Jeff Barczewski
2006-Aug-14 17:48 UTC
[Masterview-users] Update on progress 8/14/06 - MasterView AdminPages permanent fix for Rails 1.1.6
I have come up with a solution. We can''t subclass a controller but we can mixin the functionality so that will allow us to have a very small shell controller class that mixes in the real code and thus will make it easy to upgrade. I just need to create the code that copies this controller shell into the local rails app and we''ll be done. I should be able to wrap this up in the next few days. Jeff On 8/11/06, Jeff Barczewski <jeff.barczewski at gmail.com> wrote:> Well I was looking into the issue last night and this morning, but > this Rails 1.1.5-6 security fix has really restricted quite a few > things. So many of the simple fixes I tried just don''t work. I think > we are going to have to rework how admin pages are loaded to work with > in these new restrictions and that is going to be a bit of > refactoring. > > One goal is to not copy much code into the local RAILSAPP/app > directory so that things can be upgraded easily simply by updating > gem, however it seems that these new security restrictions prevent > even something like > > class MasterViewController < MasterView::AdminPages::AdminPageController > > where the AdminPageController is not in the local RAILSAPP/app directory. > > So it is back to the drawing board about how to make this simple, > easy, and configurable without simply copying code all over the place. > > Unfortunately I have to take my daughter on a Girl Scout trip this > weekend leaving shortly, so I won''t be able to release a better fix > until after I return (Sunday). I''m not sure if Deb will have time to > work on it either since this was an unexpected situation. However I > will stay on this until I get it resolved, hopefully Monday. > > The good thing (if there is one) is that the only feature broken with > MasterView from this rails upgrade (AFAIK) is ''admin pages'', which > isn''t normally needed for production and there are equivalent > functionality available via command line with rake mv commands. > > And of course one can extract the tgz file I made available yesterday > evening (I updated it slightly this morning to fix another issue, same > location), however as mentioned before installing the tgz file > circumvents the config.enable_admin_pages configuration so in > production you will want to rename/remove the masterview_controller.rb > if you go with this approach. It is a brute force temporary fix, that > doesn''t keep things as DRY as we''d like, but if you need to use it, > then it is there. One would just have to clean up those files when the > permanent fix is available to take advantage of new functionality. > > I apologize for any inconvenience this has caused anyone, we will > release a permanent fix as soon as possible. > > Thanks for your continued patience and support, > > Jeff >