[Bps-public-commit] App-Changeloggr branch, master, updated. c1068215808607b103a065c174f55cc41a542b97

[sartak at bestpractical.com]

The branch, master has been updated
       via  c1068215808607b103a065c174f55cc41a542b97 (commit)
      from  069134859507784c15d1956371324582f79e7d8d (commit)

Summary of changes:
 lib/App/Changeloggr/Dispatcher.pm      |    2 +-
 lib/App/Changeloggr/Model/Changelog.pm |    4 ++++
 2 files changed, 5 insertions(+), 1 deletions(-)

- Log -----------------------------------------------------------------
commit c1068215808607b103a065c174f55cc41a542b97
Author: Shawn M Moore <sartak at gmail.com>
Date:   Thu Feb 26 22:15:55 2009 -0500

    Make admin_token an unreadable attribute

diff --git a/lib/App/Changeloggr/Dispatcher.pm b/lib/App/Changeloggr/Dispatcher.pm
index 1480ac3..7c56056 100644
--- a/lib/App/Changeloggr/Dispatcher.pm
+++ b/lib/App/Changeloggr/Dispatcher.pm
@@ -10,7 +10,7 @@ before '*' => run {
 
 on '/created-changelog' => run {
     my $id = Jifty->web->response->result('create-changelog')->content('id');
-    redirect '/changelog/admin/' . Changelog($id)->admin_token;
+    redirect '/changelog/admin/' . Changelog($id)->as_superuser->admin_token;
 };
 
 on '/changelog/*' => run {
diff --git a/lib/App/Changeloggr/Model/Changelog.pm b/lib/App/Changeloggr/Model/Changelog.pm
index a0b5a29..a71bc79 100644
--- a/lib/App/Changeloggr/Model/Changelog.pm
+++ b/lib/App/Changeloggr/Model/Changelog.pm
@@ -28,9 +28,13 @@ sub _generate_admin_token {
 sub current_user_can {
     my $self  = shift;
     my $right = shift;
+    my %args  = @_;
 
     return 1 if $self->current_user->is_superuser;
 
+    # admin tokens are private
+    return 0 if $right eq 'read' && $args{column} eq 'admin_token';
+
     # anyone can create and read changelogs
     return 1 if $right eq 'create' || $right eq 'read';
 

-----------------------------------------------------------------------