From f10e79a554bd0666de6390c4bc34b52c8ecd936d Mon Sep 17 00:00:00 2001 From: simon Date: Thu, 12 Feb 2009 00:02:39 +0100 Subject: * removed the auditing observer, we'll do it the old fashioned way * added permission model * locked down attributes on page model --- app/controllers/nodes_controller.rb | 1 - app/controllers/pages_controller.rb | 1 - app/models/auditing_observer.rb | 8 -------- app/models/node.rb | 4 ++-- app/models/page.rb | 5 ++++- app/models/permission.rb | 10 ++++++++++ config/environment.rb | 1 - db/migrate/20090211220524_create_permissions.rb | 15 ++++++++++++++ lib/auditing.rb | 26 ------------------------- test/fixtures/permissions.yml | 7 +++++++ test/unit/permission_test.rb | 8 ++++++++ 11 files changed, 46 insertions(+), 40 deletions(-) delete mode 100644 app/models/auditing_observer.rb create mode 100644 app/models/permission.rb create mode 100644 db/migrate/20090211220524_create_permissions.rb delete mode 100644 lib/auditing.rb create mode 100644 test/fixtures/permissions.yml create mode 100644 test/unit/permission_test.rb diff --git a/app/controllers/nodes_controller.rb b/app/controllers/nodes_controller.rb index 4c48bb5..cc1ad5c 100644 --- a/app/controllers/nodes_controller.rb +++ b/app/controllers/nodes_controller.rb @@ -1,5 +1,4 @@ class NodesController < ApplicationController - include Auditing layout 'admin' diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index 363d1e1..efd3913 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -1,5 +1,4 @@ class PagesController < ApplicationController - include Auditing # GET /pages # GET /pages.xml diff --git a/app/models/auditing_observer.rb b/app/models/auditing_observer.rb deleted file mode 100644 index acce18c..0000000 --- a/app/models/auditing_observer.rb +++ /dev/null @@ -1,8 +0,0 @@ -class AuditingObserver < Auditing::Observer - observe :node, :page - - # TODO: Insert super secure auditing here - def before_save(record) - RAILS_DEFAULT_LOGGER.debug ">>>>>>>>>>>>> #{controller.inspect}" - end -end diff --git a/app/models/node.rb b/app/models/node.rb index 05da907..819acac 100644 --- a/app/models/node.rb +++ b/app/models/node.rb @@ -1,11 +1,11 @@ class Node < ActiveRecord::Base acts_as_nested_set + # Associations has_many :pages, :order => "revision ASC" belongs_to :head, :class_name => "Page", :foreign_key => :head_id - + # Callbacks - after_create :initialize_empty_page # Class methods diff --git a/app/models/page.rb b/app/models/page.rb index 5647ef9..aba974a 100644 --- a/app/models/page.rb +++ b/app/models/page.rb @@ -9,7 +9,10 @@ class Page < ActiveRecord::Base # Associations belongs_to :node belongs_to :user - + + # Security + attr_accessible :title, :abstract, :body + # Class Methods # This method is most likely called from the ContentHelper.render_collection diff --git a/app/models/permission.rb b/app/models/permission.rb new file mode 100644 index 0000000..1070b7a --- /dev/null +++ b/app/models/permission.rb @@ -0,0 +1,10 @@ +class Permission < ActiveRecord::Base + validates_presence_of :user_id, :node_id, :granted + + # Associations + belongs_to :user + belongs_to :node + + # Security + attr_protected :user_id, :node_id, :granted # Allow no mass assignments +end diff --git a/config/environment.rb b/config/environment.rb index 4577575..aad0815 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -30,7 +30,6 @@ Rails::Initializer.run do |config| # Activate observers that should always be running # config.active_record.observers = :cacher, :garbage_collector, :forum_observer - config.active_record.observers = :auditing_observer # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. # Run "rake -D time" for a list of tasks for finding time zone names. diff --git a/db/migrate/20090211220524_create_permissions.rb b/db/migrate/20090211220524_create_permissions.rb new file mode 100644 index 0000000..2e007a4 --- /dev/null +++ b/db/migrate/20090211220524_create_permissions.rb @@ -0,0 +1,15 @@ +class CreatePermissions < ActiveRecord::Migration + def self.up + create_table :permissions do |t| + t.boolean :granted + t.integer :node_id + t.integer :user_id + + t.timestamps + end + end + + def self.down + drop_table :permissions + end +end diff --git a/lib/auditing.rb b/lib/auditing.rb deleted file mode 100644 index 5379148..0000000 --- a/lib/auditing.rb +++ /dev/null @@ -1,26 +0,0 @@ - module Auditing - def self.included(base) - ActiveRecord::Base.observers.each do |observer| - observer = if observer.respond_to?(:to_sym) - observer.to_s.camelize.constantize.instance - elsif observer.respond_to?(:instance) - observer.instance - else - raise ArgumentError, "#{observer} is an invalid class name" - end - base.around_filter(observer) if observer.is_a?(Auditing::Observer) - end - end - - class Observer < ActiveRecord::Observer - attr_accessor :controller - - def before(controller) - self.controller = controller - end - - def after(controller) - self.controller = nil - end - end -end \ No newline at end of file diff --git a/test/fixtures/permissions.yml b/test/fixtures/permissions.yml new file mode 100644 index 0000000..5bf0293 --- /dev/null +++ b/test/fixtures/permissions.yml @@ -0,0 +1,7 @@ +# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html + +# one: +# column: value +# +# two: +# column: value diff --git a/test/unit/permission_test.rb b/test/unit/permission_test.rb new file mode 100644 index 0000000..08fcc0b --- /dev/null +++ b/test/unit/permission_test.rb @@ -0,0 +1,8 @@ +require 'test_helper' + +class PermissionTest < ActiveSupport::TestCase + # Replace this with your real tests. + test "the truth" do + assert true + end +end -- cgit v1.3