alberich 0.2.0

data/test/dummy/db/migrate/20130226151256_create_child_resources.rb

@@ -0,0 +1,12 @@
+class CreateChildResources < ActiveRecord::Migration
+  def change
+    create_table :child_resources do |t|
+      t.string :name
+      t.string :description
+      t.references :parent_resource
+
+      t.timestamps
+    end
+    add_index :child_resources, :parent_resource_id
+  end
+end

data/test/dummy/db/migrate/20130226151256_create_child_resources.rb~

@@ -0,0 +1,12 @@
+class CreateChildResources < ActiveRecord::Migration
+  def change
+    create_table :child_resources do |t|
+      t.string :name
+      t.string :description
+      t.references :ParentResource
+
+      t.timestamps
+    end
+    add_index :child_resources, :ParentResource_id
+  end
+end

data/test/dummy/db/schema.rb

@@ -0,0 +1,151 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20130226151256) do
+
+  create_table "alberich_base_permission_objects", :force => true do |t|
+    t.string   "name",       :null => false
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  create_table "alberich_derived_permissions", :force => true do |t|
+    t.integer  "permission_id",                         :null => false
+    t.integer  "role_id",                               :null => false
+    t.integer  "entity_id",                             :null => false
+    t.integer  "permission_object_id"
+    t.string   "permission_object_type"
+    t.integer  "lock_version",           :default => 0
+    t.datetime "created_at",                            :null => false
+    t.datetime "updated_at",                            :null => false
+  end
+
+  add_index "alberich_derived_permissions", ["permission_id"], :name => "index_alberich_derived_permissions_on_permission_id"
+  add_index "alberich_derived_permissions", ["permission_object_id", "permission_object_type"], :name => "index_alberich_derived_permissions_on_perm_obj"
+
+  create_table "alberich_entities", :force => true do |t|
+    t.string   "name"
+    t.integer  "entity_target_id",                  :null => false
+    t.string   "entity_target_type",                :null => false
+    t.integer  "lock_version",       :default => 0
+    t.datetime "created_at",                        :null => false
+    t.datetime "updated_at",                        :null => false
+  end
+
+  create_table "alberich_permission_sessions", :force => true do |t|
+    t.integer  "user_id",                     :null => false
+    t.string   "session_id",                  :null => false
+    t.integer  "lock_version", :default => 0
+    t.datetime "created_at",                  :null => false
+    t.datetime "updated_at",                  :null => false
+  end
+
+  create_table "alberich_permissions", :force => true do |t|
+    t.integer  "role_id",                               :null => false
+    t.integer  "entity_id",                             :null => false
+    t.integer  "permission_object_id"
+    t.string   "permission_object_type"
+    t.integer  "lock_version",           :default => 0
+    t.datetime "created_at",                            :null => false
+    t.datetime "updated_at",                            :null => false
+  end
+
+  create_table "alberich_privileges", :force => true do |t|
+    t.integer  "role_id",                     :null => false
+    t.string   "target_type",                 :null => false
+    t.string   "action",                      :null => false
+    t.integer  "lock_version", :default => 0
+    t.datetime "created_at",                  :null => false
+    t.datetime "updated_at",                  :null => false
+  end
+
+  create_table "alberich_roles", :force => true do |t|
+    t.string   "name",                               :null => false
+    t.string   "scope",                              :null => false
+    t.integer  "lock_version",    :default => 0
+    t.boolean  "assign_to_owner", :default => false
+    t.datetime "created_at",                         :null => false
+    t.datetime "updated_at",                         :null => false
+  end
+
+  create_table "alberich_session_entities", :force => true do |t|
+    t.integer  "user_id",                              :null => false
+    t.integer  "entity_id",                            :null => false
+    t.integer  "permission_session_id",                :null => false
+    t.integer  "lock_version",          :default => 0
+    t.datetime "created_at",                           :null => false
+    t.datetime "updated_at",                           :null => false
+  end
+
+  create_table "child_resources", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.integer  "parent_resource_id"
+    t.datetime "created_at",         :null => false
+    t.datetime "updated_at",         :null => false
+  end
+
+  add_index "child_resources", ["parent_resource_id"], :name => "index_child_resources_on_parent_resource_id"
+
+  create_table "global_resources", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+  end
+
+  create_table "members_user_groups", :id => false, :force => true do |t|
+    t.integer "user_group_id", :null => false
+    t.integer "member_id",     :null => false
+  end
+
+  create_table "parent_resources", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+  end
+
+  create_table "standalone_resources", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+  end
+
+  create_table "user_groups", :force => true do |t|
+    t.string   "name",                        :null => false
+    t.string   "description"
+    t.integer  "lock_version", :default => 0
+    t.datetime "created_at",                  :null => false
+    t.datetime "updated_at",                  :null => false
+  end
+
+  create_table "users", :force => true do |t|
+    t.string   "username",                          :null => false
+    t.string   "email"
+    t.string   "crypted_password"
+    t.string   "first_name"
+    t.string   "last_name"
+    t.integer  "login_count",        :default => 0, :null => false
+    t.integer  "failed_login_count", :default => 0, :null => false
+    t.datetime "last_request_at"
+    t.datetime "current_login_at"
+    t.datetime "last_login_at"
+    t.string   "current_login_ip"
+    t.string   "last_login_ip"
+    t.datetime "created_at",                        :null => false
+    t.datetime "updated_at",                        :null => false
+  end
+
+end

data/test/dummy/db/seeds.rb

@@ -0,0 +1,65 @@
+# created admin user admin/password
+user = User.find_by_username("admin")
+unless user
+  user = User.new(:username => "admin", :email => "admin@example.com",
+                  :password => "password",
+                  :password_confirmation => "password",
+                  :first_name => "Admin",
+                  :last_name  => "User")
+  user.save!
+end
+
+# Create default roles
+VIEW = "view"
+USE  = "use"
+MOD  = "modify"
+CRE  = "create"
+VPRM = "view_perms"
+GPRM = "set_perms"
+roles =
+  {
+    StandaloneResource =>
+      {"StandaloneResource User" => [false, {StandaloneResource => [VIEW,USE]}],
+       "StandaloneResource Owner"=> [true,  {StandaloneResource => [VIEW,USE,MOD,    VPRM,GPRM]}]},
+   ChildResource =>
+      {"ChildResource User" => [false, {ChildResource => [VIEW,USE]}],
+       "ChildResource Owner"=> [true,  {ChildResource => [VIEW,USE,MOD,    VPRM,GPRM]}]},
+   ParentResource =>
+      {"ParentResource User" => [false, {ParentResource => [VIEW,USE],
+                                         ChildResource  => [             CRE]}],
+       "ParentResource Owner"=> [true,  {ParentResource => [VIEW,USE,MOD,    VPRM,GPRM],
+                                         ChildResource  => [VIEW,USE,MOD,CRE,VPRM,GPRM]}]},
+   Alberich::BasePermissionObject =>
+    {"Site Admin" => [false, {User         => [VIEW,    MOD,CRE,VPRM,GPRM],
+                              GlobalResource => [VIEW,    MOD,CRE,VPRM,GPRM],
+                              StandaloneResource => [VIEW,USE,MOD,CRE,VPRM,GPRM],
+                              ParentResource     => [VIEW,USE,MOD,CRE,VPRM,GPRM],
+                              ChildResource      => [VIEW,USE,MOD,CRE,VPRM,GPRM],
+        Alberich::BasePermissionObject    => [VIEW,USE,MOD,CRE,VPRM,GPRM]}]}}
+Alberich::Role.transaction do
+  roles.each do |role_scope, scoped_hash|
+    scoped_hash.each do |role_name, role_def|
+      role = Alberich::Role.find_or_initialize_by_name(role_name)
+      role.update_attributes({:name => role_name, :scope => role_scope.name,
+                               :assign_to_owner => role_def[0]})
+      role.save!
+      role_def[1].each do |priv_type, priv_actions|
+        priv_actions.each do |action|
+          Alberich::Privilege.create!(:role => role,
+                                      :target_type => priv_type.name,
+                                      :action => action)
+        end
+      end
+    end
+  end
+end
+
+#Assign global admin privileges to admin user
+if Alberich::Permission.count == 0
+  Alberich::Permission.create(:entity => Alberich::Entity.for_target(user),
+                              :role =>
+                                Alberich::Role.find_by_name("Site Admin"),
+                              :permission_object =>
+                                Alberich::BasePermissionObject.
+                                general_permission_scope)
+end

data/test/dummy/lib/password.rb

@@ -0,0 +1,58 @@
+require 'digest/sha2'
+
+# This module contains functions for hashing and storing passwords with
+# SHA512 with 64 characters long random salt.
+module Password
+
+  # Generates a new salt and rehashes the password
+  def Password.update(password)
+    salt = self.salt
+    hash = self.hash(password, salt)
+    self.store(hash, salt)
+  end
+
+  # Checks the password against the stored password
+  def Password.check(password, store)
+    hash = self.get_hash(store)
+    salt = self.get_salt(store)
+    if self.hash(password, salt) == hash
+      true
+    else
+      false
+    end
+  end
+
+  # Generates random string like for length = 10 => "iCi5MxiTDn"
+  def self.generate_random_string(length)
+    length.to_i.times.collect { (i = Kernel.rand(62); i += ((i < 10) ? 48 : ((i < 36) ? 55 : 61 ))).chr }.join
+  end
+
+  protected
+
+  # Generates a psuedo-random 64 character string
+  def Password.salt
+    self.generate_random_string(64)
+  end
+
+  # Generates a 128 character hash
+  def Password.hash(password, salt)
+    digest = "#{password}:#{salt}"
+    500.times { digest = Digest::SHA512.hexdigest(digest) }
+    digest
+  end
+
+  # Mixes the hash and salt together for storage
+  def Password.store(hash, salt)
+    hash + salt
+  end
+
+  # Gets the hash from a stored password
+  def Password.get_hash(store)
+    store[0..127]
+  end
+
+  # Gets the salt from a stored password
+  def Password.get_salt(store)
+    store[128..191]
+  end
+end

data/test/dummy/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>

data/test/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/test/dummy/test/fixtures/child_resources.yml

@@ -0,0 +1,11 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  name: MyString
+  description: MyString
+  ParentResource: 
+
+two:
+  name: MyString
+  description: MyString
+  ParentResource: 

data/test/dummy/test/fixtures/global_resources.yml

@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  name: MyString
+  description: MyString
+
+two:
+  name: MyString
+  description: MyString

data/test/dummy/test/fixtures/parent_resources.yml

@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  name: MyString
+  description: MyString
+
+two:
+  name: MyString
+  description: MyString

data/test/dummy/test/fixtures/standalone_resources.yml

@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  name: MyString
+  description: MyString
+
+two:
+  name: MyString
+  description: MyString

data/test/dummy/test/fixtures/user_groups.yml

@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  name: MyString
+  description: MyString
+
+two:
+  name: MyString
+  description: MyString