RubyGems - authentasaurus - Versions diffs - 0.4.1 - Mend

authentasaurus 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

data/generators/authentasaurus_views/templates/views/areas/edit.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1>Editing <%= @area.name %></h1>
+<% form_for @area do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/generators/authentasaurus_views/templates/views/areas/index.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<h1>Areas</h1>
+<table>
+	<tr>
+		<th>Target</th>
+	</tr>
+	<% @areas.each do |area| %>
+		<tr>
+			<td><%= link_to area.name, area %></td>
+		</tr>
+	<% end %>
+</table>

data/generators/authentasaurus_views/templates/views/areas/new.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1>Create Area</h1>
+<% form_for @area do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/generators/authentasaurus_views/templates/views/areas/show.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1><%= @area.name %></h1>
+<h3>Groups that have permission on this area</h3>
+<ul>
+	<% @area.groups.each do |group| %>
+		<li><%= link_to group.name, group %></li>
+	<% end %>
+</ul>

data/generators/authentasaurus_views/templates/views/authentasaurus_emailer/invitation_mail.html.erb ADDED Viewed

@@ -0,0 +1,4 @@
+<p>You've been invited to create an account at your-domain.com follow this <%= link_to "link", new_registrations_url(:token => @token) %> to respond to the invitation.</p>
+<p>Best Regards,</p>
+<p>your-domain.com Team</p>

data/generators/authentasaurus_views/templates/views/authentasaurus_emailer/recovery_mail.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<p>Dear <%= @name %>,</p>
+<p>A request has been made to recover your account's password.</p>
+<p>Please visit this <%= link_to "link", recover_password_url(@token) %> and follow the instructions.</p>
+<p>Best Regards,</p>
+<p>your-domain.com Team</p>

data/generators/authentasaurus_views/templates/views/authentasaurus_emailer/validation_mail.html.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<p>Dear <%= @name %>,</p>
+<p>Please validate your account at your-domain.com by visiting this <%= link_to "link", validate_url, :code => @vcode %>.</p>
+<p>Best Regards,</p>
+<p>your-domain.com Team</p>

data/generators/authentasaurus_views/templates/views/groups/edit.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1>Editing <%= @group.name %></h1>
+<% form_for @group do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/generators/authentasaurus_views/templates/views/groups/index.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<h1>Groups</h1>
+<table width="100%">
+	<tr>
+		<th>Name</th>
+	</tr>
+	<% @groups.each do |group| %>
+		<tr>
+			<td><%= link_to group.name, group %></td>
+		</tr>
+	<% end %>
+</table>

data/generators/authentasaurus_views/templates/views/groups/new.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1>Create Group</h1>
+<% form_for @group do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/generators/authentasaurus_views/templates/views/groups/show.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1><%= @group.name %></h1>
+<h2>Permissions</h2>
+<ul>
+	<% @group.permissions.each do |permission| %>
+		<li><%= link_to permission.area.name, permission %></li>
+	<% end %>
+</ul>

data/generators/authentasaurus_views/templates/views/permissions/edit.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<h1>Editing <%= @permission.area.target %> permissions for <%= @permission.group.name %></h1>
+<% form_for @permission do |f| %>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :area_id %>
+	<%= f.collection_select(:area_id, Area.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :read %>
+	<%= f.check_box :read %>
+	<br>
+	<%= f.label :write %>
+	<%= f.check_box :write %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/generators/authentasaurus_views/templates/views/permissions/index.html.erb ADDED Viewed

@@ -0,0 +1,17 @@
+<h1>Permissions</h1>
+<table>
+	<tr>
+		<th>Group</th>
+		<th>Area</th>
+		<th>Read</th>
+		<th>Write</th>
+	</tr>
+	<% @permissions.each do |permission| %>
+		<tr>
+			<td><%= link_to permission.group.name, permission.group %></td>
+			<td><%= link_to permission.area.name, permission.area %></td>
+			<td><%= check_box_tag :read, "read", permission.read, :disabled => true %></td>
+			<td><%= check_box_tag :write, "write", permission.write, :disabled => true %></td>
+		</tr>
+	<% end %>
+</table>

data/generators/authentasaurus_views/templates/views/permissions/new.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<h1>Create Permission</h1>
+<% form_for @permission do |f| %>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :area_id %>
+	<%= f.collection_select(:area_id, Area.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :read %>
+	<%= f.check_box :read %>
+	<br>
+	<%= f.label :write %>
+	<%= f.check_box :write %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/generators/authentasaurus_views/templates/views/permissions/show.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<h1><%= @permission.area.name %> permissions for <%= @permission.group.name %></h1>
+<% if @permission.read %>
+	<h3>Members of <%= @permission.group.name %> have read permission for <%= @permission.area.name %></h3>
+<% end %>
+<% if @permission.write %>
+	<h3>Members of <%= @permission.group.name %> have write permission for <%= @permission.area.name %></h3>
+<% end %>

data/generators/authentasaurus_views/templates/views/recoveries/edit.html.erb ADDED Viewed

@@ -0,0 +1,24 @@
+<h1>Fill in your new password</h1>
+<% form_tag do_recover_password_path, :method => :delete do %>
+  <%= error_messages_for :user %>
+  <p>
+  	<%= label_tag :name %><br />
+  	<%= text_field_tag :name, @user.name, :disabled => true %>
+	</p>
+  <p>
+    <%= label_tag "user[new_password]", "Password" %><br />
+    <%= password_field_tag "user[new_password]" %>
+  </p>
+  <p>
+    <%= label_tag "user[new_password_confirmation]", "Password confirmation" %><br />
+    <%= password_field_tag "user[new_password_confirmation]" %>
+  </p>
+  <p>
+    <%= submit_tag "Set" %>
+  </p>
+<% end %>
+<%= link_to "Cancel", url_for(:back) %>

data/generators/authentasaurus_views/templates/views/recoveries/new.html.erb ADDED Viewed

@@ -0,0 +1,15 @@
+<h1>Recover your password</h1>
+<% form_tag do_forgot_password_path, :method => :post do %>
+	<%= error_messages_for :recovery %>
+  <p>
+    <%= label_tag :email %><br />
+    <%= text_field_tag :email, params[:email] %>
+  </p>
+  <p>
+    <%= submit_tag "Send Instructions" %>
+  </p>
+<% end %>
+<%= link_to "Cancel", url_for(:back) %>

data/generators/authentasaurus_views/templates/views/registrations/new.html.erb ADDED Viewed

@@ -0,0 +1,21 @@
+<h1>Enter your data</h1>
+<% form_for @user, :url => registrations_path(:token => params[:token]) do |f| %>
+	<%= f.error_messages %>
+	<br>
+	<%= f.label :username %>
+	<%= f.text_field :username, :size => 30 %>
+	<br>
+	<%= f.label :password %>
+	<%= f.password_field :password, :size => 30 %>
+	<br>
+	<%= f.label :password_confirmation %>
+	<%= f.password_field :password_confirmation, :size => 30 %>
+	<br>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.label :email %>
+	<%= f.text_field :email, :size => 30 %>
+	<br>
+	<%= f.submit "Create" %>
+<% end %>

data/generators/authentasaurus_views/templates/views/sessions/new.html.erb ADDED Viewed

@@ -0,0 +1,41 @@
+<div class="form-stroke">
+  <%= flash[:alert] if flash[:alert] %>
+  <% form_for @session do |f| %>
+    <h2>Sign in</h2>
+    <br>
+    <%= f.error_messages %>
+    <p>
+      <%= f.label :username %>
+      <%= f.text_field :username, :style => "width: 98%;" %>
+    </p>
+    <p>
+      <%= f.label :password %>
+      <%= f.password_field :password, :style => "width: 98%;" %>
+    </p>
+    <label>
+      <%= f.check_box :remember %> Remember me
+    </label>
+    <div>
+      <div style="float:left; padding-top: 9px;">
+        <% unless defined?(forgot_password_path).nil? %>
+          <p>
+            <%= link_to(t(:forgot_password_link, :scope => [:authentasaurus, :views, :sessions]), forgot_password_path) %>
+          </p>
+        <% end %>
+        <% unless defined?(resend_validation_email_path).nil? %>
+          <p>
+            <%= link_to(t(:resend_validation_email_link, :scope => [:authentasaurus, :views, :sessions]), resend_validation_email_path) %>
+          </p>
+        <% end %>
+      </div>
+      <div style="float:right;">
+        <%= submit_tag "Sign in" %>
+      </div>
+      <br style="clear: both;">
+    </div>
+  <% end %>
+</div>

data/generators/authentasaurus_views/templates/views/sessions/no_access.html.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <h1>You are not allowed to access this page.</h1>

data/generators/authentasaurus_views/templates/views/user_invitations/index.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<h1>User Invitations</h1>
+<table width="100%">
+	<tr>
+		<th>Email</th>
+	</tr>
+	<% @invitations.each do |invitation| %>
+		<tr>
+			<td><%= invitation.email %></td>
+			<td><%= link_to "Delete", invitation, :method => :delete, :confirm => "Are you sure?" %></td>
+		</tr>
+	<% end %>
+</table>
+<br>
+<%= link_to "New",  :action => :new %>

data/generators/authentasaurus_views/templates/views/user_invitations/new.html.erb ADDED Viewed

@@ -0,0 +1,9 @@
+<h1>Create new user invitation</h1>
+<% form_for @invitation do |f| %>
+	<%= f.error_messages %>
+	<br>
+	<%= f.label :email %>
+	<%= f.text_field :email, :size => 30 %>
+	<br>
+	<%= f.submit "Create" %>
+<% end %>

data/generators/authentasaurus_views/templates/views/users/edit.html.erb ADDED Viewed

@@ -0,0 +1,27 @@
+<h1>Editing <%= @user.username %></h1>
+<% form_for @user do |f| %>
+	<%= f.error_messages %>
+	<br>
+	<%= f.label :username %>
+	<%= f.text_field :username, :size => 30 %>
+	<br>
+	<%= f.label :new_password %>
+	<%= f.password_field :new_password, :size => 30 %>
+	<br>
+	<%= f.label :new_password_confirmation %>
+	<%= f.password_field :new_password_confirmation, :size => 30 %>
+	<br>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.label :email %>
+	<%= f.text_field :email, :size => 30 %>
+	<br>
+	<%= f.label :active %>
+	<%= f.check_box :active %>
+	<br>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.submit "Create" %>
+<% end %>

data/generators/authentasaurus_views/templates/views/users/index.html.erb ADDED Viewed

@@ -0,0 +1,19 @@
+<h1>Users</h1>
+<table width="100%">
+	<tr>
+		<th>Username</th>
+		<th>Name</th>
+		<th>Email</th>
+		<th>Active</th>
+		<th>Group</th>
+	</tr>
+	<% @users.each do |user| %>
+		<tr>
+			<td><%= link_to user.username, user %></td>
+			<td><%= user.name %></td>
+			<td><%= user.email %></td>
+			<td><%= check_box_tag user.id, "active", user.active, :disabled => true  %></td>
+			<td><%= link_to user.group.name, user.group %></td>
+		</tr>
+	<% end %>
+</table>

data/generators/authentasaurus_views/templates/views/users/new.html.erb ADDED Viewed

@@ -0,0 +1,27 @@
+<h1>Create new user</h1>
+<% form_for @user do |f| %>
+	<%= f.error_messages %>
+	<br>
+	<%= f.label :username %>
+	<%= f.text_field :username, :size => 30 %>
+	<br>
+	<%= f.label :password %>
+	<%= f.password_field :password, :size => 30 %>
+	<br>
+	<%= f.label :password_confirmation %>
+	<%= f.password_field :password_confirmation, :size => 30 %>
+	<br>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.label :email %>
+	<%= f.text_field :email, :size => 30 %>
+	<br>
+	<%= f.label :active %>
+	<%= f.check_box :active %>
+	<br>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.submit "Create" %>
+<% end %>

data/generators/authentasaurus_views/templates/views/users/show.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<h1><%= @user.username %></h1>
+<dl>
+	<dt>Name : </dt>
+	<dd><%= @user.name %></dd>
+	<dt>Email : </dt>
+	<dd><%= @user.email %></dd>
+	<dt>Active : </dt>
+	<dd><%= check_box_tag @user.id, "active", @user.active, :disabled => true  %></dd>
+	<dt>Group : </dt>
+	<dd><%= link_to @user.group.name, @user.group %></dd>
+</dl>

data/generators/authentasaurus_views/templates/views/validations/activate.html.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<h3><%= flash.now[:notice] %></h3>
+<% form_tag do %>
+	Validation Code :<br>
+	<p><%= text_field_tag :vcode, params[:vcode], :size => 44 %></p>
+	<p><%= submit_tag "Validate" %></p>
+<% end %>

data/generators/authentasaurus_views/templates/views/validations/resend_validation_email.html.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<h3><%= flash.now[:notice] %></h3>
+<% form_tag do_resend_validation_email_path do %>
+	Email :<br>
+	<p><%= text_field_tag :email, params[:email], :size => 44 %></p>
+	<p><%= submit_tag "Submit" %></p>
+<% end %>

data/lib/action_controller/authorization.rb ADDED Viewed

@@ -0,0 +1,215 @@
+# Defines authorization helpers for ActionController
+module ActionController::Authorization
+  def self.included(base) # :nodoc:
+    base.send :extend, ClassMethods
+    base.send :include, InstanceMethods
+  end
+  module ClassMethods
+    # <tt>require_login</tt>::
+    #   requires the user to login before accessing the actions specified
+    #
+    #   <b>ex:</b> Tells Authentasaurus that the action destroy requires login and that
+    #   Authentasaurus shouldn't store the request in the session
+    #   (typically for logout actions)
+    #
+    #   * :skip_request - skips saving the original request (to redirect to after login)
+    #   * :user_model - if defined, authentasaurus will use that model instead of the default "User"
+    #   * :if - specifies a method, proc or string to call to determine if the authorization should occur
+    #   * :unless - specifies a method, proc or string to call to determine if the authorization should not occur
+    #
+    #     require_login :destroy, :skip_request => true
+    def require_login (*attrs)
+      options = attrs.extract_options!.symbolize_keys
+      attrs = attrs.flatten
+  		unless attrs.empty?
+  		  before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
+  		    controller.instance_eval {check_logged_in !options[:skip_request].nil?, options[:user_model]}
+		    end
+  		else
+  			before_filter :if => options[:if], :unless => options[:unless] do |c|
+  			  c.instance_eval {check_logged_in !options[:skip_request].nil?, options[:user_model]}
+			  end
+  		end
+    end
+    # <tt>require_write</tt>::
+    #   requires the user to have a write permission to that area to access the actions specified
+    #
+    #   <b>ex:</b> Tells Authentasaurus that the actions create_user and delete_user
+    #   requires login and write permission.
+    #
+    #   * :skip_request - skips saving the original request (to redirect to after login)
+    #   * :user_model - if defined, authentasaurus will use that model instead of the default "User"
+    #   * :if - specifies a method, proc or string to call to determine if the authorization should occur
+    #   * :unless - specifies a method, proc or string to call to determine if the authorization should not occur
+    #
+    #     require_write :create_user, :delete_user
+    def require_write(*attrs)
+      options = attrs.extract_options!.symbolize_keys
+      attrs = attrs.flatten
+  		unless attrs.empty?
+  			before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
+  			  controller.instance_eval { check_write_permissions !options[:skip_request].nil?, options[:user_model] }
+			  end
+  		else
+  			before_filter :if => options[:if], :unless => options[:unless] do |c|
+  			  c.instance_eval {check_write_permissions !options[:skip_request].nil?, options[:user_model]}
+			  end
+  		end
+    end
+    # <tt>require_read</tt>::
+    #   requires the user to have a read permission to that area to access the actions specified
+    #
+    #   <b>ex:</b> Tells Authentasaurus that the action show_user requires login and read
+    #   permission.
+    #
+    #   * :skip_request - skips saving the original request (to redirect to after login)
+    #   * :user_model - if defined, authentasaurus will use that model instead of the default "User"
+    #   * :if - specifies a method, proc or string to call to determine if the authorization should occur
+    #   * :unless - specifies a method, proc or string to call to determine if the authorization should not occur
+    #
+    #     require_read :show_user
+    def require_read(*attrs)
+      options = attrs.extract_options!.symbolize_keys
+      attrs = attrs.flatten
+  		unless attrs.empty?
+  			before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
+  			  controller.instance_eval { check_read_permissions !options[:skip_request].nil?, options[:user_model] }
+			  end
+  		else
+  			before_filter :if => options[:if], :unless => options[:unless] do |c|
+  			  c.instance_eval { check_read_permissions !options[:skip_request].nil?, options[:user_model] }
+			  end
+  		end
+    end
+  end
+  module InstanceMethods
+    private
+    # Returns an object of the current user
+    def current_user(user_model = nil)
+      user_model = User if user_model.nil?
+      return user_model.find session[:user_id] if session[:user_id]
+    end
+    # Checks if the current user is logged in and redirects to the login path if the user is not logged in.
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def check_logged_in(skip_request = false, user_model = nil)
+      unless is_logged_in?(user_model)
+        login_required skip_request
+      end
+    end
+    # Checks if the current user is logged in and has write permission over the current controller, redirects to no access
+    # page if the user hasn't the permissions and redirects to the login path if the user is not logged in
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def check_write_permissions(skip_request = false, user_model = nil)
+      if is_logged_in?(user_model)
+        user_permissions = session[:user_permissions]
+        check = user_permissions[:write].find { |perm| perm==self.controller_name || perm=="all" }
+        unless check
+          redirect_to no_access_sessions_path
+        end
+      else
+        login_required skip_request
+      end
+    end
+    # Checks if the current user is logged in and has read permission over the current controller, redirects to no access
+    # page if the user hasn't the permissions and redirects to the login path if the user is not logged in
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def check_read_permissions(skip_request = false, user_model = nil)
+      if is_logged_in?(user_model)
+        user_permissions = session[:user_permissions]
+        check = user_permissions[:read].find { |perm| perm==self.controller_name || perm=="all" }
+        unless check
+          redirect_to no_access_sessions_path
+        end
+      else
+        login_required skip_request
+      end
+    end
+    # Checks if the current user is logged in but takes no further action
+    def is_logged_in?(user_model)
+      user_model = User if user_model.nil?
+      unless user_model.find_by_id(session[:user_id])
+        return cookie_login?(user_model)
+      end
+			return true
+    end
+    # Logs in the user through a remember me cookie
+    def cookie_login?(user_model)
+      user_model = User if user_model.nil?
+      if cookies[:remember_me_token]
+        user = user_model.find_by_remember_me_token cookies[:remember_me_token]
+        if user.nil?
+          cookies.delete :remember_me_token
+          return false
+        else
+          session[:user_id] = user.id
+          session[:user_permissions] = {:read => user.permissions.collect{|per| per.area.name if per.read}, :write => user.permissions.collect{|per| per.area.name if per.write}}
+          return true
+        end
+      else
+        return false
+      end
+    end
+    # Redirects the user to the login page
+    #
+    # If skip_request is set to true, the user won't be redirected to the original url after he/she logs in.
+    def login_required(skip_request)
+      unless(skip_request)
+        session[:original_url]=request.url
+      end
+      flash[:notice] = t(:login_required, :scope => [:authentasaurus, :action_controller, :errors, :messages])
+      redirect_to new_session_path
+    end
+    # Checks if the current user has the appropriate permission
+    #
+    # *ex*: has?(:write) or has?(:read, :users)
+    def has?(permission, area = nil)
+      return false unless is_logged_in?
+      check = false
+      case permission
+      when :write
+        unless area
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:write].find { |perm| perm==self.controller_name || perm=="all" }
+        else
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:write].find { |perm| perm==area.to_s || perm=="all" }
+        end
+      when :read
+        unless area
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:read].find { |perm| perm==self.controller_name || perm=="all" }
+        else
+          user_permissions = session[:user_permissions]
+          check = user_permissions[:read].find { |perm| perm==area.to_s || perm=="all" }
+        end
+      end
+      return check
+    end
+    def controller_instance
+      self
+    end
+  end
+end