_profiles.rb
|
76
|
-
- rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
|
77
|
-
- rails_generators/lockdown/templates/db/migrate/create_users.rb
|
78
|
-
- rails_generators/lockdown/templates/lib/lockdown/README
|
79
|
-
- rails_generators/lockdown/templates/lib/lockdown/init.rb
|
80
|
-
- spec/lockdown/context_spec.rb
|
81
|
-
- spec/lockdown/database_spec.rb
|
82
|
-
- spec/lockdown/frameworks/rails/controller_spec.rb
|
83
|
-
- spec/lockdown/frameworks/rails/view_spec.rb
|
84
|
-
- spec/lockdown/frameworks/rails_spec.rb
|
85
|
-
- spec/lockdown/permission_spec.rb
|
86
|
-
- spec/lockdown/rspec_helper_spec.rb
|
87
|
-
- spec/lockdown/rules_spec.rb
|
88
|
-
- spec/lockdown/session_spec.rb
|
89
|
-
- spec/lockdown/system_spec.rb
|
90
|
-
- spec/lockdown_spec.rb
|
91
|
-
- spec/rcov.opts
|
92
|
-
- spec/spec.opts
|
93
|
-
- spec/spec_helper.rb
|
35
|
+
- .gitignore
|
36
|
+
- README.txt
|
37
|
+
- Rakefile
|
38
|
+
- lib/lockdown.rb
|
39
|
+
- lib/lockdown/context.rb
|
40
|
+
- lib/lockdown/database.rb
|
41
|
+
- lib/lockdown/errors.rb
|
42
|
+
- lib/lockdown/frameworks/rails.rb
|
43
|
+
- lib/lockdown/frameworks/rails/controller.rb
|
44
|
+
- lib/lockdown/frameworks/rails/view.rb
|
45
|
+
- lib/lockdown/helper.rb
|
46
|
+
- lib/lockdown/orms/active_record.rb
|
47
|
+
- lib/lockdown/permission.rb
|
48
|
+
- lib/lockdown/references.rb
|
49
|
+
- lib/lockdown/rspec_helper.rb
|
50
|
+
- lib/lockdown/rules.rb
|
51
|
+
- lib/lockdown/session.rb
|
52
|
+
- lib/lockdown/system.rb
|
53
|
+
- rails_generators/lockdown/lockdown_generator.rb
|
54
|
+
- rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
|
55
|
+
- rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
|
56
|
+
- rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
|
57
|
+
- rails_generators/lockdown/templates/app/controllers/users_controller.rb
|
58
|
+
- rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
|
59
|
+
- rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
|
60
|
+
- rails_generators/lockdown/templates/app/helpers/users_helper.rb
|
61
|
+
- rails_generators/lockdown/templates/app/models/permission.rb
|
62
|
+
- rails_generators/lockdown/templates/app/models/profile.rb
|
63
|
+
- rails_generators/lockdown/templates/app/models/user.rb
|
64
|
+
- rails_generators/lockdown/templates/app/models/user_group.rb
|
65
|
+
- rails_generators/lockdown/templates/app/views/permissions/index.html.erb
|
66
|
+
- rails_generators/lockdown/templates/app/views/permissions/show.html.erb
|
67
|
+
- rails_generators/lockdown/templates/app/views/sessions/new.html.erb
|
68
|
+
- rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
|
69
|
+
- rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
|
70
|
+
- rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
|
71
|
+
- rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
|
72
|
+
- rails_generators/lockdown/templates/app/views/users/edit.html.erb
|
73
|
+
- rails_generators/lockdown/templates/app/views/users/index.html.erb
|
74
|
+
- rails_generators/lockdown/templates/app/views/users/new.html.erb
|
75
|
+
- rails_generators/lockdown/templates/app/views/users/show.html.erb
|
76
|
+
- rails_generators/lockdown/templates/config/initializers/lockit.rb
|
77
|
+
- rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
|
78
|
+
- rails_generators/lockdown/templates/db/migrate/create_permissions.rb
|
79
|
+
- rails_generators/lockdown/templates/db/migrate/create_profiles.rb
|
80
|
+
- rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
|
81
|
+
- rails_generators/lockdown/templates/db/migrate/create_users.rb
|
82
|
+
- rails_generators/lockdown/templates/lib/lockdown/README
|
83
|
+
- rails_generators/lockdown/templates/lib/lockdown/init.rb
|
84
|
+
- spec/lockdown/context_spec.rb
|
85
|
+
- spec/lockdown/database_spec.rb
|
86
|
+
- spec/lockdown/frameworks/rails/controller_spec.rb
|
87
|
+
- spec/lockdown/frameworks/rails/view_spec.rb
|
88
|
+
- spec/lockdown/frameworks/rails_spec.rb
|
89
|
+
- spec/lockdown/permission_spec.rb
|
90
|
+
- spec/lockdown/rspec_helper_spec.rb
|
91
|
+
- spec/lockdown/rules_spec.rb
|
92
|
+
- spec/lockdown/session_spec.rb
|
93
|
+
- spec/lockdown/system_spec.rb
|
94
|
+
- spec/lockdown_spec.rb
|
95
|
+
- spec/rcov.opts
|
96
|
+
- spec/spec.opts
|
97
|
+
- spec/spec_helper.rb
|
98
|
+
has_rdoc: true
|
99
|
+
homepage: http://stonean.com/wiki/lockdown
|
100
|
+
licenses: []
|
101
|
+
|
102
|
+
post_install_message:
|
103
|
+
rdoc_options:
|
104
|
+
- --charset=UTF-8
|
105
|
+
require_paths:
|
106
|
+
- lib
|
107
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
108
|
+
requirements:
|
109
|
+
- - ">="
|
110
|
+
- !ruby/object:Gem::Version
|
111
|
+
version: "0"
|
112
|
+
version:
|
94
113
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
95
114
|
requirements:
|
96
|
-
|
97
|
-
|
98
|
-
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: "0"
|
99
118
|
version:
|
100
|
-
extensions: []
|
101
|
-
|
102
|
-
rubygems_version: 1.3.5
|
103
119
|
requirements: []
|
104
120
|
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
121
|
+
rubyforge_project: lockdown
|
122
|
+
rubygems_version: 1.3.5
|
123
|
+
signing_key:
|
124
|
+
specification_version: 3
|
125
|
+
summary: Authorization system for Rails 2.x
|
110
126
|
test_files:
|
111
|
-
- spec/lockdown_spec.rb
|
112
|
-
- spec/spec_helper.rb
|
113
|
-
- spec/lockdown/rules_spec.rb
|
114
|
-
- spec/lockdown/rspec_helper_spec.rb
|
115
|
-
- spec/lockdown/context_spec.rb
|
116
|
-
- spec/lockdown/permission_spec.rb
|
117
|
-
- spec/lockdown/system_spec.rb
|
118
|
-
- spec/lockdown/database_spec.rb
|
119
|
-
- spec/lockdown/session_spec.rb
|
120
|
-
- spec/lockdown/frameworks/rails_spec.rb
|
121
|
-
- spec/lockdown/frameworks/rails/view_spec.rb
|
122
|
-
- spec/lockdown/frameworks/rails/controller_spec.rb
|
123
|
-
version: !ruby/object:Gem::Version
|
124
|
-
version: 1.6.2
|
125
|
-
require_paths:
|
126
|
-
- lib
|
127
|
-
dependencies:
|
128
|
-
- !ruby/object:Gem::Dependency
|
129
|
-
version_requirements: !ruby/object:Gem::Requirement
|
130
|
-
requirements:
|
131
|
-
- - '>='
|
132
|
-
- !ruby/object:Gem::Version
|
133
|
-
version: "0"
|
134
|
-
version:
|
135
|
-
type: :development
|
136
|
-
version_requirement:
|
137
|
-
name: rspec
|
138
|
-
bindir: bin
|
139
|
-
has_rdoc: true
|
127
|
+
- spec/lockdown_spec.rb
|
128
|
+
- spec/spec_helper.rb
|
129
|
+
- spec/lockdown/rules_spec.rb
|
130
|
+
- spec/lockdown/rspec_helper_spec.rb
|
131
|
+
- spec/lockdown/context_spec.rb
|
132
|
+
- spec/lockdown/permission_spec.rb
|
133
|
+
- spec/lockdown/system_spec.rb
|
134
|
+
- spec/lockdown/database_spec.rb
|
135
|
+
- spec/lockdown/session_spec.rb
|
136
|
+
- spec/lockdown/frameworks/rails_spec.rb
|
137
|
+
- spec/lockdown/frameworks/rails/view_spec.rb
|
138
|
+
- spec/lockdown/frameworks/rails/controller_spec.rb
|