auth-assistant 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.DS_Store +0 -0
- data/.document +5 -0
- data/.gitignore +39 -0
- data/Changelog.txt +30 -0
- data/LICENSE +20 -0
- data/README.markdown +308 -0
- data/Rakefile +20 -0
- data/VERSION +1 -0
- data/app/.DS_Store +0 -0
- data/app/views/.DS_Store +0 -0
- data/app/views/auth_assist/menu/_admin_login_items.html.erb +11 -0
- data/app/views/auth_assist/menu/_login_items.html.erb +11 -0
- data/app/views/auth_assist/menu/_registration_items.html.erb +10 -0
- data/auth-assistant.gemspec +115 -0
- data/config/locales/en.yml +14 -0
- data/init.rb +1 -0
- data/lib/.DS_Store +0 -0
- data/lib/auth-assistant.rb +24 -0
- data/lib/auth_assistant/configure.rb +16 -0
- data/lib/auth_assistant/helpers/admin_role.rb +59 -0
- data/lib/auth_assistant/helpers/all.rb +4 -0
- data/lib/auth_assistant/helpers/localhost.rb +22 -0
- data/lib/auth_assistant/helpers/roles.rb +52 -0
- data/lib/auth_assistant/helpers/user_role.rb +47 -0
- data/lib/auth_assistant/model/user_config.rb +42 -0
- data/lib/auth_assistant/role_strategies/admin_field.rb +37 -0
- data/lib/auth_assistant/role_strategies/all.rb +7 -0
- data/lib/auth_assistant/role_strategies/multi_role_assignment.rb +34 -0
- data/lib/auth_assistant/role_strategies/role_assignment.rb +41 -0
- data/lib/auth_assistant/role_strategies/role_field.rb +32 -0
- data/lib/auth_assistant/role_strategies/roles_field.rb +31 -0
- data/lib/auth_assistant/role_strategies/roles_mask.rb +35 -0
- data/lib/auth_assistant/role_strategies/shared.rb +25 -0
- data/lib/auth_assistant/translate/authlabels.rb +23 -0
- data/lib/auth_assistant/view/all.rb +4 -0
- data/lib/auth_assistant/view/auth_menu_item.rb +27 -0
- data/lib/auth_assistant/view/registration_link.rb +30 -0
- data/lib/auth_assistant/view/rest_link.rb +70 -0
- data/lib/auth_assistant/view/session_link.rb +31 -0
- data/lib/generators/.DS_Store +0 -0
- data/lib/generators/auth_assist/.DS_Store +0 -0
- data/lib/generators/auth_assist/clear/clear_generator.rb +30 -0
- data/lib/generators/auth_assist/config/.DS_Store +0 -0
- data/lib/generators/auth_assist/config/config_generator.rb +72 -0
- data/lib/generators/auth_assist/templates/ability.rb +22 -0
- data/lib/generators/auth_assist/templates/auth_assistant.rb +6 -0
- data/lib/generators/auth_assist/templates/permits.rb +91 -0
- data/lib/generators/auth_assist/templates/remove_multi_role_assignments_migration.rb +24 -0
- data/lib/generators/auth_assist/templates/remove_role_assignments_migration.rb +17 -0
- data/lib/generators/auth_assist/templates/role_assignments_migration.rb +14 -0
- data/lib/generators/auth_assist/templates/roles_migration.rb +13 -0
- data/lib/generators/auth_assist/test.rb +40 -0
- data/lib/generators/auth_assist/views/views_generator.rb +66 -0
- data/lib/generators/auth_code_refactor.rb +71 -0
- data/lib/generators/migration_helper.rb +81 -0
- data/lib/generators/reverse_migrations.rb +48 -0
- data/lib/generators/role_migrations.rb +167 -0
- data/lib/permits.rb +92 -0
- data/spec/auth-assistant_spec.rb +7 -0
- data/spec/generators/ability_gen_spec.rb +9 -0
- data/spec/sandbox.rb +9 -0
- data/spec/spec.opts +1 -0
- data/spec/spec_helper.rb +11 -0
- metadata +167 -0
@@ -0,0 +1,72 @@
|
|
1
|
+
require 'generators/migration_helper'
|
2
|
+
require 'generators/role_migrations'
|
3
|
+
require 'auth_assistant/model/user_config'
|
4
|
+
|
5
|
+
module AuthAssist
|
6
|
+
module Generators
|
7
|
+
class ConfigGenerator < Rails::Generators::NamedBase
|
8
|
+
desc "Generates user role migration and matching auth configuration initializer"
|
9
|
+
|
10
|
+
class_option :devise, :type => :boolean, :aliases => "-d", :default => false,
|
11
|
+
:desc => "Initialize devise."
|
12
|
+
|
13
|
+
class_option :admin, :type => :boolean, :aliases => "-a", :default => false,
|
14
|
+
:desc => "Creae admin user."
|
15
|
+
|
16
|
+
|
17
|
+
class_option :migration, :type => :boolean, :aliases => "-m", :default => true,
|
18
|
+
:desc => "To generate a user role migration."
|
19
|
+
|
20
|
+
def self.source_root
|
21
|
+
@source_root ||= File.expand_path("../../templates", __FILE__)
|
22
|
+
end
|
23
|
+
|
24
|
+
def init_devise
|
25
|
+
return if !options[:devise]
|
26
|
+
run 'rails g devise_install'
|
27
|
+
run 'rails g devise User'
|
28
|
+
end
|
29
|
+
|
30
|
+
def create_initializer
|
31
|
+
# prefixing with x should make sure it is run after devise initializer
|
32
|
+
template "auth_assistant.rb", "config/initializers/x_auth_assistant.rb"
|
33
|
+
end
|
34
|
+
|
35
|
+
def create_ability_model
|
36
|
+
copy_file 'ability.rb', 'app/models/ability.rb'
|
37
|
+
copy_file 'permits.rb', 'lib/permits.rb'
|
38
|
+
end
|
39
|
+
|
40
|
+
def create_admin_user
|
41
|
+
return if !options[:admin]
|
42
|
+
run 'rails g devise Admin' if options[:admin]
|
43
|
+
# use STI
|
44
|
+
gsub_file 'app/models/admin.rb', /ActiveRecord::Base/, 'User'
|
45
|
+
end
|
46
|
+
|
47
|
+
def copy_locale
|
48
|
+
locale_file = File.expand_path("../../../../../config/locales/en.yml", __FILE__)
|
49
|
+
puts locale_file
|
50
|
+
copy_file locale_file, "config/locales/auth_assist.en.yml"
|
51
|
+
end
|
52
|
+
|
53
|
+
def run_migration
|
54
|
+
clear_user_relations
|
55
|
+
return nil if !options[:migration]
|
56
|
+
clazz = AuthAssist::RoleMigrations.clazz(name)
|
57
|
+
mig_obj = clazz.new(self)
|
58
|
+
mig_obj.run_migration
|
59
|
+
mig_obj.configure
|
60
|
+
end
|
61
|
+
|
62
|
+
def self.banner
|
63
|
+
"#{$0} auth_assist:config strategy [admin_field, role_field, roles_field, roles_mask, role_assignment, multi_role_assignment]"
|
64
|
+
end
|
65
|
+
|
66
|
+
protected
|
67
|
+
include ::AuthAssist::MigrationHelper
|
68
|
+
include ::AuthAssist::RoleMigrations
|
69
|
+
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class Ability
|
2
|
+
include CanCan::Ability
|
3
|
+
|
4
|
+
def self.role_permits
|
5
|
+
@role_permits if @role_permits
|
6
|
+
|
7
|
+
# use inject ?
|
8
|
+
@role_permits ||= []
|
9
|
+
['Admin', 'User', 'Author'].each do |role|
|
10
|
+
# set up each RolePermit instance to share this same Ability so that the can and cannot operations work on the same permission collection!
|
11
|
+
@role_permits << Kernel.const_get("RolePermit::#{role}").new(self)
|
12
|
+
end
|
13
|
+
@role_permits
|
14
|
+
end
|
15
|
+
|
16
|
+
def initialize(user, request)
|
17
|
+
# put ability logic here!
|
18
|
+
user ||= User.new # guest
|
19
|
+
Ability.role_permits.each{|rp| rp.permit?(user, request) }
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
@@ -0,0 +1,91 @@
|
|
1
|
+
module RolePermit
|
2
|
+
|
3
|
+
class Base
|
4
|
+
attr_accessor :ability
|
5
|
+
|
6
|
+
def initialize(ability)
|
7
|
+
@ability = ability
|
8
|
+
end
|
9
|
+
|
10
|
+
def permit?(user, request)
|
11
|
+
user.has ability
|
12
|
+
end
|
13
|
+
|
14
|
+
def can(action, subject, conditions = nil, &block)
|
15
|
+
ability.can_definitions << CanDefinition.new(true, action, subject, conditions, block)
|
16
|
+
end
|
17
|
+
|
18
|
+
def cannot(action, subject, conditions = nil, &block)
|
19
|
+
ability.can_definitions << CanDefinition.new(false, action, subject, conditions, block)
|
20
|
+
end
|
21
|
+
|
22
|
+
def owns(user, clazz, field = :user_id)
|
23
|
+
can :manage, clazz, field => user.id
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
class Admin < Base
|
29
|
+
def initialize(ability)
|
30
|
+
super
|
31
|
+
end
|
32
|
+
|
33
|
+
def permit?(user, request)
|
34
|
+
super
|
35
|
+
return if !user.role? :admin
|
36
|
+
can :manage, :all
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
class User < Base
|
41
|
+
def initialize(ability)
|
42
|
+
super
|
43
|
+
end
|
44
|
+
|
45
|
+
def permit?(user, request)
|
46
|
+
super
|
47
|
+
return if user.role? :admin
|
48
|
+
can :read, :all
|
49
|
+
|
50
|
+
# user.owns(Comment)
|
51
|
+
|
52
|
+
# a user can manage comments he/she created
|
53
|
+
# can :manage, Comment do |comment|
|
54
|
+
# comment.try(:user) == user
|
55
|
+
# end
|
56
|
+
|
57
|
+
# can :create, Comment
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
class Moderator < Base
|
62
|
+
def initialize(ability)
|
63
|
+
super
|
64
|
+
end
|
65
|
+
|
66
|
+
def permit?(user, request)
|
67
|
+
super
|
68
|
+
return if !user.role?(:moderator)
|
69
|
+
can :read, :all
|
70
|
+
# owns(user, Comment)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
|
75
|
+
class Author < Base
|
76
|
+
def initialize(ability)
|
77
|
+
super
|
78
|
+
end
|
79
|
+
|
80
|
+
def permit?(user)
|
81
|
+
super
|
82
|
+
return if !user.role? :author
|
83
|
+
# can :create, Post
|
84
|
+
|
85
|
+
# an author can manage posts he/she created
|
86
|
+
# can :update, Post do |post|
|
87
|
+
# post.try(:user) == user
|
88
|
+
# end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
class CreateMultiRoleAssignments < ActiveRecord::Migration
|
2
|
+
def self.down
|
3
|
+
create_table :role_assignments do |t|
|
4
|
+
t.integer :user_id
|
5
|
+
t.integer :role_id
|
6
|
+
t.timestamps
|
7
|
+
end
|
8
|
+
|
9
|
+
create_table :roles do |t|
|
10
|
+
t.string :name
|
11
|
+
t.timestamps
|
12
|
+
end
|
13
|
+
|
14
|
+
add_column :users, :role_assignment_id, :integer
|
15
|
+
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.up
|
19
|
+
drop_table :role_assignments
|
20
|
+
drop_table :roles
|
21
|
+
remove_column :users, :role_assignment_id
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class CreateRoleAssignments < ActiveRecord::Migration
|
2
|
+
def self.down
|
3
|
+
create_table :roles do |t|
|
4
|
+
t.string :name
|
5
|
+
t.timestamps
|
6
|
+
end
|
7
|
+
|
8
|
+
add_column :users, :role_id, :integer
|
9
|
+
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.up
|
13
|
+
drop_table :roles
|
14
|
+
remove_column :users, :role_id
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
module RolePermit
|
2
|
+
|
3
|
+
class Base
|
4
|
+
attr_accessor :ability
|
5
|
+
|
6
|
+
def initialize(ability)
|
7
|
+
@ability = ability
|
8
|
+
end
|
9
|
+
|
10
|
+
def permit?(user)
|
11
|
+
puts "Base Permit"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
class Admin < Base
|
16
|
+
def initialize(ability)
|
17
|
+
super
|
18
|
+
end
|
19
|
+
|
20
|
+
def permit?(user)
|
21
|
+
super
|
22
|
+
puts "Admin"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
class User < Base
|
27
|
+
def initialize(ability)
|
28
|
+
super
|
29
|
+
end
|
30
|
+
|
31
|
+
def permit?(user)
|
32
|
+
super
|
33
|
+
puts "User"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
RolePermit::Admin.new(0).permit? 0
|
40
|
+
RolePermit::User.new(0).permit? 0
|
@@ -0,0 +1,66 @@
|
|
1
|
+
module AuthAssist
|
2
|
+
module Generators
|
3
|
+
class ViewsGenerator < Rails::Generators::Base
|
4
|
+
desc "Copies all AuthAssist views to your application."
|
5
|
+
|
6
|
+
argument :scope, :required => false, :default => nil,
|
7
|
+
:desc => "The scope to copy views to"
|
8
|
+
|
9
|
+
class_option :template_engine, :type => :string, :aliases => "-t", :default => "erb",
|
10
|
+
:desc => "Template engine for the views. Available options are 'erb' and 'haml'."
|
11
|
+
|
12
|
+
def self.source_root
|
13
|
+
@_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
|
14
|
+
end
|
15
|
+
|
16
|
+
def copy_views
|
17
|
+
case options[:template_engine]
|
18
|
+
when "haml"
|
19
|
+
verify_haml_existence
|
20
|
+
verify_haml_version
|
21
|
+
create_and_copy_haml_views
|
22
|
+
else
|
23
|
+
directory "auth_assist", "app/views/#{scope || 'devise'}"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
protected
|
28
|
+
|
29
|
+
def verify_haml_existence
|
30
|
+
begin
|
31
|
+
require 'haml'
|
32
|
+
rescue LoadError
|
33
|
+
say "HAML is not installed, or it is not specified in your Gemfile."
|
34
|
+
exit
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def verify_haml_version
|
39
|
+
unless Haml.version[:major] == 2 and Haml.version[:minor] >= 3 or Haml.version[:major] >= 3
|
40
|
+
say "To generate HAML templates, you need to install HAML 2.3 or above."
|
41
|
+
exit
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def create_and_copy_haml_views
|
46
|
+
require 'tmpdir'
|
47
|
+
html_root = "#{self.class.source_root}/auth_assist"
|
48
|
+
|
49
|
+
Dir.mktmpdir("auth_assist-haml.") do |haml_root|
|
50
|
+
Dir["#{html_root}/**/*"].each do |path|
|
51
|
+
relative_path = path.sub(html_root, "")
|
52
|
+
source_path = (haml_root + relative_path).sub(/erb$/, "haml")
|
53
|
+
|
54
|
+
if File.directory?(path)
|
55
|
+
FileUtils.mkdir_p(source_path)
|
56
|
+
else
|
57
|
+
`html2haml -r #{path} #{source_path}`
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
directory haml_root, "app/views/#{scope || 'devise'}"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
module AuthAssist
|
2
|
+
module MigrationHelper
|
3
|
+
module CodeRefactor
|
4
|
+
|
5
|
+
# erase
|
6
|
+
def clear_user_relations
|
7
|
+
erase_in_user(has_roles_through_assignments)
|
8
|
+
erase_in_user(has_roles)
|
9
|
+
erase_in_user(has_role_assignments)
|
10
|
+
end
|
11
|
+
|
12
|
+
def erase_in_user(txt)
|
13
|
+
file = File.new(model_file('user'))
|
14
|
+
return if !(file.read =~ /#{txt}/)
|
15
|
+
gsub_file model_file('user'), /#{Regexp.escape(txt + "\n")}/, ''
|
16
|
+
end
|
17
|
+
|
18
|
+
|
19
|
+
# insert
|
20
|
+
def write_model_file(name, content)
|
21
|
+
File.open(model_file(name), 'w+') do |f|
|
22
|
+
f.write(content)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def insert_user_relation(relation)
|
27
|
+
file = File.new(model_file('user'))
|
28
|
+
return if (file.read =~ /#{relation}/)
|
29
|
+
gsub_file model_file('user'), /class User < ActiveRecord::Base/ do |match|
|
30
|
+
match << "\n #{relation}"
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def remove_user_relation(relation)
|
35
|
+
erase_in_user(relation)
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
# refactor code
|
40
|
+
def has_role_assignments
|
41
|
+
'has_many :role_assignments'
|
42
|
+
end
|
43
|
+
|
44
|
+
def has_roles_through_assignments
|
45
|
+
'has_many :roles, :through => :role_assignments'
|
46
|
+
end
|
47
|
+
|
48
|
+
def has_roles
|
49
|
+
'has_many :roles'
|
50
|
+
end
|
51
|
+
|
52
|
+
def role_file_content
|
53
|
+
%q{
|
54
|
+
class Role < ActiveRecord::Base
|
55
|
+
has_many :role_assignments
|
56
|
+
has_many :users, :through => :role_assignments
|
57
|
+
end
|
58
|
+
}
|
59
|
+
end
|
60
|
+
|
61
|
+
def role_assignment_file_content
|
62
|
+
%q{
|
63
|
+
class RoleAssignment < ActiveRecord::Base
|
64
|
+
belongs_to :user
|
65
|
+
belongs_to :role
|
66
|
+
end
|
67
|
+
}
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|