News
Lockdown: Lockdown: 0.6.0
This release DOES affect the Lockdown security engine. Run your tests locally before deploying version 0.6.0 to production.
This release was an architecture update to ease the inclusion of other frameworks such as Merb. This means a lot of behind-the-scenes changes were made. The interface to lockdown did not change.
To coincide with this release, lockdown-rails-app project has been created to house RSpec tests. If you would like to contribute to lockdown, please clone this project and add tests as needed. Here's the clone url:
git://github.com/stonean/lockdown-rails-app.git
The code architecture still isn't quite as clean as I'd like it to be, but this is a major step forward. If you have any suggestions and (even better) patches, please contribute.
I am still working through some JRuby implementation differences. If you are using Lockdown in JRuby and have had to make tweaks, please let me know. I would like the installation into multiple environments as painless as possible.
Next up, Merb integration! :)
Thanks!
-andy
Lockdown: Lockdown: Beta 0.6.0
I've been working on the next generation of Lockdown. The first step is 0.6.0 which is a code refactor for organizational purposes. I have added a new project on github called lockdown-rails-app which is my RSpec testbed for this gem.
For the next week or so I will be adding specs until I feel there is good coverage. After that time, I will release 0.6.0. I know there are some issues regarding the generators and creating a new app with 0.6.0, but there shouldn't be any issues upgrading existing applications.
To note: the refactor has introduced a new configuration option:# If deploying to a subdirectory, set that here. Defaults to nil # options[:subdirectory] = "blog" # *Notice: Do not add leading or trailing slashes # # e.g. http://localhost:3000/blog/usersIf you would like to give 0.6.0 a try and help flesh out any issues, just do the following:
git clone git@github.com:stonean/lockdown.git lockdown cd lockdown rake install_gem
The next step will be to move away from the current implementation of access_rights as an array of "controller/action" strings to a numerical implementation. I'm still working out the details, but I would like to work towards a bitwise function solution.
This is the first in a series of improvements geared toward a cleaner, more succinct and customizable code base. If you would like to help out with this goal, your contributions are more than welcome.
Classy Inheritance: Classy Inheritance: Release 0.6.2
Added back in validates_associated to give better error messages. Fixed typo.
Lockdown: Lockdown: Release 0.5.22
Updated to remove Dependencies deprecation warning:
DEPRECATION WARNING: Dependencies is deprecated! Use ActiveSupport::Dependencies instead.
Used ActiveSupport.const_defined?("Dependencies") to test.
Lockdown: Lockdown: Release 0.5.21
- Updated lockdown to abide by config.active_record.timestamped_migrations introduced in Rails 2.1.1
- Fixed: schlick fixed an issue with the user_groups edit.html.erb. thanks Michael!
There were no changes to the Lockdown security engine
Lockdown: Lockdown: Release 0.5.20
This release addressed issues with the authorized? method used in the security engine. The ActionController::Routing::Routes.recognize_path(path) would return unexpected values.
For example:
ActionController::Routing::Routes.recognize_path("/users/1/edit") =>
{:action=>"1", :controller=>"users", :id=>"edit"}
Notice the :action and :id swap.
Also added a new option :session_timeout_method. When the session times out, Lockdown will call this method.
This release DOES affect the Lockdown security engine
Lockdown: Lockdown: Release 0.5.19
This release will hopefully cure some of the issues with people having odd issues. I have a feeling it's from defining a user group in init.rb and then changing the permissions associated to the user group.
Before this release, Lockdown did not add or remove permissions to user groups, the system would just initialize the user group if not found. Now Lockdown will keep the user group in sync with the init.rb.
The initial user group management screens allowed you to modify user groups defined in init.rb. Since I changed that rule a while back, I could now add in this logic.
I should have added this a while ago...apologies.
This release DOES affect the Lockdown security engine
Lockdown: Lockdown: Release 0.5.18
Please refer to the Lockdown generator wiki page for detailed information.
There were no changes to the Lockdown security engine
Lockdown: Lockdown: Release 0.5.17
Update to classy inheritance 0.6.1
There were no changes to the Lockdown security engine
Classy Inheritance: Classy Inheritance: Release 0.6.1
This was causing errors as the method signatures didn't match.
Also available in: Atom