Browse files

Fixed the 'made some methods public' kludge

  • Loading branch information...
1 parent 5a4e2b6 commit 875781d5b4ee55120753d3a04044d8039486899e Philip (flip) Kromer committed May 20, 2008
Showing with 5 additions and 10 deletions.
  1. +3 −10 CHANGELOG
  2. +2 −0 README
@@ -52,16 +52,9 @@ h3. authenticated_system
* added uniform logout! methods
* format.any (as found in access_denied) doesn't work until lands.
-* cookies are now refreshed each time we cross the logged out/in barrier
-* !!!! Possibly stupid !!!
- Made current_user and logged_in? be public methods. I did this for the worst
- possible reason -- so that I could write story steps that call it directly.
- However, they're already globally public methods in principle through their
- exposure as helper methods. But if there's a less kludgy fix please educate
- me.
+* cookies are now refreshed each time we cross the logged out/in barrier, as
+ "best":
+ "practice":
h3. Other
@@ -52,12 +52,14 @@ authentication code. The flexible code for resource testing in stories was
extended from "Ben Mabey's.":
h3. Modularize to match security design patterns:
* Authentication (currently: password, browser cookie token, HTTP basic)
* Trust metric (email validation)
* Authorization (stateful roles)
* Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins
h3. Other
* Added a few helper methods for linking to user pages
* Uniform handling of logout, remember_token
* Stricter email, login field validation

0 comments on commit 875781d

Please sign in to comment.