blaxter-lockdown 0.9.8.99
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +195 -0
- data/README.txt +36 -0
- data/Rakefile +41 -0
- data/lib/lockdown.rb +70 -0
- data/lib/lockdown/context.rb +41 -0
- data/lib/lockdown/database.rb +105 -0
- data/lib/lockdown/frameworks/rails.rb +154 -0
- data/lib/lockdown/frameworks/rails/controller.rb +154 -0
- data/lib/lockdown/frameworks/rails/view.rb +50 -0
- data/lib/lockdown/helper.rb +95 -0
- data/lib/lockdown/orms/active_record.rb +68 -0
- data/lib/lockdown/permission.rb +204 -0
- data/lib/lockdown/rules.rb +321 -0
- data/lib/lockdown/session.rb +57 -0
- data/lib/lockdown/system.rb +60 -0
- data/rails_generators/lockdown/lockdown_generator.rb +273 -0
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
- data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
- data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
- data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
- data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
- data/spec/lockdown/database_spec.rb +158 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
- data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
- data/spec/lockdown/frameworks/rails_spec.rb +175 -0
- data/spec/lockdown/permission_spec.rb +156 -0
- data/spec/lockdown/rules_spec.rb +109 -0
- data/spec/lockdown/session_spec.rb +89 -0
- data/spec/lockdown/system_spec.rb +59 -0
- data/spec/lockdown_spec.rb +19 -0
- data/spec/rcov.opts +5 -0
- data/spec/spec.opts +3 -0
- data/spec/spec_helper.rb +1 -0
- metadata +122 -0
data/History.txt
ADDED
@@ -0,0 +1,195 @@
|
|
1
|
+
== 0.7.1 2009-01-xx
|
2
|
+
* Update init.rb with documentation on how to use admin namespaces
|
3
|
+
|
4
|
+
== 0.7.0 2009-01-xx
|
5
|
+
* Removed lockdown as an executable. Will always go through the generator used by the framework.
|
6
|
+
* Removed references to classy inheritance. Directly coded some of classy inheritance's functionality into User model.
|
7
|
+
|
8
|
+
== 0.6.3 2008-12-02
|
9
|
+
* Fixed: Database sync was failing. Cause of refactor. Apologies
|
10
|
+
|
11
|
+
== 0.6.2 2008-12-01
|
12
|
+
* Fixed: Made call to action_methods instead of calculating controller actions
|
13
|
+
|
14
|
+
== 0.6.1 2008-11-21
|
15
|
+
* Fixed: Named routes were not being honored in link_to
|
16
|
+
|
17
|
+
== 0.6.0 2008-11-15
|
18
|
+
* Big refactor of internals
|
19
|
+
|
20
|
+
== 0.5.22 2008-09-14
|
21
|
+
* Update: Add test for future deprecation: Dependencies to be ActiveSupport::Dependencies
|
22
|
+
|
23
|
+
== 0.5.21 2008-09-12
|
24
|
+
* Updated lockdown to abide by config.active_record.timestamped_migrations introduced in Rails 2.1.1
|
25
|
+
* Fixed: schlick fixed an issue with the user_groups edit.html.erb. thanks Michael!
|
26
|
+
|
27
|
+
== 0.5.20 2008-08-04
|
28
|
+
* Fixed authorized? method to avoid ActionController::Routing::Routes.recognize_path invalid return values
|
29
|
+
* Added option[:session_timeout_method]. This method will be called when the session times out.
|
30
|
+
|
31
|
+
== 0.5.19 2008-08-01
|
32
|
+
* Modified the lockdown system to account for permissions added/removed from user groups in init.rb. This will NOT manage user groups defined via the admin screens.
|
33
|
+
== 0.5.18 2008-07-23
|
34
|
+
* Changed the generator options to simplify things. The default now is to generate all templates.
|
35
|
+
== 0.5.17 2008-07-21
|
36
|
+
* Updated included classy inheritance library 0.6.1.
|
37
|
+
== 0.5.16 2008-07-18
|
38
|
+
* Updated included classy inheritance library.
|
39
|
+
== 0.5.14 2008-07-18
|
40
|
+
* Change: option no_migration to skip-migrations to mimick other generator options
|
41
|
+
* Fixed: errant creation of sessions directory in app/controllers
|
42
|
+
|
43
|
+
== 0.5.13 2008-07-10
|
44
|
+
* Add: Support for --namespace option on generator. Use as ./script generate lockdown --all --namespace=admin
|
45
|
+
|
46
|
+
== 0.5.12 2008-07-02
|
47
|
+
* Fix: Added production environment conditional to Dependencies.clear.
|
48
|
+
|
49
|
+
== 0.5.11 2008-06-25
|
50
|
+
* Update: Classy Inheritance to current version 0.4.4
|
51
|
+
|
52
|
+
== 0.5.10 2008-06-24
|
53
|
+
* Modified: Classy Inheritance is now bundled with Lockdown to simplify the user management screens.
|
54
|
+
* Fixed: Templates: Use m.template with views to test for rails version for action_name issue
|
55
|
+
* Added: Templates: Missing javascript for do_highlight
|
56
|
+
* Fixed: Templates: Usage of ul for permissions and user groups.
|
57
|
+
* Clean: Templates: Removed unnecessary :locals => {:f => f} attribute in _form partials
|
58
|
+
* Clean: Templates: Changed text_field_tag to text_field.
|
59
|
+
|
60
|
+
== 0.5.9 2008-06-19
|
61
|
+
* Fixed: Added url.strip! to account for spaces. URI::split(url) was bombing if url contained spaces.
|
62
|
+
|
63
|
+
== 0.5.8 2008-06-17
|
64
|
+
* Fixed: External links are no longer restricted by link_to security.
|
65
|
+
* Modified: Name of migration that adds admin user.
|
66
|
+
|
67
|
+
== 0.5.7 2008-06-13
|
68
|
+
* Fixed: Change password template, removed ajax usage. Issue: http://stonean.com/issues/show/5
|
69
|
+
|
70
|
+
== 0.5.6 2008-06-05
|
71
|
+
* Fixed: Misspelling of respond_to?, for some reason I keep thinking responds_to?
|
72
|
+
|
73
|
+
== 0.5.5 2008-06-05
|
74
|
+
* Fixed: Changed request comparison code. Requests that were supposed to be passing were failing.
|
75
|
+
|
76
|
+
== 0.5.4 2008-06-05
|
77
|
+
* Fixed: Issue with helpers in Rails 2.1, @action_name is no longer accessible, must call action_name method.
|
78
|
+
* Fixed: Issue with users controller, show method not having user_groups_for_user instance variable
|
79
|
+
* Modified: The end of the lockdown executable now references stonean.com instead of rubyforge site.
|
80
|
+
|
81
|
+
== 0.5.3 2008-06-01
|
82
|
+
* Fixed: Issue with new timestamped based migrations in rails 2.1. Migration templates created were all done within the same second, therefore having the same timestamp, added a sleep call to the next_migration_string to get around the issue.
|
83
|
+
|
84
|
+
* Fixed: User Groups management template had a bug on the show screen. Was not getting @all_permissions instance variable set.
|
85
|
+
|
86
|
+
== 0.5.2 2008-05-26
|
87
|
+
* Fixed: make call to Dependencies.clear after inspecting controllers. Using Dependencies.require_or_load is not sufficient it seems.
|
88
|
+
|
89
|
+
== 0.5.1 2008-05-25
|
90
|
+
* Fixed: bug with namespaced access having identical standard access. e.g. /users and /admin/users
|
91
|
+
|
92
|
+
== 0.5.0 2008-05-22
|
93
|
+
* Added: new generator options for more control over templates
|
94
|
+
* Fixed: sessions_controller successful_login didn't honor Lockdown::System options setting for :successful_login_path
|
95
|
+
* Modified: System had [] method which could cause issues in future releases. Use Lockdown::System.fetch(:option) to retrieve options
|
96
|
+
|
97
|
+
== 0.4.6 2008-05-08
|
98
|
+
* Fixed: link_to destroy/show conditionals were in wrong order and therefore not working.
|
99
|
+
|
100
|
+
== 0.4.5 2008-05-08
|
101
|
+
* Rubyforge having an issue with the gem, I'm getting 404 errors trying to install 0.4.4 so I'm deploying a new version. no code changes.
|
102
|
+
|
103
|
+
== 0.4.4 2008-05-08
|
104
|
+
* Modified: refactored the link_to_secured and authorized? code to be more efficient
|
105
|
+
|
106
|
+
== 0.4.3 2008-05-08
|
107
|
+
* Fixed: broken show (and destroy) permission test. also reduced calls to polymorphic path by generating the url once
|
108
|
+
|
109
|
+
== 0.4.2 2008-05-08
|
110
|
+
* Fixed: broken link_to functionality.
|
111
|
+
|
112
|
+
== 0.4.1 2008-05-06
|
113
|
+
* Just some minor tabs-to-spaces formatting and removed unnecessary helper included into the user model.
|
114
|
+
|
115
|
+
== 0.4.0 2008-05-04
|
116
|
+
* Added: Automatically sync definitions in init.rb with database to remove migrations requirement
|
117
|
+
* Added: Improved notification if invalid user group or permission is referenced in init.rb
|
118
|
+
* Added: Check in user_groups controller to prevent url hack and modify/destroy user group defined in init.rb
|
119
|
+
* Modified: Renamed access_rights_for_perm to access_rights_for_permission for consistency sake. Change then method call in permissions_helper if you have this installed
|
120
|
+
|
121
|
+
== 0.3.15 2008-05-03
|
122
|
+
* Fixed: The controller inspection code was short-circuiting the Dependencies reload mechanism while in development mode.
|
123
|
+
|
124
|
+
== 0.3.14 2008-05-02
|
125
|
+
* Fixed: Session keys to use symbols. Wasn't correctly expiring the session.
|
126
|
+
|
127
|
+
== 0.3.13 2008-05-02
|
128
|
+
* Fixed: The users and user_groups controller templates needed user_groups_for_users and all_permissions (respectively) instance variables set if validation failed on update.
|
129
|
+
|
130
|
+
== 0.3.12 2008-05-02
|
131
|
+
* Fixed: The timestamps were being set on created_by and updated_by.
|
132
|
+
* Changed: The init.rb and lockdown_all interaction to better define where configurations should be placed.
|
133
|
+
|
134
|
+
== 0.3.11 2008-05-01
|
135
|
+
* Modified: Lockdown::System controller inspect to use "load" instead of "require".
|
136
|
+
|
137
|
+
== 0.3.10 2008-05-01
|
138
|
+
* Fixed: users_controller management of user_groups was using outdated methods. this applies only to the stubs produced with the generator
|
139
|
+
|
140
|
+
== 0.3.9 2008-05-01
|
141
|
+
* Modify: changed controller_classes from array to hash to speed up access
|
142
|
+
|
143
|
+
== 0.3.8 2008-05-01
|
144
|
+
* Fixed: corrected class loader to ensure ObjectSpace is used only once
|
145
|
+
|
146
|
+
== 0.3.7 2008-05-01
|
147
|
+
* Fixed: access rights list for permissions. maded modifications to permissions helper as well.
|
148
|
+
|
149
|
+
== 0.3.6 2008-04-30
|
150
|
+
* Fixed: The block in init.rb does not take a parameter. This has been removed from the template.
|
151
|
+
|
152
|
+
== 0.3.5 2008-04-30
|
153
|
+
* Added: Basic configuations to config/lockdown/init.rb when using the generator
|
154
|
+
|
155
|
+
== 0.3.4 2008-04-30
|
156
|
+
* Fixed: Addition of require 'lockdown/init' to config file
|
157
|
+
|
158
|
+
== 0.3.3 2008-04-30
|
159
|
+
* Spoke too soon. Omitted user_group controller change.
|
160
|
+
|
161
|
+
== 0.3.2 2008-04-30
|
162
|
+
* Management screens looking good. Now moving on to testing with starter application.
|
163
|
+
|
164
|
+
== 0.3.1 2008-04-29
|
165
|
+
* Some initital testing done.
|
166
|
+
|
167
|
+
== 0.3.0 2008-04-29
|
168
|
+
* Big change in how the system is installed and configured in the project.
|
169
|
+
Introduced lib/lockdown/init.rb.
|
170
|
+
Removed lib/lockdown/access.rb.
|
171
|
+
Now use more of a Rails-ish initializer functionality. This adds flexibility
|
172
|
+
and places the core code back in the gem, that's what I was after.
|
173
|
+
|
174
|
+
== 0.2.0 2008-04-25
|
175
|
+
* First full implementation of generate script "lockdown_all". Warranted a bump up of the minor version.
|
176
|
+
|
177
|
+
== 0.1.4 2008-04-25
|
178
|
+
* Uncommented line in config/hoe.rb to hopefully resolved rubigen dependency issue.
|
179
|
+
|
180
|
+
== 0.1.3 2008-04-25
|
181
|
+
* Still Don't have correct dependencies. Added in first crack at lockdown_all generator.
|
182
|
+
|
183
|
+
== 0.1.2 2008-04-25
|
184
|
+
* Didn't have correct dependencies.
|
185
|
+
|
186
|
+
== 0.1.1 2008-04-24
|
187
|
+
* Fixed bug with session cleanup.
|
188
|
+
|
189
|
+
== 0.1.0 2008-04-18
|
190
|
+
* Nearing public release status.
|
191
|
+
* In bug testing mode now.
|
192
|
+
|
193
|
+
== 0.0.1 2008-04-18
|
194
|
+
|
195
|
+
* initial add of gem
|
data/README.txt
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
lockdown
|
2
|
+
by Andrew Stone
|
3
|
+
http://stonean.com
|
4
|
+
|
5
|
+
== DESCRIPTION:
|
6
|
+
|
7
|
+
Lockdown is an authorization system for RubyOnRails (ver >= 2.1).
|
8
|
+
|
9
|
+
== INSTALL:
|
10
|
+
|
11
|
+
sudo gem install lockdown
|
12
|
+
|
13
|
+
== LICENSE:
|
14
|
+
|
15
|
+
(The MIT License)
|
16
|
+
|
17
|
+
Copyright (c) 2009 Andrew Stone
|
18
|
+
|
19
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
20
|
+
a copy of this software and associated documentation files (the
|
21
|
+
'Software'), to deal in the Software without restriction, including
|
22
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
23
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
24
|
+
permit persons to whom the Software is furnished to do so, subject to
|
25
|
+
the following conditions:
|
26
|
+
|
27
|
+
The above copyright notice and this permission notice shall be
|
28
|
+
included in all copies or substantial portions of the Software.
|
29
|
+
|
30
|
+
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
31
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
32
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
33
|
+
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
34
|
+
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
35
|
+
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
36
|
+
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
# Look in the tasks/setup.rb file for the various options that can be
|
2
|
+
# configured in this Rakefile. The .rake files in the tasks directory
|
3
|
+
# are where the options are used.
|
4
|
+
|
5
|
+
begin
|
6
|
+
require 'bones'
|
7
|
+
Bones.setup
|
8
|
+
rescue LoadError
|
9
|
+
load 'tasks/setup.rb'
|
10
|
+
end
|
11
|
+
|
12
|
+
ensure_in_path 'lib'
|
13
|
+
require 'lockdown'
|
14
|
+
|
15
|
+
task :default => 'rcov'
|
16
|
+
|
17
|
+
desc "Flog your code for Justice!"
|
18
|
+
task :flog do
|
19
|
+
sh('flog lib/**/*.rb')
|
20
|
+
end
|
21
|
+
|
22
|
+
desc "Run all specs and rcov in a non-sucky way"
|
23
|
+
Spec::Rake::SpecTask.new(:rcov) do |t|
|
24
|
+
t.spec_opts = IO.readlines("spec/spec.opts").map {|l| l.chomp.split " "}.flatten
|
25
|
+
t.spec_files = FileList['spec/**/*_spec.rb']
|
26
|
+
t.rcov = true
|
27
|
+
t.rcov_opts = IO.readlines("spec/rcov.opts").map {|l| l.chomp.split " "}.flatten
|
28
|
+
end
|
29
|
+
|
30
|
+
PROJ.name = 'lockdown'
|
31
|
+
PROJ.authors = 'Andrew Stone'
|
32
|
+
PROJ.email = 'andy@stonean.com'
|
33
|
+
PROJ.url = 'http://stonean.com/wiki/lockdown'
|
34
|
+
PROJ.version = Lockdown::VERSION
|
35
|
+
PROJ.rubyforge.name = 'lockdown'
|
36
|
+
|
37
|
+
PROJ.spec.opts << '--color'
|
38
|
+
PROJ.exclude << ".swp"
|
39
|
+
PROJ.exclude << ".gitignore"
|
40
|
+
|
41
|
+
# EOF
|
data/lib/lockdown.rb
ADDED
@@ -0,0 +1,70 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "lockdown", "helper")
|
2
|
+
|
3
|
+
module Lockdown
|
4
|
+
extend Lockdown::Helper
|
5
|
+
|
6
|
+
VERSION = '0.9.8.99'
|
7
|
+
|
8
|
+
# Returns the version string for the library.
|
9
|
+
def self.version
|
10
|
+
VERSION
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.major_version
|
14
|
+
version.split('.')[0].to_i
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.minor_version
|
18
|
+
version.split('.')[1].to_i
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.patch_version
|
22
|
+
version.split('.')[2].to_i
|
23
|
+
end
|
24
|
+
|
25
|
+
# Mixin Lockdown code to the appropriate framework and ORM
|
26
|
+
def self.mixin
|
27
|
+
if mixin_resource?("frameworks")
|
28
|
+
unless mixin_resource?("orms")
|
29
|
+
raise NotImplementedError, "ORM unknown to Lockdown!"
|
30
|
+
end
|
31
|
+
|
32
|
+
begin
|
33
|
+
puts "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
|
34
|
+
require Lockdown.init_file
|
35
|
+
rescue
|
36
|
+
puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
|
37
|
+
end
|
38
|
+
else
|
39
|
+
puts "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
|
40
|
+
end
|
41
|
+
end # mixin
|
42
|
+
|
43
|
+
private
|
44
|
+
|
45
|
+
def self.mixin_resource?(str)
|
46
|
+
wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' )
|
47
|
+
Dir[wildcard_path].each do |f|
|
48
|
+
require f
|
49
|
+
module_name = File.basename(f).split(".")[0]
|
50
|
+
module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
|
51
|
+
if module_class.use_me?
|
52
|
+
include module_class
|
53
|
+
return true
|
54
|
+
end
|
55
|
+
end
|
56
|
+
false
|
57
|
+
end # mixin_resource?
|
58
|
+
end # Lockdown
|
59
|
+
|
60
|
+
require File.join(File.dirname(__FILE__), "lockdown", "session")
|
61
|
+
require File.join(File.dirname(__FILE__), "lockdown", "context")
|
62
|
+
require File.join(File.dirname(__FILE__), "lockdown", "permission")
|
63
|
+
require File.join(File.dirname(__FILE__), "lockdown", "database")
|
64
|
+
require File.join(File.dirname(__FILE__), "lockdown", "rules")
|
65
|
+
require File.join(File.dirname(__FILE__), "lockdown", "system")
|
66
|
+
|
67
|
+
puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
|
68
|
+
|
69
|
+
Lockdown.mixin
|
70
|
+
|
@@ -0,0 +1,41 @@
|
|
1
|
+
module Lockdown
|
2
|
+
class Context
|
3
|
+
attr_accessor :name, :allowed_methods
|
4
|
+
|
5
|
+
def to_s
|
6
|
+
self.class.to_s
|
7
|
+
end
|
8
|
+
|
9
|
+
def allows?(method_name)
|
10
|
+
@allowed_methods.include?(method_name)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
class RootContext < Context
|
15
|
+
def initialize(name)
|
16
|
+
@name = name
|
17
|
+
@allowed_methods = %w(with_controller and_controller to_model)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
class ControllerContext < Context
|
22
|
+
def initialize(name)
|
23
|
+
@name = name
|
24
|
+
@allowed_methods = %w(with_controller and_controller to_model only_methods except_methods)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
class ModelContext < Context
|
29
|
+
def initialize(name)
|
30
|
+
@name = name
|
31
|
+
@allowed_methods = %w(where)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
class ModelWhereContext < Context
|
36
|
+
def initialize(name)
|
37
|
+
@name = name
|
38
|
+
@allowed_methods = %w(is_in includes equals)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,105 @@
|
|
1
|
+
module Lockdown
|
2
|
+
class Database
|
3
|
+
class << self
|
4
|
+
# This is very basic and could be handled better using orm specific
|
5
|
+
# functionality, but I wanted to keep it generic to avoid creating
|
6
|
+
# an interface for each the different orm implementations.
|
7
|
+
# We'll see how it works...
|
8
|
+
def sync_with_db
|
9
|
+
|
10
|
+
@permissions = Lockdown::System.get_permissions
|
11
|
+
@user_groups = Lockdown::System.get_user_groups
|
12
|
+
|
13
|
+
create_new_permissions
|
14
|
+
|
15
|
+
delete_extinct_permissions
|
16
|
+
|
17
|
+
maintain_user_groups
|
18
|
+
rescue Exception => e
|
19
|
+
puts ">> Lockdown sync failed: #{e}"
|
20
|
+
end
|
21
|
+
|
22
|
+
# Create permissions not found in the database
|
23
|
+
def create_new_permissions
|
24
|
+
@permissions.each do |key|
|
25
|
+
next if Lockdown::System.permission_assigned_automatically?(key)
|
26
|
+
str = Lockdown.get_string(key)
|
27
|
+
p = ::Permission.find(:first, :conditions => ["name = ?", str])
|
28
|
+
unless p
|
29
|
+
puts ">> Lockdown: Permission not found in db: #{str}, creating."
|
30
|
+
::Permission.create(:name => str)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# Delete the permissions not found in init.rb
|
36
|
+
def delete_extinct_permissions
|
37
|
+
db_perms = ::Permission.find(:all).dup
|
38
|
+
db_perms.each do |dbp|
|
39
|
+
unless @permissions.include?(Lockdown.get_symbol(dbp.name))
|
40
|
+
puts ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
|
41
|
+
Lockdown.database_execute("delete from permissions_user_groups where permission_id = #{dbp.id}")
|
42
|
+
dbp.destroy
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def maintain_user_groups
|
48
|
+
# Create user groups not found in the database
|
49
|
+
@user_groups.each do |key|
|
50
|
+
str = Lockdown.get_string(key)
|
51
|
+
unless ug = ::UserGroup.find(:first, :conditions => ["name = ?", str])
|
52
|
+
create_user_group(str, key)
|
53
|
+
else
|
54
|
+
# Remove permissions from user group not found in init.rb
|
55
|
+
remove_invalid_permissions(ug, key)
|
56
|
+
|
57
|
+
# Add in permissions from init.rb not found in database
|
58
|
+
add_valid_permissions(ug, key)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def create_user_group(name_str, key)
|
64
|
+
puts ">> Lockdown: UserGroup not in the db: #{name_str}, creating."
|
65
|
+
ug = ::UserGroup.create(:name => name_str)
|
66
|
+
#Inefficient, definitely, but shouldn't have any issues across orms.
|
67
|
+
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
68
|
+
p = ::Permission.find(:first, :conditions => ["name = ?",
|
69
|
+
Lockdown.get_string(perm)])
|
70
|
+
|
71
|
+
Lockdown.database_execute "insert into permissions_user_groups(permission_id, user_group_id) values(#{p.id}, #{ug.id})"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
def remove_invalid_permissions(ug, key)
|
76
|
+
ug.permissions.each do |perm|
|
77
|
+
perm_sym = Lockdown.get_symbol(perm)
|
78
|
+
perm_string = Lockdown.get_string(perm)
|
79
|
+
unless Lockdown::System.permissions_for_user_group(key).include?(perm_sym)
|
80
|
+
puts ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
|
81
|
+
ug.permissions.delete(perm)
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
def add_valid_permissions(ug, key)
|
87
|
+
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
88
|
+
perm_string = Lockdown.get_string(perm)
|
89
|
+
found = false
|
90
|
+
# see if permission exists
|
91
|
+
ug.permissions.each do |p|
|
92
|
+
found = true if Lockdown.get_string(p) == perm_string
|
93
|
+
end
|
94
|
+
# if not found, add it
|
95
|
+
unless found
|
96
|
+
puts ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
|
97
|
+
p = ::Permission.find(:first, :conditions => ["name = ?", perm_string])
|
98
|
+
ug.permissions << p
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
end # class block
|
104
|
+
end # Database
|
105
|
+
end #Lockdown
|