From f10e79a554bd0666de6390c4bc34b52c8ecd936d Mon Sep 17 00:00:00 2001 From: simon Date: Thu, 12 Feb 2009 00:02:39 +0100 Subject: * removed the auditing observer, we'll do it the old fashioned way * added permission model * locked down attributes on page model --- app/controllers/nodes_controller.rb | 1 - app/controllers/pages_controller.rb | 1 - app/models/auditing_observer.rb | 8 -------- app/models/node.rb | 4 ++-- app/models/page.rb | 5 ++++- app/models/permission.rb | 10 ++++++++++ 6 files changed, 16 insertions(+), 13 deletions(-) delete mode 100644 app/models/auditing_observer.rb create mode 100644 app/models/permission.rb (limited to 'app') diff --git a/app/controllers/nodes_controller.rb b/app/controllers/nodes_controller.rb index 4c48bb5..cc1ad5c 100644 --- a/app/controllers/nodes_controller.rb +++ b/app/controllers/nodes_controller.rb @@ -1,5 +1,4 @@ class NodesController < ApplicationController - include Auditing layout 'admin' diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index 363d1e1..efd3913 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -1,5 +1,4 @@ class PagesController < ApplicationController - include Auditing # GET /pages # GET /pages.xml diff --git a/app/models/auditing_observer.rb b/app/models/auditing_observer.rb deleted file mode 100644 index acce18c..0000000 --- a/app/models/auditing_observer.rb +++ /dev/null @@ -1,8 +0,0 @@ -class AuditingObserver < Auditing::Observer - observe :node, :page - - # TODO: Insert super secure auditing here - def before_save(record) - RAILS_DEFAULT_LOGGER.debug ">>>>>>>>>>>>> #{controller.inspect}" - end -end diff --git a/app/models/node.rb b/app/models/node.rb index 05da907..819acac 100644 --- a/app/models/node.rb +++ b/app/models/node.rb @@ -1,11 +1,11 @@ class Node < ActiveRecord::Base acts_as_nested_set + # Associations has_many :pages, :order => "revision ASC" belongs_to :head, :class_name => "Page", :foreign_key => :head_id - + # Callbacks - after_create :initialize_empty_page # Class methods diff --git a/app/models/page.rb b/app/models/page.rb index 5647ef9..aba974a 100644 --- a/app/models/page.rb +++ b/app/models/page.rb @@ -9,7 +9,10 @@ class Page < ActiveRecord::Base # Associations belongs_to :node belongs_to :user - + + # Security + attr_accessible :title, :abstract, :body + # Class Methods # This method is most likely called from the ContentHelper.render_collection diff --git a/app/models/permission.rb b/app/models/permission.rb new file mode 100644 index 0000000..1070b7a --- /dev/null +++ b/app/models/permission.rb @@ -0,0 +1,10 @@ +class Permission < ActiveRecord::Base + validates_presence_of :user_id, :node_id, :granted + + # Associations + belongs_to :user + belongs_to :node + + # Security + attr_protected :user_id, :node_id, :granted # Allow no mass assignments +end -- cgit v1.3