RubyGems - andrewzielinski-lockdown - Versions diffs - 0.9.6 - Mend

andrewzielinski-lockdown 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

data/History.txt +195 -0
data/README.txt +36 -0
data/Rakefile +41 -0
data/lib/lockdown.rb +70 -0
data/lib/lockdown/context.rb +41 -0
data/lib/lockdown/database.rb +105 -0
data/lib/lockdown/frameworks/rails.rb +146 -0
data/lib/lockdown/frameworks/rails/controller.rb +147 -0
data/lib/lockdown/frameworks/rails/view.rb +61 -0
data/lib/lockdown/helper.rb +95 -0
data/lib/lockdown/orms/active_record.rb +68 -0
data/lib/lockdown/permission.rb +204 -0
data/lib/lockdown/rules.rb +289 -0
data/lib/lockdown/session.rb +57 -0
data/lib/lockdown/system.rb +57 -0
data/rails_generators/lockdown/lockdown_generator.rb +273 -0
data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
data/spec/lockdown/database_spec.rb +158 -0
data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
data/spec/lockdown/frameworks/rails/view_spec.rb +125 -0
data/spec/lockdown/frameworks/rails_spec.rb +175 -0
data/spec/lockdown/permission_spec.rb +156 -0
data/spec/lockdown/rules_spec.rb +109 -0
data/spec/lockdown/session_spec.rb +89 -0
data/spec/lockdown/system_spec.rb +59 -0
data/spec/lockdown_spec.rb +19 -0
data/spec/rcov.opts +5 -0
data/spec/spec.opts +3 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

data/lib/lockdown/session.rb ADDED

@@ -0,0 +1,57 @@
+module Lockdown
+  module Session
+    protected
+    def add_lockdown_session_values(user = nil)
+      user ||= current_user
+      if user
+        session[:access_rights] = Lockdown::System.access_rights_for_user(user)
+        session[:current_user_id] = user.id
+      end
+    end
+    def logged_in?
+      current_user_id.to_i > 0
+    end
+    def current_user_id
+      session[:current_user_id]
+    end
+    def current_user_is_admin?
+      session[:access_rights] == :all
+    end
+    def current_user_access_in_group?(grp)
+      return true if current_user_is_admin?
+        Lockdown::System.user_groups[grp].each do |perm|
+          return true if access_in_perm?(perm)
+        end
+      false
+    end
+    def access_in_perm?(perm)
+      if Lockdown::System.permissions[perm]
+        Lockdown::System.permissions[perm].each do |ar|
+          return true if session_access_rights_include?(ar)
+        end
+      end
+      false
+    end
+    def session_access_rights_include?(str)
+      return false unless session[:access_rights]
+      session[:access_rights].include?(str)
+    end
+    def reset_lockdown_session
+      [:expiry_time, :current_user_id, :access_rights].each do |val|
+        session[val] = nil if session[val]
+      end
+    end
+    alias_method :nil_lockdown_values, :reset_lockdown_session
+  end # Session
+end # Lockdown

data/lib/lockdown/system.rb ADDED

@@ -0,0 +1,57 @@
+module Lockdown
+  class System
+    extend Lockdown::Rules
+    def self.configure(&block)
+      set_defaults
+      # Defined by the framework
+      load_controller_classes
+      # Lockdown::Rules defines the methods that are used inside block
+      instance_eval(&block)
+      # Lockdown::Rules defines process_rules
+      process_rules
+      Lockdown::Database.sync_with_db unless skip_sync?
+    end
+    def self.fetch(key)
+      (@options||={})[key]
+    end
+    def self.call(object, system_option)
+      method = fetch(system_option)
+      if method.is_a?(Symbol) && object.respond_to?(method)
+        object.send(method)
+      end
+    end
+    protected
+    def self.paths_for(str_sym, *methods)
+      str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
+      if methods.empty?
+        klass = fetch_controller_class(str_sym)
+        methods = available_actions(klass)
+      end
+      path_str = str_sym.gsub("__","\/")
+      controller_actions = methods.flatten.collect{|m| m.to_s}
+      paths = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
+      if controller_actions.include?("index")
+        paths += [path_str]
+      end
+      paths
+    end
+    def self.fetch_controller_class(str)
+      controller_classes[Lockdown.controller_class_name(str)]
+    end
+ end # System class
+end # Lockdown

data/rails_generators/lockdown/lockdown_generator.rb ADDED

@@ -0,0 +1,273 @@
+@override_next_migration_string = false
+if Rails::VERSION::MAJOR >= 2 && Rails::VERSION::MINOR >= 1
+  if Rails::VERSION::TINY == 0
+    @override_next_migration_string = true
+  elsif ActiveRecord::Base.timestamped_migrations
+    @override_next_migration_string = true
+  end
+end
+if @override_next_migration_string
+  class Rails::Generator::Commands::Base
+    protected
+    def next_migration_string(padding = 3)
+      sleep(1)
+      Time.now.utc.strftime("%Y%m%d%H%M%S")
+    end
+  end
+end
+class LockdownGenerator < Rails::Generator::Base
+  attr_accessor :file_name, :action_name, :namespace, :view_path, :controller_path
+  def initialize(runtime_args, runtime_options = {})
+    super
+    if Rails::VERSION::MAJOR >= 2 && Rails::VERSION::MINOR >= 1
+      @action_name = "action_name"
+    else
+      @action_name = "@action_name"
+    end
+    @namespace = options[:namespace] if options[:namespace]
+    # so if the namespace option exists it sets the correct view path and controller path
+    @view_path = "app/views"
+    @controller_path = "app/controllers"
+    @helper_path = "app/helpers"
+    @lib_path = "lib/lockdown"
+    @initializer = "config/environment.rb"
+    if @namespace
+      @view_path += "/#{@namespace}"
+      @controller_path += "/#{@namespace}"
+      @helper_path += "/#{@namespace}"
+    end
+  end
+  def manifest
+    record do |@m|
+      # Ensure appropriate folder(s) exists
+      @m.directory @view_path
+      @m.directory @controller_path
+      @m.directory @helper_path
+      @m.directory @lib_path
+      unless options[:skip_rules]
+        @m.file "lib/lockdown/README", "lib/lockdown/README"
+        @m.file "lib/lockdown/init.rb", "lib/lockdown/init.rb"
+      end
+      add_management if options[:add_management]
+      add_login if options[:add_login]
+      add_models
+      @m.file "config/initializers/lockit.rb", "config/initializers/lockit.rb"
+    end #record do |m|
+  end
+  protected
+  def add_management
+    @m.directory "#{@view_path}/users"
+    @m.directory "#{@view_path}/user_groups"
+    @m.directory "#{@view_path}/permissions"
+    write_controller("permissions")
+    write_controller("users")
+    write_controller("user_groups")
+    copy_views("users")
+    copy_views("user_groups")
+    @m.template "app/views/permissions/index.html.erb",
+      "#{@view_path}/permissions/index.html.erb"
+    @m.template "app/views/permissions/show.html.erb",
+      "#{@view_path}/permissions/show.html.erb"
+    add_management_routes
+    add_management_permissions
+  end
+  def add_login
+    @m.directory "app/views/sessions"
+    @m.template "app/controllers/sessions_controller.rb",
+      "app/controllers/sessions_controller.rb"
+    @m.template "app/views/sessions/new.html.erb",
+      "app/views/sessions/new.html.erb"
+    add_login_routes
+    add_login_permissions
+  end
+  def add_models
+    @m.directory 'app/models'
+    write_model("user_group")
+    write_model("permission")
+    if options[:add_lockdown_authentication]
+      write_model("user")
+      write_model("profile")
+    end
+    unless options[:skip_migrations]
+      write_migration("create_user_groups")
+      write_migration("create_permissions")
+      if options[:add_lockdown_authentication]
+        write_migration("create_profiles")
+        write_migration("create_users")
+        write_migration("create_admin_user")
+      end
+    end
+  end
+  def copy_views(vw)
+    @m.template "app/views/#{vw}/index.html.erb", "#{@view_path}/#{vw}/index.html.erb"
+    @m.template "app/views/#{vw}/show.html.erb", "#{@view_path}/#{vw}/show.html.erb"
+    @m.template "app/views/#{vw}/edit.html.erb", "#{@view_path}/#{vw}/edit.html.erb"
+    @m.template "app/views/#{vw}/new.html.erb", "#{@view_path}/#{vw}/new.html.erb"
+  end
+  def add_login_permissions
+    add_permissions "set_permission(:sessions_management).with_controller(:sessions)"
+    add_predefined_user_group "set_public_access :sessions_management"
+  end
+  def add_management_routes
+    if @namespace.blank?
+      permissions = %Q(\tmap.resources :permissions)
+      users = %Q(\tmap.resources :users)
+      user_groups = %Q(\tmap.resources :user_groups)
+      routes = [permissions, user_groups, users].join("\n\n")
+    else
+      routes = %Q(\tmap.namespace :#{@namespace} do |#{@namespace}|\n\t\t#{@namespace}.resources :permissions\n\t\t#{@namespace}.resources :users\n\t\t#{@namespace}.resources :user_groups\n\tend)
+    end
+    write_routes_file(routes)
+  end
+  def add_management_permissions
+    perms = []
+    perms << "set_permission(:users_management).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"})"
+    perms << "set_permission(:user_groups_management).with_controller(:#{@namespace.blank? ? "user_groups" : "#{@namespace}__user_groups"})"
+    perms << "set_permission(:permissions_management).with_controller(:#{@namespace.blank? ? "permissions" : "#{@namespace}__permissions"})"
+    perms << "set_permission(:my_account).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"}).only_methods(:edit, :update, :show)"
+    add_permissions perms.join("\n  ")
+    add_predefined_user_group "set_protected_access :my_account"
+  end
+  def add_permissions(str)
+    sentinel = '# Define your permissions here:'
+    write_init_file(sentinel, str)
+  end
+  def add_predefined_user_group(str)
+    sentinel = '# Define the built-in user groups here:'
+    write_init_file(sentinel, str)
+  end
+  def add_login_routes
+    sessions = %Q(\tmap.resources :sessions)
+    home     = %Q(\tmap.home '', :controller => 'sessions', :action => 'new')
+    login    = %Q(\tmap.login '/login', :controller => 'sessions', :action => 'new')
+    logout   = %Q(\tmap.logout '/logout', :controller => 'sessions', :action => 'destroy')
+    routes   = [sessions, home, login, logout].join("\n\n")
+    write_routes_file(routes)
+  end
+  def banner
+<<-EOS
+Installs the lockdown framework to managing users user_groups
+and viewing permissions. Also includes a login screen.
+By default the entire set of stubs are installed.
+Please use the appropriate options to customize your install.
+USAGE: #{$0} #{spec.name}
+EOS
+  end
+  def add_options!(opt)
+    opt.separator ''
+    opt.separator 'Options:'
+    opt.on("--namespace=admin",
+      "Install lockdown templates with a namespace, in this example 'admin'.") do |v|
+        options[:namespace] = v
+      end
+    opt.on("--add-lockdown-authentication",
+      "Create user model + --add-login functionality.") do |v|
+        options[:add_lockdown_authentication] = v
+      end
+    opt.on("--add-management",
+      "Create user, user_group, permission management controllers and views.") do |v|
+        options[:add_management] = v
+      end
+    opt.on("--add-login",
+      "Create session controller and views.") do |v|
+        options[:add_login] = v
+      end
+    opt.on("--skip-rules",
+      "Skip installation of lib/lockdown/init.rb lib/lockdown/session.rb") do |v|
+        options[:skip_rules] = v
+      end
+    opt.on("--skip-migrations",
+      "Skip migrations installation") do |v|
+        options[:skip_migrations] = v
+      end
+  end
+  def write_migration(str)
+    @m.migration_template "db/migrate/#{str}.rb", "db/migrate",
+      :migration_file_name => str
+  end
+  def write_model(str)
+    @m.file "app/models/#{str}.rb", "app/models/#{str}.rb"
+  end
+  def write_controller(str)
+    @m.template "app/controllers/#{str}_controller.rb",
+      "#{@controller_path}/#{str}_controller.rb"
+    write_helper(str)
+  end
+  def write_helper(str)
+    @m.template "app/helpers/#{str}_helper.rb",
+      "#{@helper_path}/#{str}_helper.rb"
+  end
+  def write_routes_file(routes)
+    sentinel = 'ActionController::Routing::Routes.draw do |map|'
+    @m.gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+      "#{match}\n #{routes}\n"
+    end
+  end
+  def write_init_file(sentinel, str)
+    @m.gsub_file 'lib/lockdown/init.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+      "#{match}\n  #{str}"
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb ADDED

@@ -0,0 +1,22 @@
+class <%= "#{namespace.camelcase}::" unless namespace.blank? %>PermissionsController < ApplicationController
+  # GET /permissions
+  # GET /permissions.xml
+  def index
+    @permissions = Permission.find(:all)
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @permissions }
+    end
+  end
+  # GET /permissions/1
+  # GET /permissions/1.xml
+  def show
+    @permission = Permission.find(params[:id])
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @permission }
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb ADDED

@@ -0,0 +1,39 @@
+class SessionsController < ApplicationController
+# This controller handles the login/logout function of the site.
+  def new
+    #Stub required for Lockdown to grant access
+  end
+  def create
+    password_authentication(params[:login], params[:password])
+  end
+  def destroy
+		logger.info "resetting session in sessions controller"
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+  protected
+  def password_authentication(login, password)
+    set_session_user(User.authenticate(login, password))
+    if logged_in?
+      successful_login
+    else
+      failed_login
+    end
+  end
+  def failed_login(message = 'Authentication failed.')
+    flash[:error] = message
+    redirect_back_or_default login_path
+  end
+  def successful_login
+    flash[:notice] = "Logged in successfully"
+    redirect_back_or_default Lockdown::System.fetch(:successful_login_path)
+  end
+end