revo-lockdown 1.6.2.1 → 1.6.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/lockdown/frameworks/rails/controller.rb +6 -1
- data/lib/lockdown/frameworks/rails/view.rb +2 -2
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +5 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +33 -0
- data/spec/lockdown/frameworks/rails/view_spec.rb +2 -2
- metadata +1 -1
@@ -106,7 +106,12 @@ module Lockdown
|
|
106
106
|
respond_to do |format|
|
107
107
|
format.html do
|
108
108
|
store_location
|
109
|
-
|
109
|
+
access_denied_action = Lockdown::System.fetch(:access_denied_action)
|
110
|
+
if access_denied_action && respond_to?(access_denied_action)
|
111
|
+
send(access_denied_action)
|
112
|
+
else
|
113
|
+
redirect_to Lockdown::System.fetch(:access_denied_path)
|
114
|
+
end
|
110
115
|
return
|
111
116
|
end
|
112
117
|
format.xml do
|
@@ -58,6 +58,8 @@ module Lockdown
|
|
58
58
|
return ""
|
59
59
|
end
|
60
60
|
|
61
|
+
private
|
62
|
+
|
61
63
|
def remove_subdirectory(url)
|
62
64
|
subdir = Lockdown::System.fetch(:subdirectory)
|
63
65
|
subdir ? url.gsub(/^\/?#{subdir}/,'') : url
|
@@ -68,8 +70,6 @@ module Lockdown
|
|
68
70
|
url_for(url)
|
69
71
|
end
|
70
72
|
|
71
|
-
private :remove_subdirectory
|
72
|
-
|
73
73
|
|
74
74
|
end # View
|
75
75
|
end # Rails
|
@@ -40,6 +40,11 @@ Lockdown::System.configure do
|
|
40
40
|
#
|
41
41
|
# Set redirect to path on unauthorized access attempt:
|
42
42
|
# options[:access_denied_path] = "/"
|
43
|
+
|
44
|
+
# Set action in controller to handle unauthorized access attempt.
|
45
|
+
# This will allow specific controller to handle :access_denined_action error
|
46
|
+
# e.g. redirect to specific URL.
|
47
|
+
# options[:access_denied_action] = :access_denied_action
|
43
48
|
#
|
44
49
|
# Set redirect to path on successful login:
|
45
50
|
# options[:successful_login_path] = "/"
|
@@ -3,6 +3,18 @@ require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
|
|
3
3
|
class TestAController
|
4
4
|
extend Lockdown::Frameworks::Rails::Controller
|
5
5
|
include Lockdown::Frameworks::Rails::Controller::Lock
|
6
|
+
|
7
|
+
# Stub method for tests
|
8
|
+
def respond_to &block
|
9
|
+
block.call(self)
|
10
|
+
end
|
11
|
+
|
12
|
+
def html &block
|
13
|
+
block.call(self)
|
14
|
+
end
|
15
|
+
|
16
|
+
def xml
|
17
|
+
end
|
6
18
|
end
|
7
19
|
|
8
20
|
describe Lockdown::Frameworks::Rails::Controller do
|
@@ -156,6 +168,27 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
|
|
156
168
|
end
|
157
169
|
|
158
170
|
describe "#access_denied" do
|
171
|
+
|
172
|
+
before(:each) do
|
173
|
+
@exception = SecurityError.new
|
174
|
+
Lockdown::System.stub!(:fetch).with(:logout_on_access_violation).and_return(false)
|
175
|
+
@controller.should_receive(:store_location)
|
176
|
+
end
|
177
|
+
|
178
|
+
it "should call configured access_denied_action" do
|
179
|
+
Lockdown::System.stub!(:fetch).with(:access_denied_action).and_return(:some_action)
|
180
|
+
@controller.should_receive(:respond_to?).with(:some_action).and_return(true)
|
181
|
+
@controller.should_receive(:some_action)
|
182
|
+
@controller.send(:ld_access_denied, @exception)
|
183
|
+
end
|
184
|
+
|
185
|
+
it "should redirect to accessed_denied_path" do
|
186
|
+
Lockdown::System.stub!(:fetch).with(:access_denied_path).and_return("some_path")
|
187
|
+
Lockdown::System.stub!(:fetch).with(:access_denied_action).and_return(nil)
|
188
|
+
@controller.should_receive(:redirect_to).with("some_path")
|
189
|
+
@controller.send(:ld_access_denied, @exception)
|
190
|
+
end
|
191
|
+
|
159
192
|
end
|
160
193
|
|
161
194
|
describe "#path_from_hash" do
|
@@ -177,13 +177,13 @@ describe Lockdown::Frameworks::Rails::Controller do
|
|
177
177
|
options = { :url => 'test/test' }
|
178
178
|
@view.should_receive(:url_for).with(options[:url])
|
179
179
|
@view.should_not_receive(:url_for).with(options)
|
180
|
-
@view.url_from
|
180
|
+
@view.send(:url_from, options)
|
181
181
|
end
|
182
182
|
|
183
183
|
it "should derive the path from the options hash if no :url is given" do
|
184
184
|
options = { :controller => 'test', :action => 'index' }
|
185
185
|
@view.should_receive(:url_for).with(options)
|
186
|
-
@view.url_from
|
186
|
+
@view.send(:url_from, options)
|
187
187
|
end
|
188
188
|
|
189
189
|
|