summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsimon <simon@zagal.(none)>2009-02-12 00:02:39 +0100
committerhukl <hukl@eight.local>2009-02-15 20:22:17 +0100
commitf10e79a554bd0666de6390c4bc34b52c8ecd936d (patch)
tree29c19fe5cbfa8ad8d4ee08639ad9689c8268c60c
parentb700b1315afa9b77104cf30ca1aff0c4a33b029d (diff)
* removed the auditing observer, we'll do it the old fashioned way
* added permission model * locked down attributes on page model
-rw-r--r--app/controllers/nodes_controller.rb1
-rw-r--r--app/controllers/pages_controller.rb1
-rw-r--r--app/models/auditing_observer.rb8
-rw-r--r--app/models/node.rb4
-rw-r--r--app/models/page.rb5
-rw-r--r--app/models/permission.rb10
-rw-r--r--config/environment.rb1
-rw-r--r--db/migrate/20090211220524_create_permissions.rb15
-rw-r--r--lib/auditing.rb26
-rw-r--r--test/fixtures/permissions.yml7
-rw-r--r--test/unit/permission_test.rb8
11 files changed, 46 insertions, 40 deletions
diff --git a/app/controllers/nodes_controller.rb b/app/controllers/nodes_controller.rb
index 4c48bb5..cc1ad5c 100644
--- a/app/controllers/nodes_controller.rb
+++ b/app/controllers/nodes_controller.rb
@@ -1,5 +1,4 @@
1class NodesController < ApplicationController 1class NodesController < ApplicationController
2 include Auditing
3 2
4 layout 'admin' 3 layout 'admin'
5 4
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index 363d1e1..efd3913 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -1,5 +1,4 @@
1class PagesController < ApplicationController 1class PagesController < ApplicationController
2 include Auditing
3 2
4 # GET /pages 3 # GET /pages
5 # GET /pages.xml 4 # GET /pages.xml
diff --git a/app/models/auditing_observer.rb b/app/models/auditing_observer.rb
deleted file mode 100644
index acce18c..0000000
--- a/app/models/auditing_observer.rb
+++ /dev/null
@@ -1,8 +0,0 @@
1class AuditingObserver < Auditing::Observer
2 observe :node, :page
3
4 # TODO: Insert super secure auditing here
5 def before_save(record)
6 RAILS_DEFAULT_LOGGER.debug ">>>>>>>>>>>>> #{controller.inspect}"
7 end
8end
diff --git a/app/models/node.rb b/app/models/node.rb
index 05da907..819acac 100644
--- a/app/models/node.rb
+++ b/app/models/node.rb
@@ -1,11 +1,11 @@
1class Node < ActiveRecord::Base 1class Node < ActiveRecord::Base
2 acts_as_nested_set 2 acts_as_nested_set
3 3
4 # Associations
4 has_many :pages, :order => "revision ASC" 5 has_many :pages, :order => "revision ASC"
5 belongs_to :head, :class_name => "Page", :foreign_key => :head_id 6 belongs_to :head, :class_name => "Page", :foreign_key => :head_id
6 7
7 # Callbacks 8 # Callbacks
8
9 after_create :initialize_empty_page 9 after_create :initialize_empty_page
10 10
11 # Class methods 11 # Class methods
diff --git a/app/models/page.rb b/app/models/page.rb
index 5647ef9..aba974a 100644
--- a/app/models/page.rb
+++ b/app/models/page.rb
@@ -9,7 +9,10 @@ class Page < ActiveRecord::Base
9 # Associations 9 # Associations
10 belongs_to :node 10 belongs_to :node
11 belongs_to :user 11 belongs_to :user
12 12
13 # Security
14 attr_accessible :title, :abstract, :body
15
13 # Class Methods 16 # Class Methods
14 17
15 # This method is most likely called from the ContentHelper.render_collection 18 # This method is most likely called from the ContentHelper.render_collection
diff --git a/app/models/permission.rb b/app/models/permission.rb
new file mode 100644
index 0000000..1070b7a
--- /dev/null
+++ b/app/models/permission.rb
@@ -0,0 +1,10 @@
1class Permission < ActiveRecord::Base
2 validates_presence_of :user_id, :node_id, :granted
3
4 # Associations
5 belongs_to :user
6 belongs_to :node
7
8 # Security
9 attr_protected :user_id, :node_id, :granted # Allow no mass assignments
10end
diff --git a/config/environment.rb b/config/environment.rb
index 4577575..aad0815 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -30,7 +30,6 @@ Rails::Initializer.run do |config|
30 30
31 # Activate observers that should always be running 31 # Activate observers that should always be running
32 # config.active_record.observers = :cacher, :garbage_collector, :forum_observer 32 # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
33 config.active_record.observers = :auditing_observer
34 33
35 # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 34 # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
36 # Run "rake -D time" for a list of tasks for finding time zone names. 35 # Run "rake -D time" for a list of tasks for finding time zone names.
diff --git a/db/migrate/20090211220524_create_permissions.rb b/db/migrate/20090211220524_create_permissions.rb
new file mode 100644
index 0000000..2e007a4
--- /dev/null
+++ b/db/migrate/20090211220524_create_permissions.rb
@@ -0,0 +1,15 @@
1class CreatePermissions < ActiveRecord::Migration
2 def self.up
3 create_table :permissions do |t|
4 t.boolean :granted
5 t.integer :node_id
6 t.integer :user_id
7
8 t.timestamps
9 end
10 end
11
12 def self.down
13 drop_table :permissions
14 end
15end
diff --git a/lib/auditing.rb b/lib/auditing.rb
deleted file mode 100644
index 5379148..0000000
--- a/lib/auditing.rb
+++ /dev/null
@@ -1,26 +0,0 @@
1 module Auditing
2 def self.included(base)
3 ActiveRecord::Base.observers.each do |observer|
4 observer = if observer.respond_to?(:to_sym)
5 observer.to_s.camelize.constantize.instance
6 elsif observer.respond_to?(:instance)
7 observer.instance
8 else
9 raise ArgumentError, "#{observer} is an invalid class name"
10 end
11 base.around_filter(observer) if observer.is_a?(Auditing::Observer)
12 end
13 end
14
15 class Observer < ActiveRecord::Observer
16 attr_accessor :controller
17
18 def before(controller)
19 self.controller = controller
20 end
21
22 def after(controller)
23 self.controller = nil
24 end
25 end
26end \ No newline at end of file
diff --git a/test/fixtures/permissions.yml b/test/fixtures/permissions.yml
new file mode 100644
index 0000000..5bf0293
--- /dev/null
+++ b/test/fixtures/permissions.yml
@@ -0,0 +1,7 @@
1# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2
3# one:
4# column: value
5#
6# two:
7# column: value
diff --git a/test/unit/permission_test.rb b/test/unit/permission_test.rb
new file mode 100644
index 0000000..08fcc0b
--- /dev/null
+++ b/test/unit/permission_test.rb
@@ -0,0 +1,8 @@
1require 'test_helper'
2
3class PermissionTest < ActiveSupport::TestCase
4 # Replace this with your real tests.
5 test "the truth" do
6 assert true
7 end
8end