Jeff Barczewski
2006-Aug-11 15:22 UTC
[Masterview-users] Update on progress - MasterView AdminPages permanent fix for Rails 1.1.6
Well I was looking into the issue last night and this morning, but this Rails 1.1.5-6 security fix has really restricted quite a few things. So many of the simple fixes I tried just don''t work. I think we are going to have to rework how admin pages are loaded to work with in these new restrictions and that is going to be a bit of refactoring. One goal is to not copy much code into the local RAILSAPP/app directory so that things can be upgraded easily simply by updating gem, however it seems that these new security restrictions prevent even something like class MasterViewController < MasterView::AdminPages::AdminPageController where the AdminPageController is not in the local RAILSAPP/app directory. So it is back to the drawing board about how to make this simple, easy, and configurable without simply copying code all over the place. Unfortunately I have to take my daughter on a Girl Scout trip this weekend leaving shortly, so I won''t be able to release a better fix until after I return (Sunday). I''m not sure if Deb will have time to work on it either since this was an unexpected situation. However I will stay on this until I get it resolved, hopefully Monday. The good thing (if there is one) is that the only feature broken with MasterView from this rails upgrade (AFAIK) is ''admin pages'', which isn''t normally needed for production and there are equivalent functionality available via command line with rake mv commands. And of course one can extract the tgz file I made available yesterday evening (I updated it slightly this morning to fix another issue, same location), however as mentioned before installing the tgz file circumvents the config.enable_admin_pages configuration so in production you will want to rename/remove the masterview_controller.rb if you go with this approach. It is a brute force temporary fix, that doesn''t keep things as DRY as we''d like, but if you need to use it, then it is there. One would just have to clean up those files when the permanent fix is available to take advantage of new functionality. I apologize for any inconvenience this has caused anyone, we will release a permanent fix as soon as possible. Thanks for your continued patience and support, Jeff