brick_layer 0.9.6 → 0.10.0

data/README.rdoc

@@ -282,13 +282,19 @@ You can access this data at:
 AND OF COURSE in JSON!
     http://<host>:<port>/brick_layer/your-route-here.json
 
-== User Authentication
+== Authentication for Admin Access
 
-By default user authentication is not enabled so that you can get rolling quickly. However if you want to set basic http authentication for a user you can add some security when creating, updating, and removing routes, data_sets, and page_data_sets by setting a variable in your initializer file.
+By default there isn't an administrator set in Brick Layer. Once you create 1 the brick layer admin will automatically lock and you will be able to login using the correct username and password.
 
-  BrickLayer.basic_auth_users = { :user => "my_user_1", :password => "your_password" }
+== Authentication of Content with Token
 
-Now you will be required to enter a user and password when creating, updating, or removing specific data.
+By default all requests for endpoints using the json format on "index"(list) and "show" actions will be exposed. 
+
+However, if you set a token in your "initializers/bricklayer_init.rb" file or similar to:
+  
+  Bricklayer.token = "your-token-here"
+
+It will force require any access to the brick layer data to have the header "X-AUTH-TOKEN" set in the request for the data to match that token.
 
 == Search
 

data/app/controllers/brick_layer/administrators_controller.rb

@@ -0,0 +1,46 @@
+class BrickLayer::AdministratorsController < BrickLayer::BaseController
+  before_filter :find_admin, :except => [:index, :new, :create]
+
+  respond_to :html
+    
+  def index
+    @administrators = BrickLayer::Administrator.all
+  end
+  
+  def new
+    @administrator = BrickLayer::Administrator.new
+  end
+    
+  def create
+    @administrator = BrickLayer::Administrator.new(params[:administrator])
+
+    if @administrator.save
+      flash[:success] = "You Created a New Administrator!"
+      redirect_to administrators_path
+    else
+      render "new"
+    end
+  end
+  
+  def update
+    if @administrator.update_attributes(params[:administrator])
+      flash[:success] = "Administrator Updated!"
+      redirect_to administrators_path
+    else
+      render "edit"
+    end
+  end
+  
+  def destroy
+    @administrator.destroy
+    flash[:success] = "Administrator Removed!"
+    redirect_to administrators_path
+  end
+
+  private
+
+  def find_admin
+    @administrator = BrickLayer::Administrator.find(params[:id])
+  end
+
+end

data/app/controllers/brick_layer/base_controller.rb

@@ -0,0 +1,32 @@
+class BrickLayer::BaseController < ApplicationController
+  layout 'brick_layer/layouts/brick_layer_layout'
+  before_filter :authenticate
+
+  def authenticate
+    request.format.html? ? authenticate_with_session : filter_public_responses
+  end
+
+  private
+
+  def authenticate_with_session
+    if !BrickLayer::Administrator.all.blank?
+      redirect_to login_path unless current_administrator
+    end
+  end
+
+  def authenticate_with_token
+    if !BrickLayer.token.blank?
+      if BrickLayer.token != request.headers["HTTP_X_AUTH_TOKEN"]
+        render :nothing => true, :status => 401
+      end
+    end
+  end
+
+  def filter_public_responses
+    authenticate_with_token
+
+    unless %w{ index show }.include?(request.params[:action])
+      render :nothing => true, :status => 401
+    end
+  end
+end

data/app/controllers/brick_layer/data_sets_controller.rb

@@ -1,4 +1,4 @@
-class BrickLayer::DataSetsController < BrickLayer::AdminController
+class BrickLayer::DataSetsController < BrickLayer::BaseController
   before_filter :set_model_constant
   before_filter :get_data_sets, :only   => [:index, :list]
   before_filter :get_data_set,  :only   => [:show, :edit, :update, :destroy]

data/app/controllers/brick_layer/manager_controller.rb

@@ -1,7 +1,7 @@
-class BrickLayer::ManagerController < BrickLayer::AdminController
+class BrickLayer::ManagerController < BrickLayer::BaseController
   def index
   end
-  
+
   def data_set_list
   end
 end

data/app/controllers/brick_layer/routes_controller.rb

@@ -1,4 +1,4 @@
-class BrickLayer::RoutesController < BrickLayer::AdminController
+class BrickLayer::RoutesController < BrickLayer::BaseController
   before_filter :find_route, :except => [:index, :new, :create, :show]
   
   respond_to :html

data/app/controllers/brick_layer/sessions_controller.rb

@@ -0,0 +1,23 @@
+class BrickLayer::SessionsController < ApplicationController
+  layout 'brick_layer/layouts/session_layout'
+
+  def new
+  end
+
+  def create
+    admin = BrickLayer::Administrator.authenticate(params[:username], params[:password])
+
+    if admin
+      session[:administrator_id] = admin.id  
+      redirect_to root_url, :notice => "Logged in!"  
+    else  
+      flash.now.alert = "Invalid username or password"  
+      render "new"  
+    end
+  end
+
+  def destroy
+    session[:administrator_id] = nil  
+    redirect_to root_url, :notice => "Logged out!"
+  end
+end

data/app/models/brick_layer/administrator.rb

@@ -0,0 +1,19 @@
+class BrickLayer::Administrator
+  include Mongoid::Document
+  include ActiveModel::SecurePassword
+
+  field :full_name,         type: String
+  field :username,          type: String
+  field :email,             type: String
+  field :password_digest,   type: String
+
+  has_secure_password
+
+  attr_accessible :full_name, :email, :username, :password, :password_confirmation
+  
+  validates :username, :presence => true, :uniqueness => true
+
+  def self.authenticate(username, password)
+    where(:username => username).try(:first).try(:authenticate, password)
+  end
+end

data/app/views/brick_layer/administrators/_form.html.haml

@@ -0,0 +1,5 @@
+= f.input :username
+= f.input :full_name
+= f.input :email
+= f.input :password
+= f.input :password_confirmation

data/app/views/brick_layer/administrators/edit.html.haml

@@ -0,0 +1,7 @@
+%h1 Edit Administrator
+
+= simple_form_for @administrator, :as => :administrator, :url => administrator_path(@administrator) do |f|
+  = render :partial => "form", :locals => { :f => f }
+  = f.button :submit, "Update"
+   | 
+  = link_to "Delete", administrator_path(@administrator), :method => :delete, :confirm => "You sure you want to remove this admin?"

data/app/views/brick_layer/administrators/index.html.haml

@@ -0,0 +1,21 @@
+%h1 Administrators
+
+%p= link_to "Add Administrator", new_administrator_path
+
+- if @administrators.blank?
+  %p== Currently there are not any administrators in the system
+- else
+  %table
+    %thead
+      %tr
+        %th Name
+        %th Username
+        %th Email
+        %th Actions
+    %tbody
+      - for admin in @administrators do
+        %tr
+          %td= admin.full_name
+          %td= admin.username
+          %td= admin.email
+          %td= link_to "Edit", edit_administrator_path(admin)

data/app/views/brick_layer/administrators/new.html.haml

@@ -0,0 +1,5 @@
+%h1 New Administrator
+
+= simple_form_for @administrator, :as => :administrator, :url => administrators_path do |f|
+  = render :partial => "form", :locals => { :f => f }
+  = f.button :submit, "Create"

data/app/views/brick_layer/layouts/brick_layer_layout.html.haml

@@ -2,18 +2,27 @@
 %head
   %title Site Manager
   = stylesheet_link_tag "application"
-  = javascript_include_tag "tiny_mce/tiny_mce"
+  = javascript_include_tag "application", "tiny_mce/tiny_mce"
   = csrf_meta_tags
 
 %body#brick-layer
   %nav
     %ul
+      %li= link_to "Administrators", administrators_path
       - if BrickLayer.enable_pages
         %li= link_to "Pages", routes_path
       
       - unless BrickLayer.data_sets_standalones.blank?
         %li= link_to "Custom Data Sets", list_data_sets_path
 
+      - if current_administrator
+        %li= link_to "Logout", logout_path
+      - else
+        %br
+        %br
+        Please create at least 1 administrator to enable authentication.
+        %br
+
   %br.clear
   - if yield(:subnavigation).blank? || BrickLayer.data_sets_standalones.blank?
     #content= yield

data/app/views/brick_layer/layouts/session_layout.html.haml

@@ -0,0 +1,9 @@
+!!! 5
+%head
+  %title Brick Layer
+  = stylesheet_link_tag "application"
+  = javascript_include_tag "application"
+  = csrf_meta_tags
+
+%body#brick-layer
+  = yield

data/app/views/brick_layer/manager/index.html.haml

@@ -1 +1 @@
-%h1 Welcome to Brick Layer!
+%h1 Welcome To Brick Layer!

data/app/views/brick_layer/sessions/new.html.haml

@@ -0,0 +1,15 @@
+%br
+%h1 Login
+
+= form_tag sessions_path do
+  %p
+    = label_tag "Username"
+    %br
+    = text_field_tag :username
+
+  %p
+    = label_tag "Password"
+    %br
+    = password_field_tag :password
+  
+  = submit_tag "Log In"

data/config/routes.rb

@@ -16,13 +16,18 @@ Rails.application.routes.draw do
     match "/data-sets" => "manager#data_set_list", :via => :get,   :as  => "list_data_sets"
     
     resources :routes
+    resources :sessions, :only => [:new, :create, :destroy]
+    resources :administrators, :except => [:show]
     
     scope "/pages" do
-      root           :to => "routes#show"
+      root  :to => "routes#show"
       match "root",  :to => "routes#show"
       match "*path", :to => "routes#show", :as => "display_page"
     end
     
+    match "/login",  :to => "sessions#new",     :as => :login
+    match "/logout", :to => "sessions#destroy", :as => :logout
+
     root :to => "manager#index"
   end
 end

data/lib/brick_layer/engine.rb

@@ -5,7 +5,7 @@ module BrickLayer
         config.app_root = Rails.root
         config.enable_pages ||= false
         config.data_sets_standalones ||= []
-        config.basic_auth_user ||= {}
+        config.token ||= ""
       end
     end    
   end

data/lib/brick_layer.rb

@@ -17,7 +17,7 @@ require "brick_layer/extensions"
 require "brick_layer/serve_grid_fs_file"
 
 module BrickLayer
-  mattr_accessor :app_root, :enable_pages, :data_sets_standalones, :basic_auth_user
+  mattr_accessor :app_root, :enable_pages, :data_sets_standalones, :token
   
   def self.setup
     Mongoid.config.preload_models = true

data/lib/version.rb

@@ -1,3 +1,3 @@
 module BrickLayer
-  VERSION = "0.9.6"
+  VERSION = "0.10.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: brick_layer
 version: !ruby/object:Gem::Version
-  version: 0.9.6
+  version: 0.10.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-23 00:00:00.000000000 Z
+date: 2012-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bson_ext
-  requirement: &70251073417000 !ruby/object:Gem::Requirement
+  requirement: &70093633843520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 1.3.1
   type: :runtime
   prerelease: false
-  version_requirements: *70251073417000
+  version_requirements: *70093633843520
 - !ruby/object:Gem::Dependency
   name: mongoid
-  requirement: &70251073416520 !ruby/object:Gem::Requirement
+  requirement: &70093633843040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: 2.1.2
   type: :runtime
   prerelease: false
-  version_requirements: *70251073416520
+  version_requirements: *70093633843040
 - !ruby/object:Gem::Dependency
   name: haml
-  requirement: &70251073416040 !ruby/object:Gem::Requirement
+  requirement: &70093633842560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -43,10 +43,10 @@ dependencies:
         version: 3.1.2
   type: :runtime
   prerelease: false
-  version_requirements: *70251073416040
+  version_requirements: *70093633842560
 - !ruby/object:Gem::Dependency
   name: kaminari
-  requirement: &70251073415560 !ruby/object:Gem::Requirement
+  requirement: &70093633842080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -54,10 +54,10 @@ dependencies:
         version: 0.12.4
   type: :runtime
   prerelease: false
-  version_requirements: *70251073415560
+  version_requirements: *70093633842080
 - !ruby/object:Gem::Dependency
   name: mongoid_nested_set
-  requirement: &70251073415080 !ruby/object:Gem::Requirement
+  requirement: &70093633841600 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: 0.1.2
   type: :runtime
   prerelease: false
-  version_requirements: *70251073415080
+  version_requirements: *70093633841600
 - !ruby/object:Gem::Dependency
   name: mongoid-ancestry
-  requirement: &70251073414600 !ruby/object:Gem::Requirement
+  requirement: &70093633841120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
         version: 0.2.2
   type: :runtime
   prerelease: false
-  version_requirements: *70251073414600
+  version_requirements: *70093633841120
 - !ruby/object:Gem::Dependency
   name: mongoid_fulltext
-  requirement: &70251073414120 !ruby/object:Gem::Requirement
+  requirement: &70093633840640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: 0.3.6
   type: :runtime
   prerelease: false
-  version_requirements: *70251073414120
+  version_requirements: *70093633840640
 - !ruby/object:Gem::Dependency
   name: simple_form
-  requirement: &70251073413640 !ruby/object:Gem::Requirement
+  requirement: &70093633840100 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -98,10 +98,10 @@ dependencies:
         version: 1.4.2
   type: :runtime
   prerelease: false
-  version_requirements: *70251073413640
+  version_requirements: *70093633840100
 - !ruby/object:Gem::Dependency
   name: rack-cache
-  requirement: &70251073413160 !ruby/object:Gem::Requirement
+  requirement: &70093633839120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,10 +109,10 @@ dependencies:
         version: 1.0.3
   type: :runtime
   prerelease: false
-  version_requirements: *70251073413160
+  version_requirements: *70093633839120
 - !ruby/object:Gem::Dependency
   name: dragonfly
-  requirement: &70251073412680 !ruby/object:Gem::Requirement
+  requirement: &70093633838340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -120,10 +120,10 @@ dependencies:
         version: 0.9.5
   type: :runtime
   prerelease: false
-  version_requirements: *70251073412680
+  version_requirements: *70093633838340
 - !ruby/object:Gem::Dependency
   name: carrierwave
-  requirement: &70251073412200 !ruby/object:Gem::Requirement
+  requirement: &70093633837820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -131,10 +131,21 @@ dependencies:
         version: 0.5.4
   type: :runtime
   prerelease: false
-  version_requirements: *70251073412200
+  version_requirements: *70093633837820
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  requirement: &70093633837300 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: *70093633837300
 - !ruby/object:Gem::Dependency
   name: turn
-  requirement: &70251073428200 !ruby/object:Gem::Requirement
+  requirement: &70093633836880 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -142,10 +153,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073428200
+  version_requirements: *70093633836880
 - !ruby/object:Gem::Dependency
   name: ruby-debug19
-  requirement: &70251073427740 !ruby/object:Gem::Requirement
+  requirement: &70093633836360 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -153,10 +164,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073427740
+  version_requirements: *70093633836360
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70251073427220 !ruby/object:Gem::Requirement
+  requirement: &70093633835820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -164,10 +175,10 @@ dependencies:
         version: '2.4'
   type: :development
   prerelease: false
-  version_requirements: *70251073427220
+  version_requirements: *70093633835820
 - !ruby/object:Gem::Dependency
   name: autotest
-  requirement: &70251073426800 !ruby/object:Gem::Requirement
+  requirement: &70093633835380 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -175,10 +186,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073426800
+  version_requirements: *70093633835380
 - !ruby/object:Gem::Dependency
   name: webrat
-  requirement: &70251073426340 !ruby/object:Gem::Requirement
+  requirement: &70093633834920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -186,10 +197,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073426340
+  version_requirements: *70093633834920
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70251073425920 !ruby/object:Gem::Requirement
+  requirement: &70093633834440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -197,10 +208,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073425920
+  version_requirements: *70093633834440
 - !ruby/object:Gem::Dependency
   name: shoulda
-  requirement: &70251073425500 !ruby/object:Gem::Requirement
+  requirement: &70093633833560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -208,10 +219,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073425500
+  version_requirements: *70093633833560
 - !ruby/object:Gem::Dependency
   name: hirb
-  requirement: &70251073425080 !ruby/object:Gem::Requirement
+  requirement: &70093633832720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -219,10 +230,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073425080
+  version_requirements: *70093633832720
 - !ruby/object:Gem::Dependency
   name: wirble
-  requirement: &70251073424660 !ruby/object:Gem::Requirement
+  requirement: &70093633832100 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -230,10 +241,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073424660
+  version_requirements: *70093633832100
 - !ruby/object:Gem::Dependency
   name: looksee
-  requirement: &70251073424240 !ruby/object:Gem::Requirement
+  requirement: &70093633831520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -241,7 +252,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70251073424240
+  version_requirements: *70093633831520
 description: Content Management and Endpoint Rails Service Engine
 email: 
 executables: []
@@ -517,18 +528,25 @@ files:
 - app/assets/stylesheets/default_table.css.scss
 - app/assets/stylesheets/default_typography.css.scss
 - app/assets/stylesheets/reset.css
-- app/controllers/brick_layer/admin_controller.rb
+- app/controllers/brick_layer/administrators_controller.rb
+- app/controllers/brick_layer/base_controller.rb
 - app/controllers/brick_layer/data_sets_controller.rb
 - app/controllers/brick_layer/manager_controller.rb
 - app/controllers/brick_layer/routes_controller.rb
+- app/controllers/brick_layer/sessions_controller.rb
 - app/helpers/brick_layer/data_set_helper.rb
 - app/helpers/brick_layer/layout_helper.rb
 - app/helpers/brick_layer/site_helper.rb
 - app/helpers/brick_layer/view_helper.rb
+- app/models/brick_layer/administrator.rb
 - app/models/brick_layer/data_set.rb
 - app/models/brick_layer/file_uploader.rb
 - app/models/brick_layer/route.rb
 - app/models/brick_layer/search.rb
+- app/views/brick_layer/administrators/_form.html.haml
+- app/views/brick_layer/administrators/edit.html.haml
+- app/views/brick_layer/administrators/index.html.haml
+- app/views/brick_layer/administrators/new.html.haml
 - app/views/brick_layer/data_sets/_form.html.haml
 - app/views/brick_layer/data_sets/edit.html.haml
 - app/views/brick_layer/data_sets/index.html.haml
@@ -536,6 +554,7 @@ files:
 - app/views/brick_layer/data_sets/search.html.haml
 - app/views/brick_layer/data_sets/show.html.haml
 - app/views/brick_layer/layouts/brick_layer_layout.html.haml
+- app/views/brick_layer/layouts/session_layout.html.haml
 - app/views/brick_layer/manager/data_set_list.html.haml
 - app/views/brick_layer/manager/index.html.haml
 - app/views/brick_layer/routes/_form.html.haml
@@ -544,6 +563,7 @@ files:
 - app/views/brick_layer/routes/index.html.haml
 - app/views/brick_layer/routes/new.html.haml
 - app/views/brick_layer/routes/show.html.haml
+- app/views/brick_layer/sessions/new.html.haml
 - app/views/brick_layer/shared/_custom_data_sets_list.html.haml
 - config/initializers/brick_layer_carrierwave.rb
 - config/initializers/brick_layer_dragonfly.rb

data/app/controllers/brick_layer/admin_controller.rb

@@ -1,10 +0,0 @@
-class BrickLayer::AdminController < ApplicationController
-  layout 'brick_layer/layouts/brick_layer_layout'
-
-  name = BrickLayer.basic_auth_user[:user] || BrickLayer.basic_auth_user["user"]
-  password = BrickLayer.basic_auth_user[:password] || BrickLayer.basic_auth_user["password"]
-
-  if !name.blank? || !password.blank?
-    http_basic_authenticate_with :name => name, :password => password, :except => [:index, :show]
-  end
-end