authentasaurus 0.4.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Mash Ltd.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,173 @@
+== Authentasaurus
+
+Authentasaurus is a dynamic group/permission based authentication and authorization engine plugin, its simple to use and easy
+to setup.
+
+Most helpers are inspired by Devise.
+
+== Installation
+
+To start using Authentasaurus follow these simple steps :
+
+1. install authentasaurus gem by running the following command
+    gem install authentasaurus
+2. add authentasaurus to your application environment; in config/environment.rb
+    config.gem "authentasaurus"
+3. generate authentasaurus configuration and tasks in your application
+    script/generate authentasaurus
+4. setup your migrations using the migration helpers
+    in the migration up method just use
+      authentasaurus_tables
+    in the migration down method
+      authentasaurus_drop_tables
+5. migrate your database and setup your default data
+    rake authentasaurus:setup_defaults
+6. add your routes
+    map.authentasaurus_routes :authorizable, :validatable, :invitable
+
+that's the most basic and quick setup, you can now test your application by running script/server in your
+project root directory and going to http://localhost:3000/sessions/sign-in
+
+Authentasaurus is modular, you can install modules as you need them (the previous setup contains all modules), refer to the documentation for more
+information.
+
+== Under the hood
+
+Authentasaurus takes advantage of rails' before_filter; it checks for the appropriate permissions before 
+every action that requires a login, a write or read permission.
+
+At login, authentasaurus would load the user's group permissions into a session hash and then attempts to read that hash
+when it meets a require helper on a controller.
+
+=== Authentasaurus uses the following terms:
+
+<tt>Area</tt>:: 
+  An area is in plain english the controller's name, so if you have a controller named "PostsController", the corresponding
+  area name would be "posts" (just as you type it in the generator command)
+
+<tt>Group</tt>::
+  A group is as the name suggests, each group contains a number of users, and each user inherits the group permissions,
+  also note that at any given time, the user can only belong to one group
+
+<tt>Permission</tt>::
+  A permission is one of two, either read or write, but take care, read or write is only a naming, and though it doesn't make
+  sense, you could treat a read permission as a write permission and vice versa, but as i said it makes no sense !
+
+== Generators
+
+There are two generators in Authentasaurus, the default generator
+  authentasaurus
+and the views generator
+  authentasaurus_views
+
+The default generator generates configurations and tasks needed by Authentasaurus, while the views generator
+generates the views used by Authentasaurus in your application, this is useful for customizing authentasaurus and is totally
+optional.
+
+Authentasaurus views generator takes the name of the user controller, by default it's users
+  script/generate authentasaurus_views users
+
+You can also use namespaces:
+  script/generate authentasaurus_views admin/users
+  
+Also you can use some options with the Authentasaurus views generator to add the modules you need:
+
+<tt>--authorizable</tt>::
+  generates the views necessary for authorization (groups, areas and permissions)
+
+<tt>--invitable</tt>::
+  generates the views necessary for invitable users
+  
+<tt>--validatable</tt>::
+  generates the views necessary for validatable users
+  
+You can use a combination of those options like the following example:
+  script/generate authentasaurus_views users --authorizable --invitable --validatable
+
+== Controller Authorization Helpers
+
+There are four main authorization helpers in Authentasaurus for use on controllers:
+
+<tt>require_login</tt>::
+  requires the user to login before accessing the actions specified
+
+  <b>ex:</b> Tells Authentasaurus that the action destroy requires login and that
+  Authentasaurus shouldn't store the request in the session
+  (typically for logout actions)
+
+  * :skip_request - skips saving the original request (to redirect to after login)
+  * :user_model - if defined, authentasaurus will use that model instead of the default "User"
+  * :if - specifies a method, proc or string to call to determine if the authorization should occur
+  * :unless - specifies a method, proc or string to call to determine if the authorization should not occur
+
+    require_login :destroy, :skip_request => true
+
+<tt>require_write</tt>::
+  requires the user to have a write permission to that area to access the actions specified
+    
+  <b>ex:</b> Tells Authentasaurus that the actions create_user and delete_user
+  requires login and write permission.
+  
+  * :skip_request - skips saving the original request (to redirect to after login)
+  * :user_model - if defined, authentasaurus will use that model instead of the default "User"
+  * :if - specifies a method, proc or string to call to determine if the authorization should occur
+  * :unless - specifies a method, proc or string to call to determine if the authorization should not occur
+
+    require_write :create_user, :delete_user
+
+<tt>require_read</tt>::
+  requires the user to have a read permission to that area to access the actions specified
+    
+  <b>ex:</b> Tells Authentasaurus that the action show_user requires login and read
+  permission. 
+  
+  * :skip_request - skips saving the original request (to redirect to after login)
+  * :user_model - if defined, authentasaurus will use that model instead of the default "User"
+  * :if - specifies a method, proc or string to call to determine if the authorization should occur
+  * :unless - specifies a method, proc or string to call to determine if the authorization should not occur
+
+    require_read :show_user, :if api_key.nil?
+
+You can use any of those class methods on you controllers to restrict access levels like so:
+  class PostsController < ApplicationController
+    require_login :index
+    require_read :show
+    require_write :new, :create, :edit, :update, :destroy
+    
+    def index
+      # your code here
+    end
+    
+    def show
+      # your code here
+    end
+    
+    def new
+      # your code here
+    end
+    
+    def create
+      # your code here
+    end
+    
+    def edit
+      # your code here
+    end
+    
+    def update
+      # your code here
+    end
+    
+    def destroy
+      # your code here
+    end
+  end
+
+In addition there is also the has? helper which is available in both Controllers and Views
+
+<tt>has?(permission, area=nil)</tt>::
+    Checks if the current user has the appropriate permissions for the area specified
+    
+    <b>ex</b>: has?(:write) or has?(:read, :users)
+
+Copyright (c) 2010 Mash, Ltd., released under the MIT license

data/TODO

@@ -0,0 +1,4 @@
+* Update views to use the new flash convention
+  * flash[:notice] for information messages
+  * flash[:alert] for error messages
+* Localize views

data/app/controllers/areas_controller.rb

@@ -0,0 +1,4 @@
+class AreasController < Authentasaurus::AreasController
+	require_read :index, :show
+	require_write :new, :create, :edit, :update, :destroy
+end

data/app/controllers/groups_controller.rb

@@ -0,0 +1,4 @@
+class GroupsController < Authentasaurus::GroupsController
+	require_read :index, :show
+	require_write :new, :create, :edit, :update, :destroy
+end

data/app/controllers/permissions_controller.rb

@@ -0,0 +1,4 @@
+class PermissionsController < Authentasaurus::PermissionsController
+  require_read :index, :show
+	require_write :new, :create, :edit, :update, :destroy
+end

data/app/controllers/recoveries_controller.rb

@@ -0,0 +1,2 @@
+class RecoveriesController < Authentasaurus::RecoveriesController
+end

data/app/controllers/registrations_controller.rb

@@ -0,0 +1,2 @@
+class RegistrationsController < Authentasaurus::RegistrationsController
+end

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,2 @@
+class SessionsController < Authentasaurus::SessionsController
+end

data/app/controllers/user_invitations_controller.rb

@@ -0,0 +1,4 @@
+class UserInvitationsController < Authentasaurus::UserInvitationsController
+  require_read :index
+  require_write :new, :create, :destroy
+end

data/app/controllers/users_controller.rb

@@ -0,0 +1,4 @@
+class UsersController < Authentasaurus::UsersController
+  require_read :index, :show
+	require_write :new, :create, :edit, :update, :destroy
+end

data/app/controllers/validations_controller.rb

@@ -0,0 +1,2 @@
+class ValidationsController < Authentasaurus::ValidationsController
+end

data/app/models/area.rb

@@ -0,0 +1,2 @@
+class Area < Authentasaurus::Models::Area
+end

data/app/models/authentasaurus_emailer.rb

@@ -0,0 +1,2 @@
+class AuthentasaurusEmailer < Authentasaurus::Models::AuthentasaurusEmailer
+end

data/app/models/group.rb

@@ -0,0 +1,2 @@
+class Group < Authentasaurus::Models::Group
+end

data/app/models/permission.rb

@@ -0,0 +1,2 @@
+class Permission < Authentasaurus::Models::Permission
+end

data/app/models/recovery.rb

@@ -0,0 +1,2 @@
+class Recovery < Authentasaurus::Models::Recovery
+end

data/app/models/session.rb

@@ -0,0 +1,2 @@
+class Session < Authentasaurus::Models::Session
+end

data/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  authenticatable :strong_password, :validatable
+end

data/app/models/user_invitation.rb

@@ -0,0 +1,2 @@
+class UserInvitation < Authentasaurus::Models::UserInvitation
+end

data/app/models/user_sync.rb

@@ -0,0 +1,3 @@
+class UserSync < ActiveResource::Base
+  authenticatable
+end

data/app/models/validation.rb

@@ -0,0 +1,2 @@
+class Validation < Authentasaurus::Models::Validation
+end

data/app/views/areas/edit.html.erb

@@ -0,0 +1,7 @@
+<h1>Editing <%= @area.name %></h1>
+<% form_for @area do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/app/views/areas/index.html.erb

@@ -0,0 +1,11 @@
+<h1>Areas</h1>
+<table>
+	<tr>
+		<th>Target</th>
+	</tr>
+	<% @areas.each do |area| %>
+		<tr>
+			<td><%= link_to area.name, area %></td>
+		</tr>
+	<% end %>
+</table>

data/app/views/areas/new.html.erb

@@ -0,0 +1,7 @@
+<h1>Create Area</h1>
+<% form_for @area do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/app/views/areas/show.html.erb

@@ -0,0 +1,7 @@
+<h1><%= @area.name %></h1>
+<h3>Groups that have permission on this area</h3>
+<ul>
+	<% @area.groups.each do |group| %>
+		<li><%= link_to group.name, group %></li>
+	<% end %>
+</ul>

data/app/views/authentasaurus_emailer/invitation_mail.html.erb

@@ -0,0 +1,4 @@
+<p>You've been invited to create an account at your-domain.com follow this <%= link_to "link", new_registrations_url(:token => @token) %> to respond to the invitation.</p>
+
+<p>Best Regards,</p>
+<p>your-domain.com Team</p>

data/app/views/authentasaurus_emailer/recovery_mail.html.erb

@@ -0,0 +1,7 @@
+<p>Dear <%= @name %>,</p>
+
+<p>A request has been made to recover your account's password.</p>
+<p>Please visit this <%= link_to "link", recover_password_url(@token) %> and follow the instructions.</p>
+
+<p>Best Regards,</p>
+<p>your-domain.com Team</p>

data/app/views/authentasaurus_emailer/validation_mail.html.erb

@@ -0,0 +1,6 @@
+<p>Dear <%= @name %>,</p>
+
+<p>Please validate your account at your-domain.com by visiting this <%= link_to "link", validate_url, :code => @vcode %>.</p>
+
+<p>Best Regards,</p>
+<p>your-domain.com Team</p>

data/app/views/groups/edit.html.erb

@@ -0,0 +1,7 @@
+<h1>Editing <%= @group.name %></h1>
+<% form_for @group do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/app/views/groups/index.html.erb

@@ -0,0 +1,11 @@
+<h1>Groups</h1>
+<table width="100%">
+	<tr>
+		<th>Name</th>
+	</tr>
+	<% @groups.each do |group| %>
+		<tr>
+			<td><%= link_to group.name, group %></td>
+		</tr>
+	<% end %>
+</table>

data/app/views/groups/new.html.erb

@@ -0,0 +1,7 @@
+<h1>Create Group</h1>
+<% form_for @group do |f| %>
+	<%= f.label :name %>
+	<%= f.text_field :name, :size => 30 %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/app/views/groups/show.html.erb

@@ -0,0 +1,7 @@
+<h1><%= @group.name %></h1>
+<h2>Permissions</h2>
+<ul>
+	<% @group.permissions.each do |permission| %>
+		<li><%= link_to permission.area.name, permission %></li>
+	<% end %>
+</ul>

data/app/views/permissions/edit.html.erb

@@ -0,0 +1,19 @@
+<h1>Editing <%= @permission.area.target %> permissions for <%= @permission.group.name %></h1>
+<% form_for @permission do |f| %>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :area_id %>
+	<%= f.collection_select(:area_id, Area.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :read %>
+	<%= f.check_box :read %>
+	<br>
+	<%= f.label :write %>
+	<%= f.check_box :write %>
+	<br>
+	<%= f.submit %>
+<% end %>

data/app/views/permissions/index.html.erb

@@ -0,0 +1,17 @@
+<h1>Permissions</h1>
+<table>
+	<tr>
+		<th>Group</th>
+		<th>Area</th>
+		<th>Read</th>
+		<th>Write</th>
+	</tr>
+	<% @permissions.each do |permission| %>
+		<tr>
+			<td><%= link_to permission.group.name, permission.group %></td>
+			<td><%= link_to permission.area.name, permission.area %></td>
+			<td><%= check_box_tag :read, "read", permission.read, :disabled => true %></td>
+			<td><%= check_box_tag :write, "write", permission.write, :disabled => true %></td>
+		</tr>
+	<% end %>
+</table>

data/app/views/permissions/new.html.erb

@@ -0,0 +1,19 @@
+<h1>Create Permission</h1>
+<% form_for @permission do |f| %>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :area_id %>
+	<%= f.collection_select(:area_id, Area.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :group_id %>
+	<%= f.collection_select(:group_id, Group.find(:all), :id, :name, {:prompt => true}) %>
+	<br>
+	<%= f.label :read %>
+	<%= f.check_box :read %>
+	<br>
+	<%= f.label :write %>
+	<%= f.check_box :write %>
+	<br>
+	<%= f.submit %>
+<% end %>