alberich 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +18 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +37 -0
- data/Rakefile +34 -0
- data/alberich.gemspec +34 -0
- data/app/assets/javascripts/alberich/application.js +15 -0
- data/app/assets/javascripts/alberich/permissions.js +2 -0
- data/app/assets/javascripts/alberich/privileges.js +2 -0
- data/app/assets/javascripts/alberich/roles.js +2 -0
- data/app/assets/stylesheets/alberich/application.css +13 -0
- data/app/assets/stylesheets/alberich/permissions.css +4 -0
- data/app/assets/stylesheets/alberich/privileges.css +4 -0
- data/app/assets/stylesheets/alberich/roles.css +4 -0
- data/app/assets/stylesheets/scaffold.css +56 -0
- data/app/controllers/alberich/application_controller.rb +4 -0
- data/app/controllers/alberich/application_controller_helper.rb +118 -0
- data/app/controllers/alberich/permissions_controller.rb +211 -0
- data/app/controllers/alberich/privileges_controller.rb +105 -0
- data/app/controllers/alberich/roles_controller.rb +97 -0
- data/app/helpers/alberich/application_helper.rb +4 -0
- data/app/helpers/alberich/permissions_helper.rb +4 -0
- data/app/helpers/alberich/privileges_helper.rb +4 -0
- data/app/helpers/alberich/roles_helper.rb +4 -0
- data/app/models/alberich/base_permission_object.rb +42 -0
- data/app/models/alberich/derived_permission.rb +25 -0
- data/app/models/alberich/entity.rb +27 -0
- data/app/models/alberich/entity_target_observer.rb +16 -0
- data/app/models/alberich/permission.rb +59 -0
- data/app/models/alberich/permission_session.rb +33 -0
- data/app/models/alberich/permissioned_object.rb +139 -0
- data/app/models/alberich/privilege.rb +29 -0
- data/app/models/alberich/role.rb +37 -0
- data/app/models/alberich/session_entity.rb +15 -0
- data/app/views/alberich/permissions/_form.html.haml +27 -0
- data/app/views/alberich/permissions/_list.html.haml +1 -0
- data/app/views/alberich/permissions/_objects.html.haml +38 -0
- data/app/views/alberich/permissions/_permissions.html.haml +45 -0
- data/app/views/alberich/permissions/index.html.haml +2 -0
- data/app/views/alberich/permissions/new.html.haml +5 -0
- data/app/views/alberich/permissions/show.html.haml +12 -0
- data/app/views/alberich/privileges/_form.html.haml +19 -0
- data/app/views/alberich/privileges/_list.html.haml +17 -0
- data/app/views/alberich/privileges/create.html.haml +2 -0
- data/app/views/alberich/privileges/destroy.html.haml +2 -0
- data/app/views/alberich/privileges/edit.html.haml +5 -0
- data/app/views/alberich/privileges/index.html.haml +5 -0
- data/app/views/alberich/privileges/new.html.haml +5 -0
- data/app/views/alberich/privileges/show.html.haml +12 -0
- data/app/views/alberich/privileges/update.html.haml +2 -0
- data/app/views/alberich/roles/_form.html.haml +24 -0
- data/app/views/alberich/roles/edit.html.haml +7 -0
- data/app/views/alberich/roles/index.html.haml +23 -0
- data/app/views/alberich/roles/new.html.haml +5 -0
- data/app/views/alberich/roles/show.html.haml +16 -0
- data/app/views/layouts/alberich/application.html.erb +14 -0
- data/config/initializers/haml.rb +1 -0
- data/config/routes.rb +17 -0
- data/db/migrate/20120925162242_create_alberich_roles.rb +12 -0
- data/db/migrate/20121022223626_create_alberich_privileges.rb +12 -0
- data/db/migrate/20121023051301_create_alberich_base_permission_objects.rb +9 -0
- data/db/migrate/20121023233648_create_alberich_permission_sessions.rb +11 -0
- data/db/migrate/20121027023136_create_alberich_entities.rb +34 -0
- data/db/migrate/20121204205213_create_alberich_session_entities.rb +12 -0
- data/db/migrate/20121205180518_create_alberich_permissions.rb +13 -0
- data/db/migrate/20130107043252_create_alberich_derived_permissions.rb +18 -0
- data/lib/alberich.rb +10 -0
- data/lib/alberich/#version.rb# +3 -0
- data/lib/alberich/engine.rb +10 -0
- data/lib/alberich/version.rb +3 -0
- data/lib/generators/alberich/install_generator.rb +15 -0
- data/lib/generators/alberich/templates/README +6 -0
- data/lib/generators/alberich/templates/alberich.rb +11 -0
- data/lib/tasks/alberich_tasks.rake +4 -0
- data/spec/controllers/alberich/permissions_controller_spec.rb +112 -0
- data/spec/controllers/alberich/privileges_controller_spec.rb +131 -0
- data/spec/controllers/alberich/roles_controller_spec.rb +130 -0
- data/spec/factories/alberich/permission.rb +51 -0
- data/spec/factories/alberich/permission_session.rb +7 -0
- data/spec/factories/alberich/privilege.rb +6 -0
- data/spec/factories/alberich/role.rb +103 -0
- data/spec/factories/child_resource.rb +14 -0
- data/spec/factories/child_resource.rb~ +7 -0
- data/spec/factories/global_resource.rb +11 -0
- data/spec/factories/global_resource.rb~ +25 -0
- data/spec/factories/parent_resource.rb +12 -0
- data/spec/factories/parent_resource.rb~ +7 -0
- data/spec/factories/standalone_resource.rb +7 -0
- data/spec/factories/standalone_resource.rb~ +11 -0
- data/spec/factories/user.rb +30 -0
- data/spec/factories/user_group.rb +8 -0
- data/spec/models/alberich/derived_permission_spec.rb +34 -0
- data/spec/models/alberich/entity_spec.rb +15 -0
- data/spec/models/alberich/permission_spec.rb +133 -0
- data/spec/models/alberich/privilege_spec.rb +39 -0
- data/spec/models/alberich/role_spec.rb +33 -0
- data/spec/models/alberich/session_entity_spec.rb +24 -0
- data/spec/spec_helper.rb +81 -0
- data/spec/support/routes.rb +41 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/javascripts/application.js +15 -0
- data/test/dummy/app/assets/javascripts/child_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/global_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/parent_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/standalone_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/user_groups.js +2 -0
- data/test/dummy/app/assets/javascripts/users.js +2 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/assets/stylesheets/child_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/global_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/parent_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/scaffold.css +56 -0
- data/test/dummy/app/assets/stylesheets/standalone_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/user_groups.css +4 -0
- data/test/dummy/app/assets/stylesheets/users.css +4 -0
- data/test/dummy/app/controllers/application_controller.rb +73 -0
- data/test/dummy/app/controllers/child_resources_controller.rb +99 -0
- data/test/dummy/app/controllers/child_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/global_resources_controller.rb +95 -0
- data/test/dummy/app/controllers/global_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/user_groups_controller.rb +131 -0
- data/test/dummy/app/controllers/user_sessions_controller.rb +38 -0
- data/test/dummy/app/controllers/users_controller.rb +87 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/helpers/child_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/global_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/parent_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/standalone_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/user_groups_helper.rb +2 -0
- data/test/dummy/app/helpers/users_helper.rb +2 -0
- data/test/dummy/app/models/child_resource.rb +25 -0
- data/test/dummy/app/models/child_resource.rb~ +4 -0
- data/test/dummy/app/models/global_resource.rb +3 -0
- data/test/dummy/app/models/parent_resource.rb +32 -0
- data/test/dummy/app/models/parent_resource.rb~ +3 -0
- data/test/dummy/app/models/standalone_resource.rb +22 -0
- data/test/dummy/app/models/standalone_resource.rb~ +3 -0
- data/test/dummy/app/models/user.rb +80 -0
- data/test/dummy/app/models/user_group.rb +12 -0
- data/test/dummy/app/views/child_resources/_form.html.erb +30 -0
- data/test/dummy/app/views/child_resources/_form.html.erb~ +29 -0
- data/test/dummy/app/views/child_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/child_resources/index.html.erb +25 -0
- data/test/dummy/app/views/child_resources/index.html.erb~ +27 -0
- data/test/dummy/app/views/child_resources/new.html.erb +5 -0
- data/test/dummy/app/views/child_resources/show.html.erb +20 -0
- data/test/dummy/app/views/child_resources/show.html.erb~ +20 -0
- data/test/dummy/app/views/global_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/global_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/global_resources/index.html.erb +25 -0
- data/test/dummy/app/views/global_resources/new.html.erb +5 -0
- data/test/dummy/app/views/global_resources/show.html.erb +15 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/app/views/parent_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/parent_resources/index.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/index.html.erb~ +25 -0
- data/test/dummy/app/views/parent_resources/new.html.erb +5 -0
- data/test/dummy/app/views/parent_resources/show.html.erb +44 -0
- data/test/dummy/app/views/parent_resources/show.html.erb~ +15 -0
- data/test/dummy/app/views/standalone_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/standalone_resources/index.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/new.html.erb +5 -0
- data/test/dummy/app/views/standalone_resources/show.html.erb +15 -0
- data/test/dummy/app/views/user_groups/_form.html.haml +9 -0
- data/test/dummy/app/views/user_groups/add_members.html.haml +18 -0
- data/test/dummy/app/views/user_groups/edit.html.haml +13 -0
- data/test/dummy/app/views/user_groups/index.html.haml +20 -0
- data/test/dummy/app/views/user_groups/new.html.haml +11 -0
- data/test/dummy/app/views/user_groups/show.html.haml +42 -0
- data/test/dummy/app/views/user_sessions/new.html.haml +26 -0
- data/test/dummy/app/views/users/_form.html.haml +25 -0
- data/test/dummy/app/views/users/edit.html.haml +14 -0
- data/test/dummy/app/views/users/index.html.haml +26 -0
- data/test/dummy/app/views/users/new.html.haml +11 -0
- data/test/dummy/app/views/users/show.html.haml +56 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +59 -0
- data/test/dummy/config/boot.rb +10 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +67 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/alberich.rb +13 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +7 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/warden.rb +79 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +33 -0
- data/test/dummy/db/migrate/20120801010101_create_users.rb +20 -0
- data/test/dummy/db/migrate/20121121054319_create_user_groups.rb +16 -0
- data/test/dummy/db/migrate/20130220160811_create_global_resources.rb +10 -0
- data/test/dummy/db/migrate/20130220175258_create_standalone_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226145412_create_parent_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb +12 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb~ +12 -0
- data/test/dummy/db/schema.rb +151 -0
- data/test/dummy/db/seeds.rb +65 -0
- data/test/dummy/lib/password.rb +58 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/script/rails +6 -0
- data/test/dummy/test/fixtures/child_resources.yml +11 -0
- data/test/dummy/test/fixtures/global_resources.yml +9 -0
- data/test/dummy/test/fixtures/parent_resources.yml +9 -0
- data/test/dummy/test/fixtures/standalone_resources.yml +9 -0
- data/test/dummy/test/fixtures/user_groups.yml +9 -0
- data/test/dummy/test/fixtures/users.yml +37 -0
- data/test/dummy/test/functional/child_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/global_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/parent_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/standalone_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/user_groups_controller_test.rb +49 -0
- data/test/dummy/test/functional/users_controller_test.rb +39 -0
- data/test/dummy/test/unit/child_resource_test.rb +7 -0
- data/test/dummy/test/unit/global_resource_test.rb +7 -0
- data/test/dummy/test/unit/helpers/child_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/global_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/parent_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/standalone_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/user_groups_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/users_helper_test.rb +4 -0
- data/test/dummy/test/unit/parent_resource_test.rb +7 -0
- data/test/dummy/test/unit/standalone_resource_test.rb +7 -0
- data/test/dummy/test/unit/user_group_test.rb +7 -0
- data/test/dummy/test/unit/user_test.rb +7 -0
- data/test/integration/alberich/permission_test.rb +7 -0
- data/test/integration/alberich/privilege_test.rb +7 -0
- data/test/integration/alberich/role_test.rb +7 -0
- metadata +639 -0
@@ -0,0 +1,131 @@
|
|
1
|
+
class UserGroupsController < ApplicationController
|
2
|
+
# GET /user_groups
|
3
|
+
# GET /user_groups.json
|
4
|
+
def index
|
5
|
+
require_privilege(Alberich::Privilege::VIEW, User)
|
6
|
+
@user_groups = UserGroup.all
|
7
|
+
|
8
|
+
respond_to do |format|
|
9
|
+
format.html # index.html.erb
|
10
|
+
format.json { render json: @user_groups }
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
# GET /user_groups/1
|
15
|
+
# GET /user_groups/1.json
|
16
|
+
def show
|
17
|
+
require_privilege(Alberich::Privilege::VIEW, User)
|
18
|
+
@user_group = UserGroup.find(params[:id])
|
19
|
+
add_profile_permissions_inline(Alberich::Entity.for_target(@user_group))
|
20
|
+
|
21
|
+
respond_to do |format|
|
22
|
+
format.html # show.html.erb
|
23
|
+
format.json { render json: @user_group }
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
# GET /user_groups/new
|
28
|
+
# GET /user_groups/new.json
|
29
|
+
def new
|
30
|
+
require_privilege(Alberich::Privilege::CREATE, User)
|
31
|
+
@user_group = UserGroup.new
|
32
|
+
|
33
|
+
respond_to do |format|
|
34
|
+
format.html # new.html.erb
|
35
|
+
format.json { render json: @user_group }
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
# GET /user_groups/1/edit
|
40
|
+
def edit
|
41
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
42
|
+
@user_group = UserGroup.find(params[:id])
|
43
|
+
end
|
44
|
+
|
45
|
+
# POST /user_groups
|
46
|
+
# POST /user_groups.json
|
47
|
+
def create
|
48
|
+
require_privilege(Alberich::Privilege::CREATE, User)
|
49
|
+
@user_group = UserGroup.new(params[:user_group])
|
50
|
+
|
51
|
+
respond_to do |format|
|
52
|
+
if @user_group.save
|
53
|
+
format.html { redirect_to @user_group, notice: 'User group was successfully created.' }
|
54
|
+
format.json { render json: @user_group, status: :created, location: @user_group }
|
55
|
+
else
|
56
|
+
format.html { render action: "new" }
|
57
|
+
format.json { render json: @user_group.errors, status: :unprocessable_entity }
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
# PUT /user_groups/1
|
63
|
+
# PUT /user_groups/1.json
|
64
|
+
def update
|
65
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
66
|
+
@user_group = UserGroup.find(params[:id])
|
67
|
+
|
68
|
+
respond_to do |format|
|
69
|
+
if @user_group.update_attributes(params[:user_group])
|
70
|
+
format.html { redirect_to @user_group, notice: 'User group was successfully updated.' }
|
71
|
+
format.json { head :no_content }
|
72
|
+
else
|
73
|
+
format.html { render action: "edit" }
|
74
|
+
format.json { render json: @user_group.errors, status: :unprocessable_entity }
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
# DELETE /user_groups/1
|
80
|
+
# DELETE /user_groups/1.json
|
81
|
+
def destroy
|
82
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
83
|
+
@user_group = UserGroup.find(params[:id])
|
84
|
+
@user_group.destroy
|
85
|
+
|
86
|
+
respond_to do |format|
|
87
|
+
format.html { redirect_to user_groups_url }
|
88
|
+
format.json { head :no_content }
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
def add_member
|
93
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
94
|
+
@user_group = UserGroup.find(params[:id])
|
95
|
+
member = User.find(params[:user_id])
|
96
|
+
if !@user_group.members.include?(member) and
|
97
|
+
@user_group.members << member
|
98
|
+
flash[:notice] = "Added member: #{member}"
|
99
|
+
else
|
100
|
+
flash[:notice] = "Didn't add member: #{member}"
|
101
|
+
end
|
102
|
+
respond_to do |format|
|
103
|
+
format.html { redirect_to user_group_path(@user_group) }
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
|
108
|
+
def add_members
|
109
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
110
|
+
@user_group = UserGroup.find(params[:id])
|
111
|
+
@users = User.where('users.id not in (?)',
|
112
|
+
@user_group.members.empty? ?
|
113
|
+
0 : @user_group.members.map(&:id))
|
114
|
+
end
|
115
|
+
|
116
|
+
def remove_member
|
117
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
118
|
+
@user_group = UserGroup.find(params[:id])
|
119
|
+
member = User.find(params[:user_id])
|
120
|
+
|
121
|
+
if @user_group.members.delete member
|
122
|
+
flash[:notice] = "Removed member: #{member}"
|
123
|
+
else
|
124
|
+
flash[:notice] = "Failed to remove member: #{member}"
|
125
|
+
end
|
126
|
+
respond_to do |format|
|
127
|
+
format.html { redirect_to user_group_path(@user_group) }
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
class UserSessionsController < ApplicationController
|
2
|
+
before_filter :require_no_user, :only => [:new, :create]
|
3
|
+
before_filter :require_user, :only => :destroy
|
4
|
+
|
5
|
+
def new
|
6
|
+
@title = "Login"
|
7
|
+
end
|
8
|
+
|
9
|
+
def create
|
10
|
+
authenticate!
|
11
|
+
respond_to do |format|
|
12
|
+
format.html do
|
13
|
+
redirect_to back_or_default_url(root_url)
|
14
|
+
end
|
15
|
+
format.js do
|
16
|
+
render :js => "window.location.href = '#{back_or_default_url root_url}'"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def unauthenticated
|
22
|
+
Rails.logger.warn "Request is unauthenticated for #{request.remote_ip}"
|
23
|
+
|
24
|
+
respond_to do |format|
|
25
|
+
format.html do
|
26
|
+
flash.now[:warning] = "Login Failed"
|
27
|
+
render :action => :new
|
28
|
+
end
|
29
|
+
format.xml { head :unauthorized }
|
30
|
+
format.js { head :unauthorized }
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def destroy
|
35
|
+
logout
|
36
|
+
redirect_to login_url
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
class UsersController < ApplicationController
|
2
|
+
before_filter :require_user
|
3
|
+
|
4
|
+
def index
|
5
|
+
require_privilege(Alberich::Privilege::VIEW, User)
|
6
|
+
@title = "Users"
|
7
|
+
@params = params
|
8
|
+
@users = User.all
|
9
|
+
respond_to do |format|
|
10
|
+
format.html
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def new
|
15
|
+
require_privilege(Alberich::Privilege::CREATE, User)
|
16
|
+
@title = "New User"
|
17
|
+
@user = User.new
|
18
|
+
end
|
19
|
+
|
20
|
+
def create
|
21
|
+
require_privilege(Alberich::Privilege::CREATE, User)
|
22
|
+
@user = User.new(params[:user])
|
23
|
+
@title = "New User"
|
24
|
+
unless @user.save
|
25
|
+
render :action => 'new' and return
|
26
|
+
end
|
27
|
+
|
28
|
+
if current_user != @user
|
29
|
+
flash[:notice] = "User Registered"
|
30
|
+
redirect_to users_url
|
31
|
+
else
|
32
|
+
flash[:notice] = "You have registered"
|
33
|
+
redirect_to root_url
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def show
|
38
|
+
@user = params[:id] ? User.find(params[:id]) : current_user
|
39
|
+
require_privilege(Alberich::Privilege::VIEW, User) unless current_user == @user
|
40
|
+
@title = @user.name.present? ? @user.name : @user.username
|
41
|
+
if current_user == user
|
42
|
+
current_session.update_session_entities(current_user)
|
43
|
+
end
|
44
|
+
@user_groups = @user.all_groups
|
45
|
+
add_profile_permissions_inline(Alberich::Entity.for_target(@user))
|
46
|
+
respond_to do |format|
|
47
|
+
format.html
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def edit
|
52
|
+
@user = params[:id] ? User.find(params[:id]) : current_user
|
53
|
+
require_privilege(Alberich::Privilege::MODIFY, User) unless @user == current_user
|
54
|
+
@title = "Edit User"
|
55
|
+
end
|
56
|
+
|
57
|
+
def update
|
58
|
+
@title = "Edit User"
|
59
|
+
@user = params[:id] ? User.find(params[:id]) : current_user
|
60
|
+
require_privilege(Alberich::Privilege::MODIFY, User) unless @user == current_user
|
61
|
+
|
62
|
+
if params[:commit] == "Reset"
|
63
|
+
redirect_to edit_user_url(@user) and return
|
64
|
+
end
|
65
|
+
|
66
|
+
redirect_to root_url and return unless @user
|
67
|
+
|
68
|
+
unless @user.update_attributes(params[:user])
|
69
|
+
render :action => 'edit' and return
|
70
|
+
else
|
71
|
+
flash[:notice] = "User updated"
|
72
|
+
redirect_to user_path(@user)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def destroy
|
77
|
+
require_privilege(Alberich::Privilege::MODIFY, User)
|
78
|
+
user = User.find(params[:id])
|
79
|
+
user.destroy
|
80
|
+
flash[:notice] = "Deleted user"
|
81
|
+
|
82
|
+
respond_to do |format|
|
83
|
+
format.html { redirect_to users_path }
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class ChildResource < ActiveRecord::Base
|
2
|
+
belongs_to :parent_resource
|
3
|
+
attr_accessible :description, :name, :parent_resource_id
|
4
|
+
|
5
|
+
include Alberich::PermissionedObject
|
6
|
+
|
7
|
+
# for objects with a user or owner attribute, owner-level privileges
|
8
|
+
# can automatically be conferred with the following
|
9
|
+
# after_create "assign_owner_roles(owner)"
|
10
|
+
# otherwise this will need to be handled explicitly in the
|
11
|
+
# controller create action
|
12
|
+
|
13
|
+
# We don't need to override perm_ancestors since this type doesn't
|
14
|
+
# inherit from anything
|
15
|
+
def perm_ancestors
|
16
|
+
super + [parent_resource]
|
17
|
+
end
|
18
|
+
|
19
|
+
# We don't need to override derived_subtree since nothing inherits
|
20
|
+
# from this type
|
21
|
+
|
22
|
+
# We don't need to override additional_privilege_target_types since
|
23
|
+
# there are not other privilege types that need to be set on this
|
24
|
+
# model's roles
|
25
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
class ParentResource < ActiveRecord::Base
|
2
|
+
has_many :child_resources
|
3
|
+
attr_accessible :description, :name
|
4
|
+
|
5
|
+
include Alberich::PermissionedObject
|
6
|
+
|
7
|
+
# for objects with a user or owner attribute, owner-level privileges
|
8
|
+
# can automatically be conferred with the following
|
9
|
+
# after_create "assign_owner_roles(owner)"
|
10
|
+
# otherwise this will need to be handled explicitly in the
|
11
|
+
# controller create action
|
12
|
+
|
13
|
+
# We don't need to override perm_ancestors since this type doesn't
|
14
|
+
# inherit from anything
|
15
|
+
|
16
|
+
# We don't need to override derived_subtree since nothing inherits
|
17
|
+
# from this type
|
18
|
+
def derived_subtree(role = nil)
|
19
|
+
subtree = super(role)
|
20
|
+
if (role.nil? || role.privilege_target_match(ChildResource))
|
21
|
+
subtree += child_resources
|
22
|
+
end
|
23
|
+
subtree
|
24
|
+
end
|
25
|
+
|
26
|
+
# Other resource types for which we need to allow privileges at this
|
27
|
+
# level (often objects which sub-resources this type)
|
28
|
+
def self.additional_privilege_target_types
|
29
|
+
[ChildResource]
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class StandaloneResource < ActiveRecord::Base
|
2
|
+
attr_accessible :description, :name
|
3
|
+
|
4
|
+
include Alberich::PermissionedObject
|
5
|
+
|
6
|
+
# for objects with a user or owner attribute, owner-level privileges
|
7
|
+
# can automatically be conferred with the following
|
8
|
+
# after_create "assign_owner_roles(owner)"
|
9
|
+
# otherwise this will need to be handled explicitly in the
|
10
|
+
# controller create action
|
11
|
+
|
12
|
+
# We don't need to override perm_ancesstors since this type doesn't
|
13
|
+
# inherit from anything
|
14
|
+
|
15
|
+
# We don't need to override derived_subtree since nothing inherits
|
16
|
+
# from this type
|
17
|
+
|
18
|
+
# We don't need to override additional_privilege_target_types since
|
19
|
+
# there are not other privilege types that need to be set on this
|
20
|
+
# model's roles
|
21
|
+
|
22
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
require 'password'
|
2
|
+
|
3
|
+
class User < ActiveRecord::Base
|
4
|
+
attr_accessible :crypted_password, :current_login_at, :current_login_ip, :email, :failed_login_count, :first_name, :last_login_at, :last_login_ip, :last_name, :last_request_at, :login_count, :username, :password, :password_confirmation
|
5
|
+
|
6
|
+
has_and_belongs_to_many :user_groups, :join_table => "members_user_groups",
|
7
|
+
:foreign_key => "member_id"
|
8
|
+
|
9
|
+
|
10
|
+
# FIXME: reverse assocs for entity, session_entities
|
11
|
+
|
12
|
+
attr_accessor :password, :password_confirmation
|
13
|
+
before_validation :strip_whitespace
|
14
|
+
before_save :encrypt_password
|
15
|
+
validates :email, :presence => true,
|
16
|
+
:format => { :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i }
|
17
|
+
validates :username, :presence => true,
|
18
|
+
:length => { :within => 1..100 },
|
19
|
+
:uniqueness => true
|
20
|
+
validates :first_name, :length => { :maximum => 255 }
|
21
|
+
validates :last_name, :length => { :maximum => 255 }
|
22
|
+
validates :password, :presence => true,
|
23
|
+
:length => { :within => 4..255 },
|
24
|
+
:confirmation => true,
|
25
|
+
:if => Proc.new { |u| u.check_password? }
|
26
|
+
|
27
|
+
def name
|
28
|
+
"#{first_name} #{last_name}".strip
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.authenticate(username, password, ipaddress)
|
32
|
+
username = username.strip unless username.nil?
|
33
|
+
return unless u = User.find_by_username(username)
|
34
|
+
# FIXME: this is because of tests - encrypted password is submitted,
|
35
|
+
# don't know how to get unencrypted version (from factorygirl)
|
36
|
+
if password.length == 192 and password == u.crypted_password
|
37
|
+
update_login_attributes(u, ipaddress)
|
38
|
+
elsif Password.check(password, u.crypted_password)
|
39
|
+
update_login_attributes(u, ipaddress)
|
40
|
+
else
|
41
|
+
u.failed_login_count += 1
|
42
|
+
u.save!
|
43
|
+
u = nil
|
44
|
+
end
|
45
|
+
u.save! unless u.nil?
|
46
|
+
return u
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.update_login_attributes(u, ipaddress)
|
50
|
+
u.login_count += 1
|
51
|
+
u.last_login_ip = ipaddress
|
52
|
+
u.last_login_at = DateTime.now
|
53
|
+
end
|
54
|
+
|
55
|
+
def check_password?
|
56
|
+
# don't check password if it's a new no-local user (ldap)
|
57
|
+
# or if a user is updated
|
58
|
+
new_record? ? true : (!password.blank? or !password_confirmation.blank?)
|
59
|
+
end
|
60
|
+
|
61
|
+
def all_groups
|
62
|
+
group_list = []
|
63
|
+
group_list += self.user_groups
|
64
|
+
group_list
|
65
|
+
end
|
66
|
+
|
67
|
+
def to_s
|
68
|
+
"#{self.first_name} #{self.last_name} (#{self.username})"
|
69
|
+
end
|
70
|
+
|
71
|
+
private
|
72
|
+
|
73
|
+
def encrypt_password
|
74
|
+
self.crypted_password = Password::update(password) unless password.blank?
|
75
|
+
end
|
76
|
+
def strip_whitespace
|
77
|
+
self.username = self.username.strip unless self.username.nil?
|
78
|
+
end
|
79
|
+
|
80
|
+
end
|