andrewzielinski-lockdown 0.9.6
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +195 -0
- data/README.txt +36 -0
- data/Rakefile +41 -0
- data/lib/lockdown.rb +70 -0
- data/lib/lockdown/context.rb +41 -0
- data/lib/lockdown/database.rb +105 -0
- data/lib/lockdown/frameworks/rails.rb +146 -0
- data/lib/lockdown/frameworks/rails/controller.rb +147 -0
- data/lib/lockdown/frameworks/rails/view.rb +61 -0
- data/lib/lockdown/helper.rb +95 -0
- data/lib/lockdown/orms/active_record.rb +68 -0
- data/lib/lockdown/permission.rb +204 -0
- data/lib/lockdown/rules.rb +289 -0
- data/lib/lockdown/session.rb +57 -0
- data/lib/lockdown/system.rb +57 -0
- data/rails_generators/lockdown/lockdown_generator.rb +273 -0
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
- data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
- data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
- data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
- data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
- data/spec/lockdown/database_spec.rb +158 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
- data/spec/lockdown/frameworks/rails/view_spec.rb +125 -0
- data/spec/lockdown/frameworks/rails_spec.rb +175 -0
- data/spec/lockdown/permission_spec.rb +156 -0
- data/spec/lockdown/rules_spec.rb +109 -0
- data/spec/lockdown/session_spec.rb +89 -0
- data/spec/lockdown/system_spec.rb +59 -0
- data/spec/lockdown_spec.rb +19 -0
- data/spec/rcov.opts +5 -0
- data/spec/spec.opts +3 -0
- data/spec/spec_helper.rb +1 -0
- metadata +112 -0
@@ -0,0 +1,33 @@
|
|
1
|
+
<h1>Editing User Group</h1>
|
2
|
+
|
3
|
+
<%% form_for(<%= namespace.blank? ? '@user_group' : "[:#{namespace}, @user_group]" %>) do |f| %>
|
4
|
+
<%%= f.error_messages %>
|
5
|
+
<p>
|
6
|
+
<b>Name</b><br />
|
7
|
+
<%%= f.text_field :name %>
|
8
|
+
</p>
|
9
|
+
<p>
|
10
|
+
<b>Permissions</b><br />
|
11
|
+
<ul style="list-style: none;">
|
12
|
+
<%%
|
13
|
+
@all_permissions.each_with_index do |perm,i|
|
14
|
+
input_id = "perm_#{perm.id}"
|
15
|
+
checked = (@user_group.permission_ids.include?(perm.id) ? "checked" : "")
|
16
|
+
%>
|
17
|
+
<li id="li_<%%= input_id %>">
|
18
|
+
<label for="<%%= input_id %>">
|
19
|
+
<input id="<%%= input_id %>" name="<%%= input_id %>" type="checkbox" <%%= checked %>/> <%%= perm.name %>
|
20
|
+
</label>
|
21
|
+
</li>
|
22
|
+
<%%
|
23
|
+
end
|
24
|
+
%>
|
25
|
+
</ul>
|
26
|
+
</p>
|
27
|
+
|
28
|
+
<p> <%%= f.submit "Update" %> </p>
|
29
|
+
<%% end %>
|
30
|
+
|
31
|
+
|
32
|
+
<%%= link_to 'Show', <%= namespace.blank? ? '@user_group' : "#{namespace}_user_group_path(@user_group)" %> %> |
|
33
|
+
<%%= link_to 'Back', <%= namespace.blank? ? 'user_groups_path' : "#{namespace}_user_groups_path" %> %>
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<h1>Listing User Groups</h1>
|
2
|
+
|
3
|
+
<table>
|
4
|
+
<tr>
|
5
|
+
<th>Name</th>
|
6
|
+
</tr>
|
7
|
+
|
8
|
+
<%% for user_group in @user_groups %>
|
9
|
+
<tr>
|
10
|
+
<td><%%=h user_group.name %></td>
|
11
|
+
<td><%%= link_to 'Show', <%= namespace.blank? ? "user_group_path(user_group)" : "#{namespace}_user_group_path(user_group)" %> %></td>
|
12
|
+
<td><%%= link_to('Edit', <%= namespace.blank? ? "edit_user_group_path(user_group)" : "edit_#{namespace}_user_group_path(user_group)" %>) unless Lockdown::System.has_user_group?(user_group) %></td>
|
13
|
+
<td><%%= link_to('Destroy',<%= namespace.blank? ? "user_group_path(user_group)" : "#{namespace}_user_group_path(user_group)" %>, :confirm => 'Are you sure?', :method => :delete) unless Lockdown::System.has_user_group?(user_group) %></td>
|
14
|
+
</tr>
|
15
|
+
<%% end %>
|
16
|
+
</table>
|
17
|
+
|
18
|
+
<br />
|
19
|
+
|
20
|
+
<%%= link_to 'New User Group', <%= namespace.blank? ? "new_user_group_path" : "new_#{namespace}_user_group_path" %> %>
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<h1>New User Group</h1>
|
2
|
+
|
3
|
+
<%% form_for(<%= namespace.blank? ? '@user_group' : "[:#{namespace}, @user_group]" %>) do |f| %>
|
4
|
+
<%%= f.error_messages %>
|
5
|
+
<p>
|
6
|
+
<b>Name</b><br />
|
7
|
+
<%%= f.text_field :name %>
|
8
|
+
</p>
|
9
|
+
<p>
|
10
|
+
<b>Permissions</b><br />
|
11
|
+
<ul style="list-style: none;">
|
12
|
+
<%%
|
13
|
+
@all_permissions.each_with_index do |perm,i|
|
14
|
+
input_id = "perm_#{perm.id}"
|
15
|
+
checked = (@user_group.permission_ids.include?(perm.id) ? "checked" : "")
|
16
|
+
%>
|
17
|
+
<li id="li_<%%= input_id %>">
|
18
|
+
<label for="<%%= input_id %>">
|
19
|
+
<input id="<%%= input_id %>" name="<%%= input_id %>" type="checkbox" <%%= checked %>/> <%%= perm.name %>
|
20
|
+
</label>
|
21
|
+
</li>
|
22
|
+
<%%
|
23
|
+
end
|
24
|
+
%>
|
25
|
+
</ul>
|
26
|
+
</p>
|
27
|
+
|
28
|
+
<p> <%%= f.submit "Create" %> </p>
|
29
|
+
<%% end %>
|
30
|
+
|
31
|
+
<%%= link_to 'Back', <%= namespace.blank? ? 'user_groups_path' : "#{namespace}_user_groups_path" %> %>
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<p>
|
2
|
+
<b>Name</b><br />
|
3
|
+
<%%= h @user_group.name %>
|
4
|
+
</p>
|
5
|
+
<p>
|
6
|
+
<b>Permissions</b><br />
|
7
|
+
<%%
|
8
|
+
@user_group.permissions.each do |perm|
|
9
|
+
%>
|
10
|
+
<%%= perm.name %><br/>
|
11
|
+
<%%
|
12
|
+
end
|
13
|
+
%>
|
14
|
+
</p>
|
15
|
+
<p>
|
16
|
+
<b>Users in user group:</b><br />
|
17
|
+
<%%
|
18
|
+
@user_group.all_users.each do |user|
|
19
|
+
%>
|
20
|
+
<%%= link_to_or_show(user.full_name, <%= namespace.blank? ? 'user' : "#{namespace}_user_path(user)" %>) %><br/>
|
21
|
+
<%%
|
22
|
+
end
|
23
|
+
%>
|
24
|
+
</p>
|
25
|
+
|
26
|
+
<%% unless Lockdown::System.has_user_group?(@user_group) %>
|
27
|
+
<%%= link_to 'Edit', <%= namespace.blank? ? 'edit_user_group_path(@user_group)' : "edit_#{namespace}_user_group_path(@user_group)" %> %> |
|
28
|
+
<%% end %>
|
29
|
+
<%%= link_to 'Back', <%= namespace.blank? ? 'user_groups_path' : "#{namespace}_user_groups_path" %> %>
|
@@ -0,0 +1,51 @@
|
|
1
|
+
<h1>Editing User</h1>
|
2
|
+
|
3
|
+
<%% form_for(<%= namespace.blank? ? "@user" : "[:#{namespace}, @user]" %>) do |f| %>
|
4
|
+
<%%= f.error_messages %>
|
5
|
+
<p>
|
6
|
+
<b>First name</b><br />
|
7
|
+
<%%= f.text_field :first_name %>
|
8
|
+
</p>
|
9
|
+
<p>
|
10
|
+
<b>Last name</b><br />
|
11
|
+
<%%= f.text_field :last_name %>
|
12
|
+
</p>
|
13
|
+
<p>
|
14
|
+
<b>Email</b><br />
|
15
|
+
<%%= f.text_field :email %>
|
16
|
+
</p>
|
17
|
+
<p>
|
18
|
+
<b>Login</b><br />
|
19
|
+
<%%= f.text_field :login %>
|
20
|
+
</p>
|
21
|
+
<p>
|
22
|
+
<b>Password</b><br />
|
23
|
+
<%%= f.password_field :password %>
|
24
|
+
</p>
|
25
|
+
<p>
|
26
|
+
<b>Password confirmation</b><br />
|
27
|
+
<%%= f.password_field :password_confirmation %>
|
28
|
+
</p>
|
29
|
+
<p>
|
30
|
+
<b>User Groups</b><br />
|
31
|
+
<ul style="list-style: none;">
|
32
|
+
<%%
|
33
|
+
@user_groups_for_user.each_with_index do |ug,i|
|
34
|
+
input_id = "ug_#{ug.id}"
|
35
|
+
checked = (@user.user_group_ids.include?(ug.id) ? "checked" : "")
|
36
|
+
%>
|
37
|
+
<li id="li_<%%= input_id %>">
|
38
|
+
<label for="<%%= input_id %>">
|
39
|
+
<input id="<%%= input_id %>" name="<%%= input_id %>" type="checkbox" <%%= checked %>/> <%%= ug.name %>
|
40
|
+
</label>
|
41
|
+
</li>
|
42
|
+
<%%
|
43
|
+
end
|
44
|
+
%>
|
45
|
+
</ul>
|
46
|
+
</p>
|
47
|
+
<p> <%%= f.submit "Update" %> </p>
|
48
|
+
<%% end %>
|
49
|
+
|
50
|
+
<%%= link_to 'Show', <%= namespace.blank? ? "user_path(@user)" : "#{namespace}_user_path(@user)" %> %> |
|
51
|
+
<%%= link_to 'Back', <%= namespace.blank? ? "users_path" : "#{namespace}_users_path" %> %>
|
@@ -0,0 +1,22 @@
|
|
1
|
+
<h1>Listing Users</h1>
|
2
|
+
|
3
|
+
<table>
|
4
|
+
<tr>
|
5
|
+
<th>Login</th>
|
6
|
+
<th>Name</th>
|
7
|
+
</tr>
|
8
|
+
|
9
|
+
<%% @users.each do |user| %>
|
10
|
+
<tr>
|
11
|
+
<td><%%=h user.login %></td>
|
12
|
+
<td><%%=h user.full_name %></td>
|
13
|
+
<td><%%= link_to 'Show', <%= namespace.blank? ? "user_path(user)" : "#{namespace}_user_path(user)" %> %></td>
|
14
|
+
<td><%%= link_to 'Edit', <%= namespace.blank? ? "edit_user_path(user)" : "edit_#{namespace}_user_path(user)" %> %></td>
|
15
|
+
<td><%%= link_to 'Destroy', <%= namespace.blank? ? "user_path(user)" : "#{namespace}_user_path(user)" %>, :confirm => 'Are you sure?', :method => :delete %></td>
|
16
|
+
</tr>
|
17
|
+
<%% end %>
|
18
|
+
</table>
|
19
|
+
|
20
|
+
<br />
|
21
|
+
|
22
|
+
<%%= link_to 'New User', <%= namespace.blank? ? "new_user_path" : "new_#{namespace}_user_path" %> %>
|
@@ -0,0 +1,50 @@
|
|
1
|
+
<h1>New User</h1>
|
2
|
+
|
3
|
+
<%% form_for(<%= namespace.blank? ? "@user" : "[:#{namespace}, @user]" %>) do |f| %>
|
4
|
+
<%%= f.error_messages %>
|
5
|
+
<p>
|
6
|
+
<b>First name</b><br />
|
7
|
+
<%%= f.text_field :first_name %>
|
8
|
+
</p>
|
9
|
+
<p>
|
10
|
+
<b>Last name</b><br />
|
11
|
+
<%%= f.text_field :last_name %>
|
12
|
+
</p>
|
13
|
+
<p>
|
14
|
+
<b>Email</b><br />
|
15
|
+
<%%= f.text_field :email %>
|
16
|
+
</p>
|
17
|
+
<p>
|
18
|
+
<b>Login</b><br />
|
19
|
+
<%%= f.text_field :login %>
|
20
|
+
</p>
|
21
|
+
<p>
|
22
|
+
<b>Password</b><br />
|
23
|
+
<%%= f.password_field :password %>
|
24
|
+
</p>
|
25
|
+
<p>
|
26
|
+
<b>Password confirmation</b><br />
|
27
|
+
<%%= f.password_field :password_confirmation %>
|
28
|
+
</p>
|
29
|
+
<p>
|
30
|
+
<b>User Groups</b><br />
|
31
|
+
<ul style="list-style: none;">
|
32
|
+
<%%
|
33
|
+
@user_groups_for_user.each_with_index do |ug,i|
|
34
|
+
input_id = "ug_#{ug.id}"
|
35
|
+
checked = (@user.user_group_ids.include?(ug.id) ? "checked" : "")
|
36
|
+
%>
|
37
|
+
<li id="li_<%%= input_id %>">
|
38
|
+
<label for="<%%= input_id %>">
|
39
|
+
<input id="<%%= input_id %>" name="<%%= input_id %>" type="checkbox" <%%= checked %>/> <%%= ug.name %>
|
40
|
+
</label>
|
41
|
+
</li>
|
42
|
+
<%%
|
43
|
+
end
|
44
|
+
%>
|
45
|
+
</ul>
|
46
|
+
</p>
|
47
|
+
<p> <%%= f.submit "Create" %> </p>
|
48
|
+
<%% end %>
|
49
|
+
|
50
|
+
<%%= link_to 'Back', <%= namespace.blank? ? "users_path" : "#{namespace}_users_path" %> %>
|
@@ -0,0 +1,33 @@
|
|
1
|
+
<h1>Showing User</h1>
|
2
|
+
|
3
|
+
<p>
|
4
|
+
<b>First name</b><br />
|
5
|
+
<%%= h @user.first_name %>
|
6
|
+
</p>
|
7
|
+
<p>
|
8
|
+
<b>Last name</b><br />
|
9
|
+
<%%= h @user.last_name %>
|
10
|
+
</p>
|
11
|
+
<p>
|
12
|
+
<b>Email</b><br />
|
13
|
+
<%%= h @user.email %>
|
14
|
+
</p>
|
15
|
+
<p>
|
16
|
+
<b><span>L</span>ogin</b><br />
|
17
|
+
<%%= h @user.login %>
|
18
|
+
</p>
|
19
|
+
<p>
|
20
|
+
<b>User Groups</b><br />
|
21
|
+
<ul style="list-style: none;">
|
22
|
+
<%%
|
23
|
+
@user.user_groups.each do |ug|
|
24
|
+
%>
|
25
|
+
<%%= h ug.name %> <br/>
|
26
|
+
<%%
|
27
|
+
end
|
28
|
+
%>
|
29
|
+
</ul>
|
30
|
+
</p>
|
31
|
+
|
32
|
+
<%%= link_to 'Edit', <%= namespace.blank? ? "edit_user_path(@user)" : "edit_#{namespace}_user_path(@user)" %> %> |
|
33
|
+
<%%= link_to 'Back', <%= namespace.blank? ? "users_path" : "#{namespace}_users_path" %> %>
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'lockdown'
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class CreateAdminUser < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
# TODO: Change the password
|
4
|
+
u = User.create(:password => "password",
|
5
|
+
:password_confirmation => "password",
|
6
|
+
:first_name => "Administrator",
|
7
|
+
:last_name => "User",
|
8
|
+
:email => "administrator@a.com",
|
9
|
+
:login => "admin")
|
10
|
+
|
11
|
+
Lockdown::System.make_user_administrator(u)
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.down
|
15
|
+
#Nothing to see here...
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class CreatePermissions < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :permissions do |t|
|
4
|
+
t.string :name
|
5
|
+
|
6
|
+
t.timestamps
|
7
|
+
end
|
8
|
+
|
9
|
+
create_table :permissions_user_groups, :id => false do |t|
|
10
|
+
t.integer :permission_id
|
11
|
+
t.integer :user_group_id
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.down
|
16
|
+
drop_table :permissions_user_groups
|
17
|
+
drop_table :permissions
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
class CreateProfiles < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :profiles do |t|
|
4
|
+
t.string :first_name
|
5
|
+
t.string :last_name
|
6
|
+
t.string :email
|
7
|
+
t.integer :updated_by
|
8
|
+
t.boolean :is_disabled
|
9
|
+
|
10
|
+
t.timestamps
|
11
|
+
end
|
12
|
+
|
13
|
+
# The System profile is used as the updated_by reference when records
|
14
|
+
# are created programatically and the responsible user cannot be determined
|
15
|
+
# or is simply not available.
|
16
|
+
# TODO: Change email address
|
17
|
+
Profile.create(:first_name => "System",
|
18
|
+
:last_name => "User",
|
19
|
+
:email => "system@a.com")
|
20
|
+
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.down
|
24
|
+
drop_table :profiles
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class CreateUserGroups < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :user_groups do |t|
|
4
|
+
t.string :name
|
5
|
+
|
6
|
+
t.timestamps
|
7
|
+
end
|
8
|
+
|
9
|
+
create_table :user_groups_users, :id => false do |t|
|
10
|
+
t.integer :user_group_id
|
11
|
+
t.integer :user_id
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.down
|
16
|
+
drop_table :user_groups_users
|
17
|
+
drop_table :user_groups
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class CreateUsers < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :users do |t|
|
4
|
+
t.string :login
|
5
|
+
t.string :crypted_password
|
6
|
+
t.string :salt
|
7
|
+
t.integer :profile_id
|
8
|
+
t.integer :updated_by
|
9
|
+
|
10
|
+
t.timestamps
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.down
|
15
|
+
drop_table :users
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
#
|
2
|
+
# !!!!IMPORTANT!!!!
|
3
|
+
#
|
4
|
+
#*** MUST define a current_user method that will return the current user object
|
5
|
+
#
|
6
|
+
#*** MUST add call to add_lockdown_session_values to your login method
|
7
|
+
#
|
8
|
+
#*** MAY NEED to add call to reset_lockdown_session to your logout method.
|
9
|
+
# ** Not needed if your authentication system resets the session
|
10
|
+
#
|
11
|
+
# Definitely need to use the user_group and permission models. The lockdown
|
12
|
+
# generator will provide those for you. Just add the following to your user
|
13
|
+
# model:
|
14
|
+
# has_and_belongs_to_many :user_groups
|
15
|
+
#
|
16
|
+
# That's it!
|
17
|
+
#
|
18
|
+
#
|
19
|
+
# ~~~~Method Descriptions~~~~
|
20
|
+
|
21
|
+
# The Lockdown gem defines these session methods:
|
22
|
+
#
|
23
|
+
# current_user_id: returns the id of the current_user
|
24
|
+
#
|
25
|
+
# logged_in? : returns true if current_user_id > 0
|
26
|
+
#
|
27
|
+
# current_user_is_admin?: returns true if user is assigned
|
28
|
+
# administrator rights.
|
29
|
+
#
|
30
|
+
# reset_lockdown_session: This will nil the following session values:
|
31
|
+
# current_user_id
|
32
|
+
# access_rights
|
33
|
+
# expiry_time
|
34
|
+
#
|
35
|
+
# current_user_access_in_group?(grp): grp is a symbol referencing a
|
36
|
+
# Lockdown::UserGroups method such as :registered_users
|
37
|
+
# Will return true if the session[:access_rights] contain at
|
38
|
+
# least one match to the access_right list associated to the group
|
39
|
+
#
|
40
|
+
# If you want access to any of these methods in your view, just add them
|
41
|
+
# as helpers in your controller (application controller for global use).
|
42
|
+
#
|
@@ -0,0 +1,122 @@
|
|
1
|
+
Lockdown::System.configure do
|
2
|
+
|
3
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
4
|
+
# Configuration Options
|
5
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
6
|
+
# Options with defaults:
|
7
|
+
#
|
8
|
+
# Set who_did_it method
|
9
|
+
# This method is used in setting the created_by/updated_by fields and
|
10
|
+
# should be accessible to the controller
|
11
|
+
# options[:who_did_it] = :current_user_id
|
12
|
+
#
|
13
|
+
# Set default_who_did_it
|
14
|
+
# When current_user_id returns nil, this is the value to use
|
15
|
+
# options[:default_who_did_it] = 1
|
16
|
+
#
|
17
|
+
# Lockdown version < 0.9.0 set this to:
|
18
|
+
# options[:default_who_did_it] = Profile::System
|
19
|
+
#
|
20
|
+
# Should probably be something like:
|
21
|
+
# options[:default_who_did_it] = User::SystemId
|
22
|
+
#
|
23
|
+
# Set timeout to 1 hour:
|
24
|
+
# options[:session_timeout] = (60 * 60)
|
25
|
+
#
|
26
|
+
# Call method when timeout occurs (method must be callable by controller):
|
27
|
+
# options[:session_timeout_method] = :clear_session_values
|
28
|
+
#
|
29
|
+
# Set system to logout if unauthorized access is attempted:
|
30
|
+
# options[:logout_on_access_violation] = false
|
31
|
+
#
|
32
|
+
# Set redirect to path on unauthorized access attempt:
|
33
|
+
# options[:access_denied_path] = "/"
|
34
|
+
#
|
35
|
+
# Set redirect to path on successful login:
|
36
|
+
# options[:successful_login_path] = "/"
|
37
|
+
#
|
38
|
+
# Set separator on links call
|
39
|
+
# options[:links_separator] = "|"
|
40
|
+
#
|
41
|
+
# If deploying to a subdirectory, set that here. Defaults to nil
|
42
|
+
# options[:subdirectory] = "blog"
|
43
|
+
# *Notice: Do not add leading or trailing slashes,
|
44
|
+
# Lockdown will handle this
|
45
|
+
#
|
46
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
47
|
+
# Define permissions
|
48
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
49
|
+
#
|
50
|
+
# set_permission(:product_management).
|
51
|
+
# with_controller(:products)
|
52
|
+
#
|
53
|
+
# :product_management is the name of the permission which is later
|
54
|
+
# referenced by the set_user_group method
|
55
|
+
#
|
56
|
+
# .with_controller(:products) defaults to all action_methods available on that
|
57
|
+
# controller. You can change this behaviour by chaining on except_methods or
|
58
|
+
# only_methods. (see examples below)
|
59
|
+
#
|
60
|
+
# ** To define a namespaced controller use two underscores:
|
61
|
+
# :admin__products
|
62
|
+
#
|
63
|
+
# if products is your standard RESTful resource you'll get:
|
64
|
+
# ["products/index , "products/show",
|
65
|
+
# "products/new", "products/edit",
|
66
|
+
# "products/create", "products/update",
|
67
|
+
# "products/destroy"]
|
68
|
+
#
|
69
|
+
# You can chain method calls to restrict the methods for one controller
|
70
|
+
# or you can add multiple controllers to one permission.
|
71
|
+
#
|
72
|
+
# set_permission(:security_management).
|
73
|
+
# with_controller(:users).
|
74
|
+
# and_controller(:user_groups).
|
75
|
+
# and_controller(:permissions)
|
76
|
+
#
|
77
|
+
# In addition to with_controller(:controller) there are:
|
78
|
+
#
|
79
|
+
# set_permission(:some_nice_permission_name).
|
80
|
+
# with_controller(:some_controller_name).
|
81
|
+
# only_methods(:only_method_1, :only_method_2)
|
82
|
+
#
|
83
|
+
# set_permission(:some_nice_permission_name).
|
84
|
+
# with_controller(:some_controller_name).
|
85
|
+
# except_methods(:except_method_1, :except_method_2)
|
86
|
+
#
|
87
|
+
# set_permission(:some_nice_permission_name).
|
88
|
+
# with_controller(:some_controller_name).
|
89
|
+
# except_methods(:except_method_1, :except_method_2).
|
90
|
+
# and_controller(:another_controller_name).
|
91
|
+
# and_controller(:yet_another_controller_name)
|
92
|
+
#
|
93
|
+
# Define your permissions here:
|
94
|
+
|
95
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
96
|
+
# Built-in user groups
|
97
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
98
|
+
# You can assign the above permission to one of the built-in user groups
|
99
|
+
# by using the following:
|
100
|
+
#
|
101
|
+
# To allow public access on the permissions :sessions and :home:
|
102
|
+
# set_public_access :sessions, :home
|
103
|
+
#
|
104
|
+
# Restrict :my_account access to only authenticated users:
|
105
|
+
# set_protected_access :my_account
|
106
|
+
#
|
107
|
+
# Define the built-in user groups here:
|
108
|
+
|
109
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
110
|
+
# Define user groups
|
111
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
112
|
+
#
|
113
|
+
# set_user_group(:catalog_management, :category_management,
|
114
|
+
# :product_management)
|
115
|
+
#
|
116
|
+
# :catalog_management is the name of the user group
|
117
|
+
# :category_management and :product_management refer to permission names
|
118
|
+
#
|
119
|
+
#
|
120
|
+
# Define your user groups here:
|
121
|
+
|
122
|
+
end
|