RubyGems - andrewzielinski-lockdown - Versions diffs - 0.9.6 - Mend

andrewzielinski-lockdown 0.9.6

Files changed (59) hide show

data/History.txt +195 -0
data/README.txt +36 -0
data/Rakefile +41 -0
data/lib/lockdown.rb +70 -0
data/lib/lockdown/context.rb +41 -0
data/lib/lockdown/database.rb +105 -0
data/lib/lockdown/frameworks/rails.rb +146 -0
data/lib/lockdown/frameworks/rails/controller.rb +147 -0
data/lib/lockdown/frameworks/rails/view.rb +61 -0
data/lib/lockdown/helper.rb +95 -0
data/lib/lockdown/orms/active_record.rb +68 -0
data/lib/lockdown/permission.rb +204 -0
data/lib/lockdown/rules.rb +289 -0
data/lib/lockdown/session.rb +57 -0
data/lib/lockdown/system.rb +57 -0
data/rails_generators/lockdown/lockdown_generator.rb +273 -0
data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
data/spec/lockdown/database_spec.rb +158 -0
data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
data/spec/lockdown/frameworks/rails/view_spec.rb +125 -0
data/spec/lockdown/frameworks/rails_spec.rb +175 -0
data/spec/lockdown/permission_spec.rb +156 -0
data/spec/lockdown/rules_spec.rb +109 -0
data/spec/lockdown/session_spec.rb +89 -0
data/spec/lockdown/system_spec.rb +59 -0
data/spec/lockdown_spec.rb +19 -0
data/spec/rcov.opts +5 -0
data/spec/spec.opts +3 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

@@ -0,0 +1,57 @@
+module Lockdown
+  module Session
+    protected
+    def add_lockdown_session_values(user = nil)
+      user ||= current_user
+      if user
+        session[:access_rights] = Lockdown::System.access_rights_for_user(user)
+        session[:current_user_id] = user.id
+      end
+    end
+    def logged_in?
+      current_user_id.to_i > 0
+    end
+    def current_user_id
+      session[:current_user_id]
+    end
+    def current_user_is_admin?
+      session[:access_rights] == :all
+    end
+    def current_user_access_in_group?(grp)
+      return true if current_user_is_admin?
+        Lockdown::System.user_groups[grp].each do |perm|
+          return true if access_in_perm?(perm)
+        end
+      false
+    end
+    def access_in_perm?(perm)
+      if Lockdown::System.permissions[perm]
+        Lockdown::System.permissions[perm].each do |ar|
+          return true if session_access_rights_include?(ar)
+        end
+      end
+      false
+    end
+    def session_access_rights_include?(str)
+      return false unless session[:access_rights]
+      session[:access_rights].include?(str)
+    end
+    def reset_lockdown_session
+      [:expiry_time, :current_user_id, :access_rights].each do |val|
+        session[val] = nil if session[val]
+      end
+    end
+    alias_method :nil_lockdown_values, :reset_lockdown_session
+  end # Session
+end # Lockdown

data/lib/lockdown/system.rb ADDED

@@ -0,0 +1,57 @@
+module Lockdown
+  class System
+    extend Lockdown::Rules
+    def self.configure(&block)
+      set_defaults
+      # Defined by the framework
+      load_controller_classes
+      # Lockdown::Rules defines the methods that are used inside block
+      instance_eval(&block)
+      # Lockdown::Rules defines process_rules
+      process_rules
+      Lockdown::Database.sync_with_db unless skip_sync?
+    end
+    def self.fetch(key)
+      (@options||={})[key]
+    end
+    def self.call(object, system_option)
+      method = fetch(system_option)
+      if method.is_a?(Symbol) && object.respond_to?(method)
+        object.send(method)
+      end
+    end
+    protected
+    def self.paths_for(str_sym, *methods)
+      str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
+      if methods.empty?
+        klass = fetch_controller_class(str_sym)
+        methods = available_actions(klass)
+      end
+      path_str = str_sym.gsub("__","\/")
+      controller_actions = methods.flatten.collect{|m| m.to_s}
+      paths = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
+      if controller_actions.include?("index")
+        paths += [path_str]
+      end
+      paths
+    end
+    def self.fetch_controller_class(str)
+      controller_classes[Lockdown.controller_class_name(str)]
+    end
+ end # System class
+end # Lockdown

data/rails_generators/lockdown/lockdown_generator.rb ADDED

@@ -0,0 +1,273 @@
+@override_next_migration_string = false
+if Rails::VERSION::MAJOR >= 2 && Rails::VERSION::MINOR >= 1
+  if Rails::VERSION::TINY == 0
+    @override_next_migration_string = true
+  elsif ActiveRecord::Base.timestamped_migrations
+    @override_next_migration_string = true
+  end
+end
+if @override_next_migration_string
+  class Rails::Generator::Commands::Base
+    protected
+    def next_migration_string(padding = 3)
+      sleep(1)
+      Time.now.utc.strftime("%Y%m%d%H%M%S")
+    end
+  end
+end
+class LockdownGenerator < Rails::Generator::Base
+  attr_accessor :file_name, :action_name, :namespace, :view_path, :controller_path
+  def initialize(runtime_args, runtime_options = {})
+    super
+    if Rails::VERSION::MAJOR >= 2 && Rails::VERSION::MINOR >= 1
+      @action_name = "action_name"
+    else
+      @action_name = "@action_name"
+    end
+    @namespace = options[:namespace] if options[:namespace]
+    # so if the namespace option exists it sets the correct view path and controller path
+    @view_path = "app/views"
+    @controller_path = "app/controllers"
+    @helper_path = "app/helpers"
+    @lib_path = "lib/lockdown"
+    @initializer = "config/environment.rb"
+    if @namespace
+      @view_path += "/#{@namespace}"
+      @controller_path += "/#{@namespace}"
+      @helper_path += "/#{@namespace}"
+    end
+  end
+  def manifest
+    record do |@m|
+      # Ensure appropriate folder(s) exists
+      @m.directory @view_path
+      @m.directory @controller_path
+      @m.directory @helper_path
+      @m.directory @lib_path
+      unless options[:skip_rules]
+        @m.file "lib/lockdown/README", "lib/lockdown/README"
+        @m.file "lib/lockdown/init.rb", "lib/lockdown/init.rb"
+      end
+      add_management if options[:add_management]
+      add_login if options[:add_login]
+      add_models
+      @m.file "config/initializers/lockit.rb", "config/initializers/lockit.rb"
+    end #record do |m|
+  end
+  protected
+  def add_management
+    @m.directory "#{@view_path}/users"
+    @m.directory "#{@view_path}/user_groups"
+    @m.directory "#{@view_path}/permissions"
+    write_controller("permissions")
+    write_controller("users")
+    write_controller("user_groups")
+    copy_views("users")
+    copy_views("user_groups")
+    @m.template "app/views/permissions/index.html.erb",
+      "#{@view_path}/permissions/index.html.erb"
+    @m.template "app/views/permissions/show.html.erb",
+      "#{@view_path}/permissions/show.html.erb"
+    add_management_routes
+    add_management_permissions
+  end
+  def add_login
+    @m.directory "app/views/sessions"
+    @m.template "app/controllers/sessions_controller.rb",
+      "app/controllers/sessions_controller.rb"
+    @m.template "app/views/sessions/new.html.erb",
+      "app/views/sessions/new.html.erb"
+    add_login_routes
+    add_login_permissions
+  end
+  def add_models
+    @m.directory 'app/models'
+    write_model("user_group")
+    write_model("permission")
+    if options[:add_lockdown_authentication]
+      write_model("user")
+      write_model("profile")
+    end
+    unless options[:skip_migrations]
+      write_migration("create_user_groups")
+      write_migration("create_permissions")
+      if options[:add_lockdown_authentication]
+        write_migration("create_profiles")
+        write_migration("create_users")
+        write_migration("create_admin_user")
+      end
+    end
+  end
+  def copy_views(vw)
+    @m.template "app/views/#{vw}/index.html.erb", "#{@view_path}/#{vw}/index.html.erb"
+    @m.template "app/views/#{vw}/show.html.erb", "#{@view_path}/#{vw}/show.html.erb"
+    @m.template "app/views/#{vw}/edit.html.erb", "#{@view_path}/#{vw}/edit.html.erb"
+    @m.template "app/views/#{vw}/new.html.erb", "#{@view_path}/#{vw}/new.html.erb"
+  end
+  def add_login_permissions
+    add_permissions "set_permission(:sessions_management).with_controller(:sessions)"
+    add_predefined_user_group "set_public_access :sessions_management"
+  end
+  def add_management_routes
+    if @namespace.blank?
+      permissions = %Q(\tmap.resources :permissions)
+      users = %Q(\tmap.resources :users)
+      user_groups = %Q(\tmap.resources :user_groups)
+      routes = [permissions, user_groups, users].join("\n\n")
+    else
+      routes = %Q(\tmap.namespace :#{@namespace} do |#{@namespace}|\n\t\t#{@namespace}.resources :permissions\n\t\t#{@namespace}.resources :users\n\t\t#{@namespace}.resources :user_groups\n\tend)
+    end
+    write_routes_file(routes)
+  end
+  def add_management_permissions
+    perms = []
+    perms << "set_permission(:users_management).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"})"
+    perms << "set_permission(:user_groups_management).with_controller(:#{@namespace.blank? ? "user_groups" : "#{@namespace}__user_groups"})"
+    perms << "set_permission(:permissions_management).with_controller(:#{@namespace.blank? ? "permissions" : "#{@namespace}__permissions"})"
+    perms << "set_permission(:my_account).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"}).only_methods(:edit, :update, :show)"
+    add_permissions perms.join("\n  ")
+    add_predefined_user_group "set_protected_access :my_account"
+  end
+  def add_permissions(str)
+    sentinel = '# Define your permissions here:'
+    write_init_file(sentinel, str)
+  end
+  def add_predefined_user_group(str)
+    sentinel = '# Define the built-in user groups here:'
+    write_init_file(sentinel, str)
+  end
+  def add_login_routes
+    sessions = %Q(\tmap.resources :sessions)
+    home     = %Q(\tmap.home '', :controller => 'sessions', :action => 'new')
+    login    = %Q(\tmap.login '/login', :controller => 'sessions', :action => 'new')
+    logout   = %Q(\tmap.logout '/logout', :controller => 'sessions', :action => 'destroy')
+    routes   = [sessions, home, login, logout].join("\n\n")
+    write_routes_file(routes)
+  end
+  def banner
+<<-EOS
+Installs the lockdown framework to managing users user_groups
+and viewing permissions. Also includes a login screen.
+By default the entire set of stubs are installed.
+Please use the appropriate options to customize your install.
+USAGE: #{$0} #{spec.name}
+EOS
+  end
+  def add_options!(opt)
+    opt.separator ''
+    opt.separator 'Options:'
+    opt.on("--namespace=admin",
+      "Install lockdown templates with a namespace, in this example 'admin'.") do |v|
+        options[:namespace] = v
+      end
+    opt.on("--add-lockdown-authentication",
+      "Create user model + --add-login functionality.") do |v|
+        options[:add_lockdown_authentication] = v
+      end
+    opt.on("--add-management",
+      "Create user, user_group, permission management controllers and views.") do |v|
+        options[:add_management] = v
+      end
+    opt.on("--add-login",
+      "Create session controller and views.") do |v|
+        options[:add_login] = v
+      end
+    opt.on("--skip-rules",
+      "Skip installation of lib/lockdown/init.rb lib/lockdown/session.rb") do |v|
+        options[:skip_rules] = v
+      end
+    opt.on("--skip-migrations",
+      "Skip migrations installation") do |v|
+        options[:skip_migrations] = v
+      end
+  end
+  def write_migration(str)
+    @m.migration_template "db/migrate/#{str}.rb", "db/migrate",
+      :migration_file_name => str
+  end
+  def write_model(str)
+    @m.file "app/models/#{str}.rb", "app/models/#{str}.rb"
+  end
+  def write_controller(str)
+    @m.template "app/controllers/#{str}_controller.rb",
+      "#{@controller_path}/#{str}_controller.rb"
+    write_helper(str)
+  end
+  def write_helper(str)
+    @m.template "app/helpers/#{str}_helper.rb",
+      "#{@helper_path}/#{str}_helper.rb"
+  end
+  def write_routes_file(routes)
+    sentinel = 'ActionController::Routing::Routes.draw do |map|'
+    @m.gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+      "#{match}\n #{routes}\n"
+    end
+  end
+  def write_init_file(sentinel, str)
+    @m.gsub_file 'lib/lockdown/init.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+      "#{match}\n  #{str}"
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb ADDED

@@ -0,0 +1,22 @@
+class <%= "#{namespace.camelcase}::" unless namespace.blank? %>PermissionsController < ApplicationController
+  # GET /permissions
+  # GET /permissions.xml
+  def index
+    @permissions = Permission.find(:all)
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @permissions }
+    end
+  end
+  # GET /permissions/1
+  # GET /permissions/1.xml
+  def show
+    @permission = Permission.find(params[:id])
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @permission }
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb ADDED

@@ -0,0 +1,39 @@
+class SessionsController < ApplicationController
+# This controller handles the login/logout function of the site.
+  def new
+    #Stub required for Lockdown to grant access
+  end
+  def create
+    password_authentication(params[:login], params[:password])
+  end
+  def destroy
+		logger.info "resetting session in sessions controller"
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+  protected
+  def password_authentication(login, password)
+    set_session_user(User.authenticate(login, password))
+    if logged_in?
+      successful_login
+    else
+      failed_login
+    end
+  end
+  def failed_login(message = 'Authentication failed.')
+    flash[:error] = message
+    redirect_back_or_default login_path
+  end
+  def successful_login
+    flash[:notice] = "Logged in successfully"
+    redirect_back_or_default Lockdown::System.fetch(:successful_login_path)
+  end
+end