Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added abstract_auth. setup to gather auth data from test/dummy app. n…

…ow checking for user authorization in engine controllers/views
  • Loading branch information...
commit 787b76347288a15c459777f526bdd2eb6665cc15 1 parent 62a5b1f
Collin Schaafsma & Ryan Cook authored
View
5 Gemfile.lock
@@ -2,6 +2,7 @@ PATH
remote: .
specs:
regulate (0.0.1)
+ abstract_auth (~> 0.1.0)
grit (~> 2.3.0)
rails (~> 3.0.0)
@@ -9,6 +10,8 @@ GEM
remote: http://rubygems.org/
specs:
abstract (1.0.0)
+ abstract_auth (0.1.0)
+ module_ext (~> 0.1.0)
actionmailer (3.0.3)
actionpack (= 3.0.3)
mail (~> 2.2.9)
@@ -67,6 +70,7 @@ GEM
mime-types (~> 1.16)
treetop (~> 1.4.8)
mime-types (1.16)
+ module_ext (0.1.0)
nokogiri (1.4.4)
polyglot (0.3.1)
rack (1.2.1)
@@ -107,6 +111,7 @@ PLATFORMS
ruby
DEPENDENCIES
+ abstract_auth (~> 0.1.0)
bluecloth (~> 2.0.9)
bundler (~> 1.0.0)
capybara (~> 0.4.0)
View
9 app/controllers/regulate/admin/pages_controller.rb
@@ -5,6 +5,8 @@ module Admin
# Standard CRUD Controller
class PagesController < ActionController::Base
+ # Check that a user is authenticated
+ before_filter :is_authorized?
# Load in our page object based on the ID
before_filter :load_page, :only => [:edit,:update,:destroy]
@@ -23,6 +25,7 @@ def edit; end
# PUT method to persist changes to a Page object
def update
+ params[:page].delete(:view) if !@authorized_user.is_admin?
if @page.update_attributes(params[:page])
flash[:notice] = "Successfully updated #{params[:page][:title]}"
redirect_to regulate_admin_regulate_pages_path
@@ -56,6 +59,12 @@ def show
private
+ def is_authorized?
+ @authorized_user = AbstractAuth.invoke :authorized_user
+ @is_admin = AbstractAuth.invoke :is_admin
+ @is_editor = AbstractAuth.invoke :is_editor
+ end
+
# Grab a page resource based on the ID passed to the URI
def load_page
@page = Regulate::Page.find(params[:id])
View
15 app/views/regulate/admin/pages/_form.html.erb
@@ -20,10 +20,17 @@ textarea {height:250px;}
Title: <%= @page.title %>
</div>
<% end %>
- <div class="form_row">
- <%= f.label :view %>
- <%= f.text_area :view %>
- </div>
+ <% if @authorized_user.is_admin? %>
+ <div class="form_row">
+ <%= f.label :view %>
+ <%= f.text_area :view %>
+ </div>
+ <% else %>
+ <div class="form_row">
+ View:<br /> <%= @page.view %>
+ <%= f.hidden_field :view %>
+ </div>
+ <% end %>
<div id="edit_regions"></div>
<div class="form_row">
<%= f.submit "Save" %>
View
2  app/views/regulate/admin/pages/index.html.erb
@@ -1,4 +1,6 @@
<h2>Pages</h2>
+<h3>Welcome <%= "#{@authorized_user.first_name} #{@authorized_user.last_name}" %></h3>
+<div>You have a role of <%= @authorized_user.role %></div>
<%= link_to "New Page", new_regulate_admin_regulate_page_path %>
<ul>
<% @pages.each do |page| %>
View
6 lib/regulate.rb
@@ -1,5 +1,6 @@
# Requires
require 'active_support/dependencies'
+require 'abstract_auth'
# Our top level module to contain all of our engine gem functionality
module Regulate
@@ -7,6 +8,11 @@ module Regulate
# Autoloads
autoload :Git , 'regulate/git'
+ # Setup our AbstractAuth requirements
+ AbstractAuth.setup do |config|
+ config.requires :authorized_user , :is_admin , :is_editor
+ end
+
# Our host application root path
# We set this when the engine is initialized
mattr_accessor :app_root
View
1  regulate.gemspec
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
s.add_dependency "rails", "~> 3.0.0"
s.add_dependency "grit", "~> 2.3.0"
+ s.add_dependency "abstract_auth", "~> 0.1.0"
s.add_development_dependency "bluecloth", "~> 2.0.9"
s.add_development_dependency "bundler", "~> 1.0.0"
s.add_development_dependency "capybara", "~> 0.4.0"
View
6 test/dummy/app/controllers/application_controller.rb
@@ -1,3 +1,9 @@
class ApplicationController < ActionController::Base
+
protect_from_forgery
+
+ def self.current_user
+ return User.new
+ end
+
end
View
20 test/dummy/app/models/user.rb
@@ -0,0 +1,20 @@
+class User
+
+ attr_accessor :role , :first_name , :last_name , :email
+
+ def initialize
+ @role = "editor"
+ @first_name = "Sir Lucius"
+ @last_name = "Leftfoot"
+ @email = "sir_lucius@quickleft.com"
+ end
+
+ def is_admin?
+ @role == "admin"
+ end
+
+ def is_editor?
+ @role == "editor"
+ end
+
+end
View
14 test/dummy/config/initializers/regulate.rb
@@ -0,0 +1,14 @@
+# Regulate stuff
+
+# AbstractAuth Implementations
+AbstractAuth.implement :authorized_user do
+ ::ApplicationController.send('current_user')
+end
+
+AbstractAuth.implement :is_admin do
+ ::ApplicationController.send('current_user').is_admin?
+end
+
+AbstractAuth.implement :is_editor do
+ ::ApplicationController.send('current_user').is_editor?
+end
Please sign in to comment.
Something went wrong with that request. Please try again.