diff options
| author | simon <simon@zagal.(none)> | 2009-02-12 00:02:39 +0100 |
|---|---|---|
| committer | hukl <hukl@eight.local> | 2009-02-15 20:22:17 +0100 |
| commit | f10e79a554bd0666de6390c4bc34b52c8ecd936d (patch) | |
| tree | 29c19fe5cbfa8ad8d4ee08639ad9689c8268c60c | |
| parent | b700b1315afa9b77104cf30ca1aff0c4a33b029d (diff) | |
* removed the auditing observer, we'll do it the old fashioned way
* added permission model
* locked down attributes on page model
| -rw-r--r-- | app/controllers/nodes_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/pages_controller.rb | 1 | ||||
| -rw-r--r-- | app/models/auditing_observer.rb | 8 | ||||
| -rw-r--r-- | app/models/node.rb | 4 | ||||
| -rw-r--r-- | app/models/page.rb | 5 | ||||
| -rw-r--r-- | app/models/permission.rb | 10 | ||||
| -rw-r--r-- | config/environment.rb | 1 | ||||
| -rw-r--r-- | db/migrate/20090211220524_create_permissions.rb | 15 | ||||
| -rw-r--r-- | lib/auditing.rb | 26 | ||||
| -rw-r--r-- | test/fixtures/permissions.yml | 7 | ||||
| -rw-r--r-- | test/unit/permission_test.rb | 8 |
11 files changed, 46 insertions, 40 deletions
diff --git a/app/controllers/nodes_controller.rb b/app/controllers/nodes_controller.rb index 4c48bb5..cc1ad5c 100644 --- a/app/controllers/nodes_controller.rb +++ b/app/controllers/nodes_controller.rb | |||
| @@ -1,5 +1,4 @@ | |||
| 1 | class NodesController < ApplicationController | 1 | class NodesController < ApplicationController |
| 2 | include Auditing | ||
| 3 | 2 | ||
| 4 | layout 'admin' | 3 | layout 'admin' |
| 5 | 4 | ||
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index 363d1e1..efd3913 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb | |||
| @@ -1,5 +1,4 @@ | |||
| 1 | class PagesController < ApplicationController | 1 | class PagesController < ApplicationController |
| 2 | include Auditing | ||
| 3 | 2 | ||
| 4 | # GET /pages | 3 | # GET /pages |
| 5 | # GET /pages.xml | 4 | # GET /pages.xml |
diff --git a/app/models/auditing_observer.rb b/app/models/auditing_observer.rb deleted file mode 100644 index acce18c..0000000 --- a/app/models/auditing_observer.rb +++ /dev/null | |||
| @@ -1,8 +0,0 @@ | |||
| 1 | class AuditingObserver < Auditing::Observer | ||
| 2 | observe :node, :page | ||
| 3 | |||
| 4 | # TODO: Insert super secure auditing here | ||
| 5 | def before_save(record) | ||
| 6 | RAILS_DEFAULT_LOGGER.debug ">>>>>>>>>>>>> #{controller.inspect}" | ||
| 7 | end | ||
| 8 | end | ||
diff --git a/app/models/node.rb b/app/models/node.rb index 05da907..819acac 100644 --- a/app/models/node.rb +++ b/app/models/node.rb | |||
| @@ -1,11 +1,11 @@ | |||
| 1 | class Node < ActiveRecord::Base | 1 | class Node < ActiveRecord::Base |
| 2 | acts_as_nested_set | 2 | acts_as_nested_set |
| 3 | 3 | ||
| 4 | # Associations | ||
| 4 | has_many :pages, :order => "revision ASC" | 5 | has_many :pages, :order => "revision ASC" |
| 5 | belongs_to :head, :class_name => "Page", :foreign_key => :head_id | 6 | belongs_to :head, :class_name => "Page", :foreign_key => :head_id |
| 6 | 7 | ||
| 7 | # Callbacks | 8 | # Callbacks |
| 8 | |||
| 9 | after_create :initialize_empty_page | 9 | after_create :initialize_empty_page |
| 10 | 10 | ||
| 11 | # Class methods | 11 | # Class methods |
diff --git a/app/models/page.rb b/app/models/page.rb index 5647ef9..aba974a 100644 --- a/app/models/page.rb +++ b/app/models/page.rb | |||
| @@ -9,7 +9,10 @@ class Page < ActiveRecord::Base | |||
| 9 | # Associations | 9 | # Associations |
| 10 | belongs_to :node | 10 | belongs_to :node |
| 11 | belongs_to :user | 11 | belongs_to :user |
| 12 | 12 | ||
| 13 | # Security | ||
| 14 | attr_accessible :title, :abstract, :body | ||
| 15 | |||
| 13 | # Class Methods | 16 | # Class Methods |
| 14 | 17 | ||
| 15 | # This method is most likely called from the ContentHelper.render_collection | 18 | # This method is most likely called from the ContentHelper.render_collection |
diff --git a/app/models/permission.rb b/app/models/permission.rb new file mode 100644 index 0000000..1070b7a --- /dev/null +++ b/app/models/permission.rb | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | class Permission < ActiveRecord::Base | ||
| 2 | validates_presence_of :user_id, :node_id, :granted | ||
| 3 | |||
| 4 | # Associations | ||
| 5 | belongs_to :user | ||
| 6 | belongs_to :node | ||
| 7 | |||
| 8 | # Security | ||
| 9 | attr_protected :user_id, :node_id, :granted # Allow no mass assignments | ||
| 10 | end | ||
diff --git a/config/environment.rb b/config/environment.rb index 4577575..aad0815 100644 --- a/config/environment.rb +++ b/config/environment.rb | |||
| @@ -30,7 +30,6 @@ Rails::Initializer.run do |config| | |||
| 30 | 30 | ||
| 31 | # Activate observers that should always be running | 31 | # Activate observers that should always be running |
| 32 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer | 32 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer |
| 33 | config.active_record.observers = :auditing_observer | ||
| 34 | 33 | ||
| 35 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. | 34 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. |
| 36 | # Run "rake -D time" for a list of tasks for finding time zone names. | 35 | # Run "rake -D time" for a list of tasks for finding time zone names. |
diff --git a/db/migrate/20090211220524_create_permissions.rb b/db/migrate/20090211220524_create_permissions.rb new file mode 100644 index 0000000..2e007a4 --- /dev/null +++ b/db/migrate/20090211220524_create_permissions.rb | |||
| @@ -0,0 +1,15 @@ | |||
| 1 | class CreatePermissions < ActiveRecord::Migration | ||
| 2 | def self.up | ||
| 3 | create_table :permissions do |t| | ||
| 4 | t.boolean :granted | ||
| 5 | t.integer :node_id | ||
| 6 | t.integer :user_id | ||
| 7 | |||
| 8 | t.timestamps | ||
| 9 | end | ||
| 10 | end | ||
| 11 | |||
| 12 | def self.down | ||
| 13 | drop_table :permissions | ||
| 14 | end | ||
| 15 | end | ||
diff --git a/lib/auditing.rb b/lib/auditing.rb deleted file mode 100644 index 5379148..0000000 --- a/lib/auditing.rb +++ /dev/null | |||
| @@ -1,26 +0,0 @@ | |||
| 1 | module Auditing | ||
| 2 | def self.included(base) | ||
| 3 | ActiveRecord::Base.observers.each do |observer| | ||
| 4 | observer = if observer.respond_to?(:to_sym) | ||
| 5 | observer.to_s.camelize.constantize.instance | ||
| 6 | elsif observer.respond_to?(:instance) | ||
| 7 | observer.instance | ||
| 8 | else | ||
| 9 | raise ArgumentError, "#{observer} is an invalid class name" | ||
| 10 | end | ||
| 11 | base.around_filter(observer) if observer.is_a?(Auditing::Observer) | ||
| 12 | end | ||
| 13 | end | ||
| 14 | |||
| 15 | class Observer < ActiveRecord::Observer | ||
| 16 | attr_accessor :controller | ||
| 17 | |||
| 18 | def before(controller) | ||
| 19 | self.controller = controller | ||
| 20 | end | ||
| 21 | |||
| 22 | def after(controller) | ||
| 23 | self.controller = nil | ||
| 24 | end | ||
| 25 | end | ||
| 26 | end \ No newline at end of file | ||
diff --git a/test/fixtures/permissions.yml b/test/fixtures/permissions.yml new file mode 100644 index 0000000..5bf0293 --- /dev/null +++ b/test/fixtures/permissions.yml | |||
| @@ -0,0 +1,7 @@ | |||
| 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html | ||
| 2 | |||
| 3 | # one: | ||
| 4 | # column: value | ||
| 5 | # | ||
| 6 | # two: | ||
| 7 | # column: value | ||
diff --git a/test/unit/permission_test.rb b/test/unit/permission_test.rb new file mode 100644 index 0000000..08fcc0b --- /dev/null +++ b/test/unit/permission_test.rb | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | require 'test_helper' | ||
| 2 | |||
| 3 | class PermissionTest < ActiveSupport::TestCase | ||
| 4 | # Replace this with your real tests. | ||
| 5 | test "the truth" do | ||
| 6 | assert true | ||
| 7 | end | ||
| 8 | end | ||
