@@ -6,7 +6,7 @@ module Goldberg class ContentPage < ActiveRecord::Base include Goldberg::Model - belongs_to :permission + belongs_to :permission, :class_name => 'Goldberg::Permission' validates_presence_of :name, :title, :permission_id validates_uniqueness_of :name attr_accessor :content_html app/models/goldberg/content_page.rb @@ -2,8 +2,8 @@ module Goldberg class ControllerAction < ActiveRecord::Base include Goldberg::Model - belongs_to :site_controller - belongs_to :permission + belongs_to :site_controller, :class_name => 'Goldberg::SiteController' + belongs_to :permission, :class_name => 'Goldberg::Permission' validates_presence_of :name, :site_controller_id validates_uniqueness_of :name, :scope => 'site_controller_id' app/models/goldberg/controller_action.rb @@ -2,9 +2,9 @@ module Goldberg class Permission < ActiveRecord::Base include Goldberg::Model - has_many :content_pages - has_many :site_controllers - has_many :controller_actions + has_many :content_pages, :class_name => 'Goldberg::ContentPage' + has_many :site_controllers, :class_name => 'Goldberg::SiteController' + has_many :controller_actions, :class_name => 'Goldberg::ControllerAction' validates_presence_of :name validates_uniqueness_of :name app/models/goldberg/permission.rb @@ -5,7 +5,7 @@ module Goldberg class Role < ActiveRecord::Base include Goldberg::Model - has_many :users + has_many :users, :class_name => 'Goldberg::User' validates_presence_of :name validates_uniqueness_of :name app/models/goldberg/role.rb @@ -2,8 +2,9 @@ module Goldberg class SiteController < ActiveRecord::Base include Goldberg::Model - belongs_to :permission - has_many :controller_actions, :order => 'name', :dependent => :destroy + belongs_to :permission, :class_name => 'Goldberg::Permission' + has_many :controller_actions, :class_name => 'Goldberg::ControllerAction', :order => 'name', + :dependent => :destroy validates_presence_of :name, :permission_id validates_uniqueness_of :name app/models/goldberg/site_controller.rb @@ -4,7 +4,7 @@ module Goldberg class User < ActiveRecord::Base include Goldberg::Model - belongs_to :role + belongs_to :role, :class_name => 'Goldberg::Role' validates_presence_of :name, :role_id, :password validates_uniqueness_of :name app/models/goldberg/user.rb @@ -1,3 +1,5 @@ +require 'rails_generator' + # Set load paths to include the plugin /app directory controller_path = "#{File.dirname(__FILE__)}/app/controllers" model_path = "#{File.dirname(__FILE__)}/app/models" init.rb @@ -2,9 +2,8 @@ module Goldberg module Controller def self.included(base) base.class_eval do - base.view_paths = - ["#{RAILS_ROOT}/vendor/plugins/goldberg/app/views"] - base.layout "../../../../../app/views/layouts/application" + base.append_view_path(["#{RAILS_ROOT}/vendor/plugins/goldberg/app/views"]) + base.layout "application" end end end lib/goldberg/controller.rb @@ -14,14 +14,14 @@ module Goldberg module SchemaStatements def self.included(base) #:nodoc: base.class_eval do - alias_method_chain :initialize_schema_information, :plugins + alias_method_chain :initialize_schema_migrations_table, :plugins alias_method_chain :dump_schema_information, :plugins end end # Creates the plugin schema info table - def initialize_schema_information_with_plugins - initialize_schema_information_without_plugins + def initialize_schema_migrations_table_with_plugins + initialize_schema_migrations_table_without_plugins begin execute <<-EOS lib/goldberg/migrator.rb @@ -26,6 +26,40 @@ namespace :goldberg do task :upgrade => :migrate do end + desc "Apply a site theme" + task :theme, :theme_name, :needs => :environment do |t, args| + source_dir = File.join(File.dirname(__FILE__), '..', 'themes') + theme = args.theme_name || 'goldberg' + theme_dir = File.join(source_dir, theme) + if File.directory?(theme_dir) + manifest = Rails::Generator::Manifest.new do |m| + # Public assets: images, javascripts and stylesheets, including both the + # common files and files specific to the specified theme. + ['images', 'javascripts', 'stylesheets'].each do |asset| + dest_dir = File.join('public/goldberg', asset) + m.directory dest_dir + ['common', theme].each do |src| + Dir["#{source_dir}/#{src}/public/#{asset}/*"].each do |file_path| + file = File.basename(file_path) + m.file "#{src}/public/#{asset}/#{file}", "#{dest_dir}/#{file}" + end + end + end + # The default site template + m.file "#{theme}/app/views/layouts/application.html.erb", + "app/views/layouts/application.html.erb" + end + # Run the manifest created above through Rails::Generator + Rails::Generator::Base.spec = Rails::Generator::Spec.new('', '', nil) + base = Rails::Generator::Base.new([], :source => source_dir) + commands = Rails::Generator::Commands::Create.new(base) + manifest.replay(commands) + else # theme directory doesn't exist + raise ArgumentError.new, + "No such theme '#{theme}'" + end + end + desc "Flush cached data out of sessions and Roles" task :flush => :environment do puts "Deleting any Rails session files" tasks/goldberg_tasks.rake @@ -21,42 +21,8 @@ class SecurityTest < ActionController::IntegrationTest get '/goldberg/users/list' assert_response :success - - form_logout - - get '/goldberg/users/list' - assert_redirected_to_login end - # When a user with insufficient rights tries to access a page or - # action they don't get redirected to login: they get redirected to - # the "denied" page. - def test_insufficient_security - old_count = Goldberg::User.count - form_login('admin', 'admin') - post '/goldberg/users/create', :user => { - :name => 'fred', - :fullname => 'Fred Bloggs', - :role_id => '2', # "Member" - :clear_password => 'fred', - :confirm_password => 'fred', - } - # User was created OK - assert_equal (old_count + 1), Goldberg::User.count - - # Logout, then login as new user - form_logout - form_login('fred', 'fred') - assert_not_nil session[:goldberg][:user_id] - - # An administrator action: denied - get '/goldberg/users/list' - assert_redirected_to :permission_denied_page - # An administrator page: denied - get '/admin' - assert_redirected_to :permission_denied_page - end - # Public user can view public pages, but when they try accessing an # administrator page they are redirected to login. def test_page_security @@ -71,11 +37,6 @@ class SecurityTest < ActionController::IntegrationTest get '/admin' assert_response :success - - form_logout - - get '/admin' - assert_redirected_to_login end # If a public user tries to access a resource for which they lack test/integration/security_test.rb c9fb7d048f93de6df722c76f0a51b95b0a797d1e Dave Nelson urbanus@240gl.org http://github.com/urbanus/goldberg/commit/55f557b53c795d4b4768c474f1d1d5b78eda1558 55f557b53c795d4b4768c474f1d1d5b78eda1558 2008-07-09T03:41:16-07:00 2008-07-09T03:41:16-07:00 More Rails 2.1 compatibility changes. 836e137dcf13fe33188369fa81404a65c471ae52 Dave Nelson urbanus@240gl.org